Here is all the reports except the Ewido log. It accidently got deleted. Ewido found 13 items and deleted them. After scanning with HJT two of hte items I was suppose to check to fix were not present. They are 02-BHO: ATLDistrib Object..... and 04-HKLM\..\Run: [Spyaxe].... After running panda scan I was told there were still 20 or so malicious items. Thankyou for your help.
Incident Status Location
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MyWay
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee
allen@ath.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@belnk[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee
allen@dist.belnk[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@entrepreneur[2].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@gammae[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@go[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@toplist[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@winfixer[2].txt
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5106bd0c-5f1957d0.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5106bd0c-5f1957d0.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5106bd0c-5f1957d0.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5106bd0c-5f1957d0.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5106bd8a-7fb51798.zip[BlackBox.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5106bd8a-7fb51798.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5106bd8a-7fb51798.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5106bd8a-7fb51798.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-6baf99bc-3746f874.zip[Dummy.class]
Virus:Trj/ClassLoader.W Not disinfected C:\Documents and Settings\Jayson Lee Allen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-6baf99bc-3746f874.zip[VerifierBug.class]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee
allen@ath.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@belnk[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee
allen@dist.belnk[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@entrepreneur[2].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@gammae[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@go[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@toplist[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jayson Lee Allen\Cookies\jayson lee allen@winfixer[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jayson Lee Allen\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jayson Lee Allen\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\35661E54-01CE-40E6-B1E6-3C50B3\D23F62A3-1979-4EBA-A80D-12731B
Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\35661E54-01CE-40E6-B1E6-3C50B3\D23F62A3-1979-4EBA-A80D-12731B[mySetp.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\pmkhf.dll Logfile of HijackThis v1.99.1
Scan saved at 11:52:04 AM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jayson Lee Allen\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.planetdreamcast.com/psoworld/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://in.boobtropolis.com/cgi-bin/show ... /2124294:A
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search -
http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3255879500
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -
http://download.games.yahoo.com/games/w ... uncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/w ... der_v6.cab
O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 03/27/2006
The current time is: 12:59:30.26
Running from
C:\Documents and Settings\Jayson Lee Allen\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Killing PID 832 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
~~~ Upon reboot ~~~
wininet.old not present!
oleadm.dll not present!
oleext.dll not present!
~~~ Upon completion ~~~
wininet.old not present!
oleadm.dll not present!
oleext.dll not present!
~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~
~~~~ C:\WINDOWS\system32\wininet.dll Clean!
~~~~
VundoFix V4.2.35
Checking Java version...
Java version is 1.4.2.3
Scan started at 11:30:15 AM 3/27/2006
Listing files found while scanning....
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.tmp
C:\WINDOWS\SYSTEM32\bbeeg.bak1
C:\WINDOWS\SYSTEM32\bbeeg.bak2
C:\WINDOWS\SYSTEM32\bbeeg.tmp
C:\WINDOWS\SYSTEM32\bbeeg.ini
C:\WINDOWS\SYSTEM32\bbeeg.ini2
C:\WINDOWS\SYSTEM32\dfhkj.bak1
C:\WINDOWS\SYSTEM32\dfhkj.bak2
C:\WINDOWS\SYSTEM32\dfhkj.ini
C:\WINDOWS\SYSTEM32\jkhfd.dll
C:\WINDOWS\SYSTEM32\bbeeg.ini2
C:\WINDOWS\SYSTEM32\bbeeg.bak2
C:\WINDOWS\SYSTEM32\bbeeg.tmp
C:\WINDOWS\SYSTEM32\bbeeg.ini
C:\WINDOWS\SYSTEM32\bbeeg.ini2
Attempting to delete C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\bbeeg.tmp
C:\WINDOWS\system32\bbeeg.tmp Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\dfhkj.bak1
C:\WINDOWS\SYSTEM32\dfhkj.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\dfhkj.bak2
C:\WINDOWS\SYSTEM32\dfhkj.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\dfhkj.ini
C:\WINDOWS\SYSTEM32\dfhkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\jkhfd.dll
C:\WINDOWS\SYSTEM32\jkhfd.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V4.2.35
Checking Java version...
Java version is 1.4.2.3
Scan started at 11:50:19 AM 3/27/2006
Listing files found while scanning....
No infected files were found.