Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adservice Scanner


  • This topic is locked This topic is locked
19 replies to this topic

#1 Macgilla

Macgilla

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 10 July 2006 - 08:10 PM

Hi guys. Ive got this annoying little virus that i cant seem to get rid off, it occasionally posp up little IE windows advertising, no doubt dubious quality, anti spyware. Very annoying, especially since i haven't used IE in years due to its previous infections. Ive used Spyware doctor and searchbot s&D, and my HJT log file is below. Hope you can help. Thanks in advance

sean

Logfile of HijackThis v1.99.1
Scan saved at 02:05:17, on 11/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SSTEM3~1\iexplore.exe
C:\DOCUME~1\Owner\APPLIC~1\APPATC~1\mshta.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Documents and Settings\Owner\Desktop\New Folder\Gamehouse Games - Super SpongeBob Collapse! + Crack (Shared By Danmaninsane)\SBCollapseInstall.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Men] C:\PROGRA~1\SSTEM3~1\iexplore.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B02F494-9F57-4024-A2E9-58F1A44C4F6C}: NameServer = 195.166.128.16,195.166.128.17
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\cmd.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:10 AM

Posted 21 July 2006 - 05:21 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:

Very annoying, especially since i haven't used IE in years due to its previous infections


why do you think this is caused because of IE? You know what the cause is? You searching for cracks as I see here:

C:\Documents and Settings\Owner\Desktop\New Folder\Gamehouse Games - Super SpongeBob Collapse! + Crack (Shared By Danmaninsane)\SBCollapseInstall.exe


AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Macgilla

Macgilla
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 21 July 2006 - 04:31 PM

im doing another cleanup and ill post the hijack log. cheers for getting back to me, althoughh it seems to be worse now. After i log on, after a liitle while, the start menu becomes unusable, and desktop shortcuts no longer work. definately a new problem


Logfile of HijackThis v1.99.1
Scan saved at 22:29:21, on 21/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\SSTEM3~1\iexplore.exe
C:\DOCUME~1\Owner\APPLIC~1\APPATC~1\mshta.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Men] C:\PROGRA~1\SSTEM3~1\iexplore.exe
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\APPATC~1\mshta.exe" -vt yax
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B02F494-9F57-4024-A2E9-58F1A44C4F6C}: NameServer = 195.166.128.16,195.166.128.17
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\cmd.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:10 AM

Posted 22 July 2006 - 12:13 AM

Hello,

Please perform next in the right order..

Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
After reboot,
Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN
or anything similar with Oin in it.


If OIN not listed, download and run this uninstaller.

Reboot when done! Really important!
After reboot, post the contents of C:\vundofix.txt and a new HiJackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Macgilla

Macgilla
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 22 July 2006 - 10:13 AM

HiJack this log:

Scan saved at 16:08:51, on 22/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B02F494-9F57-4024-A2E9-58F1A44C4F6C}: NameServer = 195.166.128.16,195.166.128.17
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\cmd.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe


And the vundo stuff.....

VundoFix V5.1.4

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.7

Scan started at 15:56:06 22/07/2006

Listing files found while scanning....

C:\windows\system32\pmnlj.dll
C:\windows\system32\jlnmp.ini
C:\windows\system32\jlnmp.bak1
C:\windows\system32\jlnmp.bak2
C:\windows\system32\jlnmp.ini2
C:\windows\system32\jlnmp.tmp
C:\windows\system32\xxyvwuu.dll
C:\WINDOWS\system32\Drivers\DP.sys

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\pmnlj.dll
C:\windows\system32\pmnlj.dll Could not be deleted.

Attempting to delete C:\windows\system32\jlnmp.ini
C:\windows\system32\jlnmp.ini Has been deleted!

Attempting to delete C:\windows\system32\jlnmp.bak1
C:\windows\system32\jlnmp.bak1 Has been deleted!

Attempting to delete C:\windows\system32\jlnmp.bak2
C:\windows\system32\jlnmp.bak2 Has been deleted!

Attempting to delete C:\windows\system32\jlnmp.ini2
C:\windows\system32\jlnmp.ini2 Has been deleted!

Attempting to delete C:\windows\system32\jlnmp.tmp
C:\windows\system32\jlnmp.tmp Has been deleted!

Attempting to delete C:\windows\system32\xxyvwuu.dll
C:\windows\system32\xxyvwuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\Drivers\DP.sys
C:\WINDOWS\system32\Drivers\DP.sys Has been deleted!

Performing Repairs to the registry.
Done!

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:10 AM

Posted 22 July 2006 - 10:26 AM

Hello,

The infection is not gone yet though...

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O20 - AppInit_DLLs: C:\WINDOWS\System32\cmd.dll

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Ignore the error you'll get.
Then REBOOT!! Important!!

After reboot,

* Download Combofix to your desktop. !! It is really important that combofix.exe is on your desktop, not somewhere else or not in a folder on your desktop.

Then go to start > run and copy and paste next command in the field:

"C:\Documents and Settings\Owner\Desktop\combofix.exe" /v pmnlj

Hit enter.
This should start the combofix.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Macgilla

Macgilla
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 23 July 2006 - 09:15 AM

Combo Fix log

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\jlnmp.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\jlnmp.ini

15:10:37.46
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-23 15:09 90,240 C:\WINDOWS\system32\drivers\sptd4205.sys
2006-07-23 15:09 876 C:\WINDOWS\system32\jlnmp.ini
2006-07-23 15:08 876 C:\WINDOWS\system32\jlnmp.ini.vir
2006-07-23 15:07 <DIR> C:\Program Files\mozilla firefox
2006-07-23 15:07 <DIR> C:\Program Files\Common Files\symantec shared
2006-07-23 15:03 123 C:\Documents and Settings\Owner\Application Data\iscrobbler.ini
2006-07-23 03:15 <DIR> C:\Documents and Settings\Owner\Application Data\adobe
2006-07-22 16:05 <DIR> C:\Program Files\s?stem32 (sstem3~1)
2006-07-22 15:27 17,750 C:\WINDOWS\system32\tjtylwyo.exe
2006-07-22 03:21 17,750 C:\WINDOWS\system32\bsnsyeqc.exe
2006-07-21 02:37 17,750 C:\WINDOWS\system32\jdoryrea.exe
2006-07-19 02:53 <DIR> C:\Program Files\windows media player
2006-07-19 02:52 <DIR> C:\Program Files\outlook express
2006-07-19 02:52 <DIR> C:\Program Files\Common Files\system
2006-07-17 16:46 <DIR> C:\Documents and Settings\Owner\Application Data\azureus
2006-07-17 01:59 <DIR> C:\Program Files\azureus
2006-07-16 01:53 716 C:\WINDOWS\win.ini
2006-07-14 02:42 <DIR> C:\WINDOWS\system32\t?sks (tsks~1)
2006-07-13 03:00 <DIR> C:\Documents and Settings\Owner\Application Data\yahoo!
2006-07-13 01:27 <DIR> C:\Program Files\yahoo!
2006-07-12 17:08 56,832 C:\WINDOWS\g422985359.dll
2006-07-12 16:16 56,832 C:\WINDOWS\g419860562.dll
2006-07-12 15:54 56,832 C:\WINDOWS\g418536218.dll
2006-07-12 15:34 56,832 C:\WINDOWS\g417335343.dll
2006-07-12 15:12 56,832 C:\WINDOWS\g416012546.dll
2006-07-12 14:49 56,832 C:\WINDOWS\g414691250.dll
2006-07-12 14:27 56,832 C:\WINDOWS\g413369843.dll
2006-07-12 14:05 56,832 C:\WINDOWS\g412049609.dll
2006-07-12 13:43 56,832 C:\WINDOWS\g410728828.dll
2006-07-12 13:23 56,832 C:\WINDOWS\g409528984.dll
2006-07-12 13:01 56,832 C:\WINDOWS\g408208234.dll
2006-07-12 12:39 56,832 C:\WINDOWS\g406886500.dll
2006-07-12 12:19 56,832 C:\WINDOWS\g405685828.dll
2006-07-12 11:57 56,832 C:\WINDOWS\g404365187.dll
2006-07-12 11:35 56,832 C:\WINDOWS\g403045281.dll
2006-07-12 11:15 56,832 C:\WINDOWS\g401843546.dll
2006-07-12 10:53 56,832 C:\WINDOWS\g400523093.dll
2006-07-12 10:31 56,832 C:\WINDOWS\g399202265.dll
2006-07-12 10:09 56,832 C:\WINDOWS\g397881718.dll
2006-07-12 09:47 56,832 C:\WINDOWS\g396562187.dll
2006-07-12 09:27 56,832 C:\WINDOWS\g395355765.dll
2006-07-12 09:05 56,832 C:\WINDOWS\g394035218.dll
2006-07-12 08:43 56,832 C:\WINDOWS\g392714765.dll
2006-07-12 08:21 56,832 C:\WINDOWS\g391393671.dll
2006-07-12 07:59 56,832 C:\WINDOWS\g390073031.dll
2006-07-12 07:37 56,832 C:\WINDOWS\g388752640.dll
2006-07-12 07:17 56,832 C:\WINDOWS\g387551171.dll
2006-07-12 06:55 56,832 C:\WINDOWS\g386230640.dll
2006-07-12 06:33 56,832 C:\WINDOWS\g384910250.dll
2006-07-12 06:11 56,832 C:\WINDOWS\g383589593.dll
2006-07-12 05:49 56,832 C:\WINDOWS\g382269234.dll
2006-07-12 05:29 56,832 C:\WINDOWS\g381066921.dll
2006-07-12 05:07 56,832 C:\WINDOWS\g379746453.dll
2006-07-12 04:47 56,832 C:\WINDOWS\g378547031.dll
2006-07-12 04:25 56,832 C:\WINDOWS\g377225390.dll
2006-07-12 04:03 56,832 C:\WINDOWS\g375904968.dll
2006-07-12 03:41 56,832 C:\WINDOWS\g374584578.dll
2006-07-12 03:21 56,832 C:\WINDOWS\g373383953.dll
2006-07-12 02:59 56,832 C:\WINDOWS\g372063187.dll
2006-07-12 02:37 56,832 C:\WINDOWS\g370742484.dll
2006-07-12 02:15 56,832 C:\WINDOWS\g369422000.dll
2006-07-12 01:53 56,832 C:\WINDOWS\g368101562.dll
2006-07-12 01:33 56,832 C:\WINDOWS\g366900234.dll
2006-07-12 01:11 56,832 C:\WINDOWS\g365579828.dll
2006-07-12 00:49 56,832 C:\WINDOWS\g364259500.dll
2006-07-12 00:27 56,832 C:\WINDOWS\g362938406.dll
2006-07-12 00:05 56,832 C:\WINDOWS\g361617734.dll
2006-07-11 23:43 56,832 C:\WINDOWS\g360297296.dll
2006-07-11 23:23 56,832 C:\WINDOWS\g359095937.dll
2006-07-11 23:01 56,832 C:\WINDOWS\g357775953.dll
2006-07-11 22:39 56,832 C:\WINDOWS\g356455062.dll
2006-07-11 22:19 56,832 C:\WINDOWS\g355254265.dll
2006-07-11 21:57 56,832 C:\WINDOWS\g353933890.dll
2006-07-11 21:35 56,832 C:\WINDOWS\g352613093.dll
2006-07-11 17:45 56,832 C:\WINDOWS\g338810500.dll
2006-07-11 17:23 56,832 C:\WINDOWS\g337490406.dll
2006-07-11 17:01 56,832 C:\WINDOWS\g336168609.dll
2006-07-11 16:41 56,832 C:\WINDOWS\g334967000.dll
2006-07-11 16:19 56,832 C:\WINDOWS\g333647437.dll
2006-07-11 15:57 56,832 C:\WINDOWS\g332325265.dll
2006-07-11 15:35 56,832 C:\WINDOWS\g331005265.dll
2006-07-11 15:13 56,832 C:\WINDOWS\g329684468.dll
2006-07-11 14:53 56,832 C:\WINDOWS\g328483562.dll
2006-07-11 14:31 56,832 C:\WINDOWS\g327162796.dll
2006-07-11 14:09 56,832 C:\WINDOWS\g325841515.dll
2006-07-11 13:47 56,832 C:\WINDOWS\g324520625.dll
2006-07-11 13:25 56,832 C:\WINDOWS\g323200484.dll
2006-07-11 13:03 56,832 C:\WINDOWS\g321879671.dll
2006-07-11 06:07 56,832 C:\WINDOWS\g296917609.dll
2006-07-11 05:47 56,832 C:\WINDOWS\g295712000.dll
2006-07-11 05:23 56,832 C:\WINDOWS\g294275937.dll
2006-07-11 05:16 <DIR> C:\Program Files\msn messenger
2006-07-11 05:15 <DIR> C:\Program Files\Common Files\microsoft shared
2006-07-11 05:00 56,832 C:\WINDOWS\g292950046.dll
2006-07-11 04:38 56,832 C:\WINDOWS\g291629015.dll
2006-07-11 04:16 56,832 C:\WINDOWS\g290309046.dll
2006-07-11 03:54 56,832 C:\WINDOWS\g288989140.dll
2006-07-11 03:34 56,832 C:\WINDOWS\g287786718.dll
2006-07-11 03:12 56,832 C:\WINDOWS\g286466203.dll
2006-07-11 02:50 56,832 C:\WINDOWS\g285147156.dll
2006-07-11 02:28 56,832 C:\WINDOWS\g283827171.dll
2006-07-11 02:08 56,832 C:\WINDOWS\g282627593.dll
2006-07-11 01:51 <DIR> C:\Program Files\spybot - search & destroy
2006-07-11 01:49 56,832 C:\WINDOWS\g281439578.dll
2006-07-11 01:28 56,832 C:\WINDOWS\g280222500.dll
2006-07-11 01:08 56,832 C:\WINDOWS\g279012156.dll
2006-07-10 20:46 56,832 C:\WINDOWS\g263289375.dll
2006-07-10 20:24 56,832 C:\WINDOWS\g261969703.dll
2006-07-10 20:02 56,832 C:\WINDOWS\g260649187.dll
2006-07-10 19:40 56,832 C:\WINDOWS\g259328328.dll
2006-07-10 19:18 56,832 C:\WINDOWS\g258008531.dll
2006-07-10 18:56 56,832 C:\WINDOWS\g256686968.dll
2006-07-10 06:34 56,832 C:\WINDOWS\g212165296.dll
2006-07-10 06:14 56,832 C:\WINDOWS\g210964656.dll
2006-07-10 05:54 56,832 C:\WINDOWS\g209760921.dll
2006-07-10 05:32 56,832 C:\WINDOWS\g208439187.dll
2006-07-10 05:12 56,832 C:\WINDOWS\g207238312.dll
2006-07-10 04:50 56,832 C:\WINDOWS\g205918093.dll
2006-07-10 04:28 56,832 C:\WINDOWS\g204597640.dll
2006-07-10 04:06 56,832 C:\WINDOWS\g203277078.dll
2006-07-10 03:44 56,832 C:\WINDOWS\g201956078.dll
2006-07-10 03:24 56,832 C:\WINDOWS\g200755156.dll
2006-07-10 03:02 56,832 C:\WINDOWS\g199434718.dll
2006-07-10 02:40 56,832 C:\WINDOWS\g198114031.dll
2006-07-10 02:18 56,832 C:\WINDOWS\g196793484.dll
2006-07-10 01:56 56,832 C:\WINDOWS\g195473078.dll
2006-07-10 01:34 56,832 C:\WINDOWS\g194152734.dll
2006-07-10 01:14 56,832 C:\WINDOWS\g192950890.dll
2006-07-10 00:52 56,832 C:\WINDOWS\g191630671.dll
2006-07-10 00:30 56,832 C:\WINDOWS\g190310062.dll
2006-07-10 00:08 56,832 C:\WINDOWS\g188990203.dll
2006-07-09 23:46 56,832 C:\WINDOWS\g187668843.dll
2006-07-09 23:26 56,832 C:\WINDOWS\g186467921.dll
2006-07-09 23:04 56,832 C:\WINDOWS\g185147328.dll
2006-07-09 22:42 56,832 C:\WINDOWS\g183827125.dll
2006-07-09 22:20 56,832 C:\WINDOWS\g182506703.dll
2006-07-09 21:58 56,832 C:\WINDOWS\g181185984.dll
2006-07-09 21:36 56,832 C:\WINDOWS\g179865390.dll
2006-07-09 21:16 56,832 C:\WINDOWS\g178664546.dll
2006-07-09 20:56 56,832 C:\WINDOWS\g177463812.dll
2006-07-09 20:34 56,832 C:\WINDOWS\g176143312.dll
2006-07-09 20:12 56,832 C:\WINDOWS\g174823906.dll
2006-07-09 18:14 56,832 C:\WINDOWS\g167729843.dll
2006-07-09 17:52 56,832 C:\WINDOWS\g166409453.dll
2006-07-09 17:30 56,832 C:\WINDOWS\g165088765.dll
2006-07-09 16:50 56,832 C:\WINDOWS\g162687703.dll
2006-07-09 16:34 56,832 C:\WINDOWS\g161726265.dll
2006-07-09 16:12 56,832 C:\WINDOWS\g160401421.dll
2006-07-09 15:49 56,832 C:\WINDOWS\g159081015.dll
2006-07-09 15:29 56,832 C:\WINDOWS\g157880265.dll
2006-07-09 15:08 56,832 C:\WINDOWS\g156559453.dll
2006-07-09 14:46 56,832 C:\WINDOWS\g155244515.dll
2006-07-09 14:23 56,832 C:\WINDOWS\g153918671.dll
2006-07-09 14:02 56,832 C:\WINDOWS\g152597515.dll
2006-07-09 13:39 56,832 C:\WINDOWS\g151277171.dll
2006-07-09 07:21 56,832 C:\WINDOWS\g128595031.dll
2006-07-09 04:03 56,832 C:\WINDOWS\g116713421.dll
2006-07-08 21:11 56,832 C:\WINDOWS\g91990031.dll
2006-07-08 20:49 56,832 C:\WINDOWS\g90669281.dll
2006-07-08 20:27 56,832 C:\WINDOWS\g89348703.dll
2006-07-08 20:05 56,832 C:\WINDOWS\g88028046.dll
2006-07-08 19:45 56,832 C:\WINDOWS\g86827281.dll
2006-07-08 18:02 <DIR> C:\Program Files\gamehouse
2006-07-08 16:23 56,832 C:\WINDOWS\g74701531.dll
2006-07-08 15:57 56,832 C:\WINDOWS\g73140937.dll
2006-07-08 15:39 56,832 C:\WINDOWS\g72057921.dll
2006-07-08 15:17 56,832 C:\WINDOWS\g70737156.dll
2006-07-08 14:55 56,832 C:\WINDOWS\g69416281.dll
2006-07-08 14:33 56,832 C:\WINDOWS\g68095875.dll
2006-07-08 14:11 56,832 C:\WINDOWS\g66775062.dll
2006-07-08 13:49 56,832 C:\WINDOWS\g65454734.dll
2006-07-08 13:27 56,832 C:\WINDOWS\g64134312.dll
2006-07-08 13:07 56,832 C:\WINDOWS\g62929093.dll
2006-07-08 12:45 56,832 C:\WINDOWS\g61608812.dll
2006-07-08 12:23 56,832 C:\WINDOWS\g60288546.dll
2006-07-08 12:01 56,832 C:\WINDOWS\g58966328.dll
2006-07-08 11:39 56,832 C:\WINDOWS\g57647000.dll
2006-07-08 11:17 56,832 C:\WINDOWS\g56321562.dll
2006-07-08 10:57 56,832 C:\WINDOWS\g55113328.dll
2006-07-08 10:35 56,832 C:\WINDOWS\g53797656.dll
2006-07-08 10:13 56,832 C:\WINDOWS\g52475140.dll
2006-07-08 09:51 56,832 C:\WINDOWS\g51143625.dll
2006-07-08 09:29 56,832 C:\WINDOWS\g49816625.dll
2006-07-08 09:09 56,832 C:\WINDOWS\g48597265.dll
2006-07-08 08:49 56,832 C:\WINDOWS\g47392015.dll
2006-07-08 08:26 56,832 C:\WINDOWS\g46063015.dll
2006-07-08 08:04 56,832 C:\WINDOWS\g44736921.dll
2006-07-08 07:42 56,832 C:\WINDOWS\g43410953.dll
2006-07-08 07:20 56,832 C:\WINDOWS\g42083281.dll
2006-07-08 07:00 56,832 C:\WINDOWS\g40868562.dll
2006-07-08 06:38 56,832 C:\WINDOWS\g39541578.dll
2006-07-08 06:15 56,832 C:\WINDOWS\g38218468.dll
2006-07-08 05:53 56,832 C:\WINDOWS\g36890343.dll
2006-07-08 05:31 56,832 C:\WINDOWS\g35563343.dll
2006-07-07 22:00 56,832 C:\WINDOWS\g8538812.dll
2006-07-07 21:38 56,832 C:\WINDOWS\g7217546.dll
2006-07-07 21:16 56,832 C:\WINDOWS\g5897078.dll
2006-07-07 20:54 56,832 C:\WINDOWS\g4576359.dll
2006-07-07 20:34 56,832 C:\WINDOWS\g3375640.dll
2006-07-07 20:32 56,832 C:\WINDOWS\g3255593.dll
2006-07-07 19:59 56,832 C:\WINDOWS\g1228453.dll
2006-07-07 19:47 56,832 C:\WINDOWS\g510359.dll
2006-07-07 19:46 <DIR> C:\Program Files\spyware doctor
2006-07-07 19:46 <DIR> C:\Program Files\pcast
2006-07-07 19:25 56,832 C:\WINDOWS\g3178187.dll
2006-07-07 19:19 <DIR> C:\Documents and Settings\Owner\Application Data\lavasoft
2006-07-07 19:05 56,832 C:\WINDOWS\g1974968.dll
2006-07-07 18:26 <DIR> C:\Documents and Settings\Owner\Application Data\pc tools
2006-07-07 18:15 56,832 C:\WINDOWS\g193810000.dll
2006-07-07 17:53 56,832 C:\WINDOWS\g192486703.dll
2006-07-07 15:19 56,832 C:\WINDOWS\g183243078.dll
2006-07-07 14:57 56,832 C:\WINDOWS\g181922531.dll
2006-07-07 14:37 56,832 C:\WINDOWS\g180718390.dll
2006-07-07 14:12 127 C:\WINDOWS\iplayer.ini
2006-07-07 14:11 56,832 C:\WINDOWS\g179157703.dll
2006-07-07 13:49 56,832 C:\WINDOWS\g177836906.dll
2006-07-07 13:27 56,832 C:\WINDOWS\g176516562.dll
2006-07-07 13:05 56,832 C:\WINDOWS\g175196218.dll
2006-07-07 12:45 56,832 C:\WINDOWS\g173994343.dll
2006-07-07 12:25 56,832 C:\WINDOWS\g172794796.dll
2006-07-07 12:03 56,832 C:\WINDOWS\g171473671.dll
2006-07-07 11:43 56,832 C:\WINDOWS\g170271093.dll
2006-07-07 11:21 56,832 C:\WINDOWS\g168950687.dll
2006-07-07 10:59 56,832 C:\WINDOWS\g167629906.dll
2006-07-07 10:39 56,832 C:\WINDOWS\g166429156.dll
2006-07-07 10:17 56,832 C:\WINDOWS\g165108421.dll
2006-07-07 09:55 56,832 C:\WINDOWS\g163787890.dll
2006-07-07 09:33 56,832 C:\WINDOWS\g162467484.dll
2006-07-07 09:11 56,832 C:\WINDOWS\g161147031.dll
2006-07-07 08:49 56,832 C:\WINDOWS\g159826562.dll
2006-07-07 08:27 56,832 C:\WINDOWS\g158505843.dll
2006-07-07 08:05 56,832 C:\WINDOWS\g157185312.dll
2006-07-07 07:43 56,832 C:\WINDOWS\g155864796.dll
2006-07-07 07:21 56,832 C:\WINDOWS\g154543968.dll
2006-07-07 06:59 56,832 C:\WINDOWS\g153223718.dll
2006-07-07 06:39 56,832 C:\WINDOWS\g152022750.dll
2006-07-07 06:17 56,832 C:\WINDOWS\g150701812.dll
2006-07-07 05:55 56,832 C:\WINDOWS\g149381421.dll
2006-07-07 05:33 56,832 C:\WINDOWS\g148061000.dll
2006-07-07 05:11 56,832 C:\WINDOWS\g146740234.dll
2006-07-07 04:49 56,832 C:\WINDOWS\g145419812.dll
2006-07-07 04:27 56,832 C:\WINDOWS\g144099187.dll
2006-07-07 04:05 56,832 C:\WINDOWS\g142778109.dll
2006-07-07 03:43 56,832 C:\WINDOWS\g141457703.dll
2006-07-07 03:21 56,832 C:\WINDOWS\g140137468.dll
2006-07-07 02:59 56,832 C:\WINDOWS\g138816484.dll
2006-07-07 02:39 56,832 C:\WINDOWS\g137615531.dll
2006-07-07 02:17 56,832 C:\WINDOWS\g136295312.dll
2006-07-07 01:27 56,832 C:\WINDOWS\g133294000.dll
2006-07-07 01:07 56,832 C:\WINDOWS\g132094593.dll
2006-07-07 00:54 <DIR> C:\Program Files\guitar pro 5
2006-07-06 21:53 56,832 C:\WINDOWS\g120451406.dll
2006-07-06 21:25 56,832 C:\WINDOWS\g118770781.dll
2006-07-06 21:05 56,832 C:\WINDOWS\g117570515.dll
2006-07-06 20:43 56,832 C:\WINDOWS\g116246656.dll
2006-07-06 20:21 56,832 C:\WINDOWS\g114926359.dll
2006-07-06 19:59 56,832 C:\WINDOWS\g113604531.dll
2006-07-06 19:37 56,832 C:\WINDOWS\g112283859.dll
2006-07-06 19:16 56,832 C:\WINDOWS\g111073015.dll
2006-07-06 18:56 56,832 C:\WINDOWS\g109870296.dll
2006-07-06 18:34 56,832 C:\WINDOWS\g108549812.dll
2006-07-06 18:12 56,832 C:\WINDOWS\g107228078.dll
2006-07-06 17:50 56,832 C:\WINDOWS\g105907859.dll
2006-07-06 17:28 56,832 C:\WINDOWS\g104584265.dll
2006-07-06 15:34 56,832 C:\WINDOWS\g97742031.dll
2006-07-06 14:26 56,832 C:\WINDOWS\g93659109.dll
2006-07-06 14:04 56,832 C:\WINDOWS\g92338281.dll
2006-07-06 13:42 56,832 C:\WINDOWS\g91017500.dll
2006-07-06 13:20 56,832 C:\WINDOWS\g89695312.dll
2006-07-06 13:00 56,832 C:\WINDOWS\g88490109.dll
2006-07-06 12:38 56,832 C:\WINDOWS\g87169359.dll
2006-07-06 12:16 56,832 C:\WINDOWS\g85848734.dll
2006-07-06 11:54 56,832 C:\WINDOWS\g84528171.dll
2006-07-06 11:32 56,832 C:\WINDOWS\g83208796.dll
2006-07-06 11:10 56,832 C:\WINDOWS\g81887156.dll
2006-07-06 00:50 56,832 C:\WINDOWS\g44685093.dll
2006-07-06 00:30 56,832 C:\WINDOWS\g43481750.dll
2006-07-06 00:08 56,832 C:\WINDOWS\g42160390.dll
2006-07-05 19:36 56,832 C:\WINDOWS\g25838640.dll
2006-07-05 19:14 56,832 C:\WINDOWS\g24517781.dll
2006-07-05 18:52 56,832 C:\WINDOWS\g23196781.dll
2006-07-05 18:30 56,832 C:\WINDOWS\g21877609.dll
2006-07-05 18:10 56,832 C:\WINDOWS\g20676203.dll
2006-07-05 17:48 56,832 C:\WINDOWS\g19355093.dll
2006-07-05 16:16 56,832 C:\WINDOWS\g13832812.dll
2006-07-05 15:54 56,832 C:\WINDOWS\g12513406.dll
2006-07-05 15:32 56,832 C:\WINDOWS\g11192015.dll
2006-07-05 14:20 56,832 C:\WINDOWS\g6867984.dll
2006-07-05 13:58 56,832 C:\WINDOWS\g5548078.dll
2006-07-05 13:36 56,832 C:\WINDOWS\g4226968.dll
2006-07-05 13:14 56,832 C:\WINDOWS\g2906500.dll
2006-07-05 12:52 56,832 C:\WINDOWS\g1586843.dll
2006-07-05 12:30 56,832 C:\WINDOWS\g265859.dll
2006-07-05 11:39 569,396 C:\WINDOWS\system32\pmnlj.dll.vir
2006-07-05 01:07 <DIR> C:\Program Files\installshield installation information
2006-07-05 01:07 <DIR> C:\Program Files\digidesign
2006-07-05 01:07 <DIR> C:\Program Files\Common Files\digidesign
2006-07-05 01:06 <DIR> C:\Program Files\common files
2006-07-05 00:57 <DIR> C:\Program Files\bejeweled 2 deluxe
2006-07-04 23:29 720,896 C:\WINDOWS\iun6002ev.exe
2006-07-04 19:28 81,920 C:\WINDOWS\system32\cmd.dll
2006-07-04 19:28 18,432 C:\WINDOWS\system32\winjte32.dll
2006-07-03 12:58 <DIR> C:\Program Files\itunes
2006-07-03 01:39 <DIR> C:\Program Files\trymedia
2006-06-27 00:57 <DIR> C:\Program Files\netmeeting
2006-06-22 00:16 <DIR> C:\Documents and Settings\Owner\Application Data\sun
2006-06-21 03:16 <DIR> C:\Program Files\limewire
2006-06-20 18:26 <DIR> C:\Documents and Settings\Owner\Application Data\adobeum
2006-06-20 17:56 <DIR> C:\Program Files\java
2006-06-20 17:52 <DIR> C:\Program Files\Common Files\java
2006-06-18 10:56 <DIR> C:\Program Files\Common Files\pace anti-piracy
2006-06-18 10:45 <DIR> C:\Program Files\winrar
2006-06-18 10:40 <DIR> C:\Program Files\protools
2006-06-17 04:30 <DIR> C:\Program Files\quicktime
2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll
2006-05-31 02:05 <DIR> C:\Documents and Settings\Owner\Application Data\macromedia
2006-05-19 13:15 83,456 C:\WINDOWS\system32\iphlpapi.dll
2006-05-19 13:15 70,656 C:\WINDOWS\system32\ws2_32.dll
2006-05-19 13:15 54,272 C:\WINDOWS\system32\ipv6mon.dll
2006-05-19 13:15 31,232 C:\WINDOWS\system32\inetmib1.dll
2006-05-19 13:15 140,288 C:\WINDOWS\system32\dnsapi.dll
2006-05-19 13:15 13,312 C:\WINDOWS\system32\wship6.dll
2006-05-19 13:15 103,936 C:\WINDOWS\system32\dhcpcsvc.dll
2006-05-19 09:51 159,232 C:\WINDOWS\system32\xpob2res.dll
2006-05-19 09:46 48,640 C:\WINDOWS\system32\ipv6.exe
2006-05-19 09:44 83,456 C:\WINDOWS\system32\netsh.exe
2006-05-14 10:13 98,304 C:\WINDOWS\system32\polstore.dll
2006-05-14 10:13 364,544 C:\WINDOWS\system32\ipsmsnap.dll
2006-05-14 10:13 334,848 C:\WINDOWS\system32\ipsecsnp.dll
2006-05-14 10:13 29,184 C:\WINDOWS\system32\winipsec.dll
2006-05-14 10:13 257,536 C:\WINDOWS\system32\oakley.dll
2006-05-14 10:13 159,744 C:\WINDOWS\system32\ipsecsvc.dll
2006-05-03 02:56 127,078 C:\WINDOWS\system32\javaws.exe
2006-05-03 01:19 53,346 C:\WINDOWS\system32\javaw.exe
2006-05-03 01:19 49,248 C:\WINDOWS\system32\java.exe


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-22 16:03 876 C:\WINDOWS\system32\jlnmp.ini.vir
2006-07-22 16:03 876 C:\WINDOWS\system32\jlnmp.ini
2006-07-22 15:27 17,750 C:\WINDOWS\system32\tjtylwyo.exe
2006-07-22 03:21 17,750 C:\WINDOWS\system32\bsnsyeqc.exe
2006-07-21 02:37 17,750 C:\WINDOWS\system32\jdoryrea.exe
2006-07-17 01:57 536,268,800 C:\hiberfil.sys
2006-07-16 02:13 991,232 C:\WINDOWS\system32\esent.dll
2006-07-12 23:40 98,324 C:\WINDOWS\system32\aafyabfb.dll
2006-07-12 17:08 56,832 C:\WINDOWS\g422985359.dll
2006-07-12 16:16 56,832 C:\WINDOWS\g419860562.dll
2006-07-12 15:54 56,832 C:\WINDOWS\g418536218.dll
2006-07-12 15:34 56,832 C:\WINDOWS\g417335343.dll
2006-07-12 15:12 56,832 C:\WINDOWS\g416012546.dll
2006-07-12 14:49 56,832 C:\WINDOWS\g414691250.dll
2006-07-12 14:27 56,832 C:\WINDOWS\g413369843.dll
2006-07-12 14:05 56,832 C:\WINDOWS\g412049609.dll
2006-07-12 13:43 56,832 C:\WINDOWS\g410728828.dll
2006-07-12 13:23 56,832 C:\WINDOWS\g409528984.dll
2006-07-12 13:01 56,832 C:\WINDOWS\g408208234.dll
2006-07-12 12:39 56,832 C:\WINDOWS\g406886500.dll
2006-07-12 12:19 56,832 C:\WINDOWS\g405685828.dll
2006-07-12 11:57 56,832 C:\WINDOWS\g404365187.dll
2006-07-12 11:35 56,832 C:\WINDOWS\g403045281.dll
2006-07-12 11:15 56,832 C:\WINDOWS\g401843546.dll
2006-07-12 10:53 56,832 C:\WINDOWS\g400523093.dll
2006-07-12 10:31 56,832 C:\WINDOWS\g399202265.dll
2006-07-12 10:09 56,832 C:\WINDOWS\g397881718.dll
2006-07-12 09:47 56,832 C:\WINDOWS\g396562187.dll
2006-07-12 09:27 56,832 C:\WINDOWS\g395355765.dll
2006-07-12 09:05 56,832 C:\WINDOWS\g394035218.dll
2006-07-12 08:43 56,832 C:\WINDOWS\g392714765.dll
2006-07-12 08:21 56,832 C:\WINDOWS\g391393671.dll
2006-07-12 07:59 56,832 C:\WINDOWS\g390073031.dll
2006-07-12 07:37 56,832 C:\WINDOWS\g388752640.dll
2006-07-12 07:17 56,832 C:\WINDOWS\g387551171.dll
2006-07-12 06:55 56,832 C:\WINDOWS\g386230640.dll
2006-07-12 06:33 56,832 C:\WINDOWS\g384910250.dll
2006-07-12 06:11 56,832 C:\WINDOWS\g383589593.dll
2006-07-12 05:49 56,832 C:\WINDOWS\g382269234.dll
2006-07-12 05:29 56,832 C:\WINDOWS\g381066921.dll
2006-07-12 05:07 56,832 C:\WINDOWS\g379746453.dll
2006-07-12 04:47 56,832 C:\WINDOWS\g378547031.dll
2006-07-12 04:25 56,832 C:\WINDOWS\g377225390.dll
2006-07-12 04:03 56,832 C:\WINDOWS\g375904968.dll
2006-07-12 03:41 56,832 C:\WINDOWS\g374584578.dll
2006-07-12 03:21 56,832 C:\WINDOWS\g373383953.dll
2006-07-12 02:59 56,832 C:\WINDOWS\g372063187.dll
2006-07-12 02:37 56,832 C:\WINDOWS\g370742484.dll
2006-07-12 02:15 56,832 C:\WINDOWS\g369422000.dll
2006-07-12 01:53 56,832 C:\WINDOWS\g368101562.dll
2006-07-12 01:33 56,832 C:\WINDOWS\g366900234.dll
2006-07-12 01:11 56,832 C:\WINDOWS\g365579828.dll
2006-07-12 00:49 56,832 C:\WINDOWS\g364259500.dll
2006-07-12 00:27 56,832 C:\WINDOWS\g362938406.dll
2006-07-12 00:05 56,832 C:\WINDOWS\g361617734.dll
2006-07-11 23:43 56,832 C:\WINDOWS\g360297296.dll
2006-07-11 23:23 56,832 C:\WINDOWS\g359095937.dll
2006-07-11 23:01 56,832 C:\WINDOWS\g357775953.dll
2006-07-11 22:39 56,832 C:\WINDOWS\g356455062.dll
2006-07-11 22:19 56,832 C:\WINDOWS\g355254265.dll
2006-07-11 21:57 56,832 C:\WINDOWS\g353933890.dll
2006-07-11 21:35 56,832 C:\WINDOWS\g352613093.dll
2006-07-11 17:45 56,832 C:\WINDOWS\g338810500.dll
2006-07-11 17:23 56,832 C:\WINDOWS\g337490406.dll
2006-07-11 17:01 56,832 C:\WINDOWS\g336168609.dll
2006-07-11 16:41 56,832 C:\WINDOWS\g334967000.dll
2006-07-11 16:19 56,832 C:\WINDOWS\g333647437.dll
2006-07-11 15:57 56,832 C:\WINDOWS\g332325265.dll
2006-07-11 15:35 56,832 C:\WINDOWS\g331005265.dll
2006-07-11 15:13 56,832 C:\WINDOWS\g329684468.dll
2006-07-11 14:53 56,832 C:\WINDOWS\g328483562.dll
2006-07-11 14:31 56,832 C:\WINDOWS\g327162796.dll
2006-07-11 14:09 56,832 C:\WINDOWS\g325841515.dll
2006-07-11 13:47 56,832 C:\WINDOWS\g324520625.dll
2006-07-11 13:25 56,832 C:\WINDOWS\g323200484.dll
2006-07-11 13:03 56,832 C:\WINDOWS\g321879671.dll
2006-07-11 06:07 56,832 C:\WINDOWS\g296917609.dll
2006-07-11 05:47 56,832 C:\WINDOWS\g295712000.dll
2006-07-11 05:23 56,832 C:\WINDOWS\g294275937.dll
2006-07-11 05:00 56,832 C:\WINDOWS\g292950046.dll
2006-07-11 04:38 56,832 C:\WINDOWS\g291629015.dll
2006-07-11 04:16 56,832 C:\WINDOWS\g290309046.dll
2006-07-11 03:54 56,832 C:\WINDOWS\g288989140.dll
2006-07-11 03:34 56,832 C:\WINDOWS\g287786718.dll
2006-07-11 03:12 56,832 C:\WINDOWS\g286466203.dll
2006-07-11 02:50 56,832 C:\WINDOWS\g285147156.dll
2006-07-11 02:28 56,832 C:\WINDOWS\g283827171.dll
2006-07-11 02:08 56,832 C:\WINDOWS\g282627593.dll
2006-07-11 01:49 56,832 C:\WINDOWS\g281439578.dll
2006-07-11 01:28 56,832 C:\WINDOWS\g280222500.dll
2006-07-11 01:08 56,832 C:\WINDOWS\g279012156.dll
2006-07-10 20:46 56,832 C:\WINDOWS\g263289375.dll
2006-07-10 20:24 56,832 C:\WINDOWS\g261969703.dll
2006-07-10 20:02 56,832 C:\WINDOWS\g260649187.dll
2006-07-10 19:40 56,832 C:\WINDOWS\g259328328.dll
2006-07-10 19:18 56,832 C:\WINDOWS\g258008531.dll
2006-07-10 18:56 56,832 C:\WINDOWS\g256686968.dll
2006-07-10 06:34 56,832 C:\WINDOWS\g212165296.dll
2006-07-10 06:14 56,832 C:\WINDOWS\g210964656.dll
2006-07-10 05:54 56,832 C:\WINDOWS\g209760921.dll
2006-07-10 05:32 56,832 C:\WINDOWS\g208439187.dll
2006-07-10 05:12 56,832 C:\WINDOWS\g207238312.dll
2006-07-10 04:50 56,832 C:\WINDOWS\g205918093.dll
2006-07-10 04:28 56,832 C:\WINDOWS\g204597640.dll
2006-07-10 04:06 56,832 C:\WINDOWS\g203277078.dll
2006-07-10 03:44 56,832 C:\WINDOWS\g201956078.dll
2006-07-10 03:24 56,832 C:\WINDOWS\g200755156.dll
2006-07-10 03:02 56,832 C:\WINDOWS\g199434718.dll
2006-07-10 02:40 56,832 C:\WINDOWS\g198114031.dll
2006-07-10 02:18 56,832 C:\WINDOWS\g196793484.dll
2006-07-10 01:56 56,832 C:\WINDOWS\g195473078.dll
2006-07-10 01:34 56,832 C:\WINDOWS\g194152734.dll
2006-07-10 01:14 56,832 C:\WINDOWS\g192950890.dll
2006-07-10 00:52 56,832 C:\WINDOWS\g191630671.dll
2006-07-10 00:30 56,832 C:\WINDOWS\g190310062.dll
2006-07-10 00:08 56,832 C:\WINDOWS\g188990203.dll
2006-07-09 23:46 56,832 C:\WINDOWS\g187668843.dll
2006-07-09 23:26 56,832 C:\WINDOWS\g186467921.dll
2006-07-09 23:04 56,832 C:\WINDOWS\g185147328.dll
2006-07-09 22:42 56,832 C:\WINDOWS\g183827125.dll
2006-07-09 22:20 56,832 C:\WINDOWS\g182506703.dll
2006-07-09 21:58 56,832 C:\WINDOWS\g181185984.dll
2006-07-09 21:36 56,832 C:\WINDOWS\g179865390.dll
2006-07-09 21:16 56,832 C:\WINDOWS\g178664546.dll
2006-07-09 20:56 56,832 C:\WINDOWS\g177463812.dll
2006-07-09 20:34 56,832 C:\WINDOWS\g176143312.dll
2006-07-09 20:12 56,832 C:\WINDOWS\g174823906.dll
2006-07-09 18:14 56,832 C:\WINDOWS\g167729843.dll
2006-07-09 17:52 56,832 C:\WINDOWS\g166409453.dll
2006-07-09 17:30 56,832 C:\WINDOWS\g165088765.dll
2006-07-09 16:50 56,832 C:\WINDOWS\g162687703.dll
2006-07-09 16:34 56,832 C:\WINDOWS\g161726265.dll
2006-07-09 16:12 56,832 C:\WINDOWS\g160401421.dll
2006-07-09 15:49 56,832 C:\WINDOWS\g159081015.dll
2006-07-09 15:29 56,832 C:\WINDOWS\g157880265.dll
2006-07-09 15:08 56,832 C:\WINDOWS\g156559453.dll
2006-07-09 14:46 56,832 C:\WINDOWS\g155244515.dll
2006-07-09 14:23 56,832 C:\WINDOWS\g153918671.dll
2006-07-09 14:02 56,832 C:\WINDOWS\g152597515.dll
2006-07-09 13:39 56,832 C:\WINDOWS\g151277171.dll
2006-07-09 07:21 56,832 C:\WINDOWS\g128595031.dll
2006-07-09 04:03 56,832 C:\WINDOWS\g116713421.dll
2006-07-08 21:11 56,832 C:\WINDOWS\g91990031.dll
2006-07-08 20:49 56,832 C:\WINDOWS\g90669281.dll
2006-07-08 20:27 56,832 C:\WINDOWS\g89348703.dll
2006-07-08 20:05 56,832 C:\WINDOWS\g88028046.dll
2006-07-08 19:45 56,832 C:\WINDOWS\g86827281.dll
2006-07-08 16:23 56,832 C:\WINDOWS\g74701531.dll
2006-07-08 15:57 56,832 C:\WINDOWS\g73140937.dll
2006-07-08 15:39 56,832 C:\WINDOWS\g72057921.dll
2006-07-08 15:17 56,832 C:\WINDOWS\g70737156.dll
2006-07-08 14:55 56,832 C:\WINDOWS\g69416281.dll
2006-07-08 14:33 56,832 C:\WINDOWS\g68095875.dll
2006-07-08 14:11 56,832 C:\WINDOWS\g66775062.dll
2006-07-08 13:49 56,832 C:\WINDOWS\g65454734.dll
2006-07-08 13:27 56,832 C:\WINDOWS\g64134312.dll
2006-07-08 13:07 56,832 C:\WINDOWS\g62929093.dll
2006-07-08 12:45 56,832 C:\WINDOWS\g61608812.dll
2006-07-08 12:23 56,832 C:\WINDOWS\g60288546.dll
2006-07-08 12:01 56,832 C:\WINDOWS\g58966328.dll
2006-07-08 11:39 56,832 C:\WINDOWS\g57647000.dll
2006-07-08 11:17 56,832 C:\WINDOWS\g56321562.dll
2006-07-08 10:57 56,832 C:\WINDOWS\g55113328.dll
2006-07-08 10:35 56,832 C:\WINDOWS\g53797656.dll
2006-07-08 10:13 56,832 C:\WINDOWS\g52475140.dll
2006-07-08 09:51 56,832 C:\WINDOWS\g51143625.dll
2006-07-08 09:29 56,832 C:\WINDOWS\g49816625.dll
2006-07-08 09:09 56,832 C:\WINDOWS\g48597265.dll
2006-07-08 08:49 56,832 C:\WINDOWS\g47392015.dll
2006-07-08 08:26 56,832 C:\WINDOWS\g46063015.dll
2006-07-08 08:04 56,832 C:\WINDOWS\g44736921.dll
2006-07-08 07:42 56,832 C:\WINDOWS\g43410953.dll
2006-07-08 07:20 56,832 C:\WINDOWS\g42083281.dll
2006-07-08 07:00 56,832 C:\WINDOWS\g40868562.dll
2006-07-08 06:38 56,832 C:\WINDOWS\g39541578.dll
2006-07-08 06:15 56,832 C:\WINDOWS\g38218468.dll
2006-07-08 05:53 56,832 C:\WINDOWS\g36890343.dll
2006-07-08 05:31 56,832 C:\WINDOWS\g35563343.dll
2006-07-07 22:00 56,832 C:\WINDOWS\g8538812.dll
2006-07-07 21:38 56,832 C:\WINDOWS\g7217546.dll
2006-07-07 21:16 56,832 C:\WINDOWS\g5897078.dll
2006-07-07 20:54 56,832 C:\WINDOWS\g4576359.dll
2006-07-07 20:34 56,832 C:\WINDOWS\g3375640.dll
2006-07-07 20:32 56,832 C:\WINDOWS\g3255593.dll
2006-07-07 19:59 56,832 C:\WINDOWS\g1228453.dll
2006-07-07 19:47 56,832 C:\WINDOWS\g510359.dll
2006-07-07 19:25 56,832 C:\WINDOWS\g3178187.dll
2006-07-07 19:05 56,832 C:\WINDOWS\g1974968.dll
2006-07-07 18:15 56,832 C:\WINDOWS\g193810000.dll
2006-07-07 17:53 56,832 C:\WINDOWS\g192486703.dll
2006-07-07 15:19 56,832 C:\WINDOWS\g183243078.dll
2006-07-07 14:57 56,832 C:\WINDOWS\g181922531.dll
2006-07-07 14:37 56,832 C:\WINDOWS\g180718390.dll
2006-07-07 14:11 56,832 C:\WINDOWS\g179157703.dll
2006-07-07 13:49 56,832 C:\WINDOWS\g177836906.dll
2006-07-07 13:27 56,832 C:\WINDOWS\g176516562.dll
2006-07-07 13:05 56,832 C:\WINDOWS\g175196218.dll
2006-07-07 12:45 56,832 C:\WINDOWS\g173994343.dll
2006-07-07 12:25 56,832 C:\WINDOWS\g172794796.dll
2006-07-07 12:03 56,832 C:\WINDOWS\g171473671.dll
2006-07-07 11:43 56,832 C:\WINDOWS\g170271093.dll
2006-07-07 11:21 56,832 C:\WINDOWS\g168950687.dll
2006-07-07 10:59 56,832 C:\WINDOWS\g167629906.dll
2006-07-07 10:39 56,832 C:\WINDOWS\g166429156.dll
2006-07-07 10:17 56,832 C:\WINDOWS\g165108421.dll
2006-07-07 09:55 56,832 C:\WINDOWS\g163787890.dll
2006-07-07 09:33 56,832 C:\WINDOWS\g162467484.dll
2006-07-07 09:11 56,832 C:\WINDOWS\g161147031.dll
2006-07-07 08:49 56,832 C:\WINDOWS\g159826562.dll
2006-07-07 08:27 56,832 C:\WINDOWS\g158505843.dll
2006-07-07 08:05 56,832 C:\WINDOWS\g157185312.dll
2006-07-07 07:43 56,832 C:\WINDOWS\g155864796.dll
2006-07-07 07:21 56,832 C:\WINDOWS\g154543968.dll
2006-07-07 06:59 56,832 C:\WINDOWS\g153223718.dll
2006-07-07 06:39 56,832 C:\WINDOWS\g152022750.dll
2006-07-07 06:17 56,832 C:\WINDOWS\g150701812.dll
2006-07-07 05:55 56,832 C:\WINDOWS\g149381421.dll
2006-07-07 05:33 56,832 C:\WINDOWS\g148061000.dll
2006-07-07 05:11 56,832 C:\WINDOWS\g146740234.dll
2006-07-07 04:49 56,832 C:\WINDOWS\g145419812.dll
2006-07-07 04:27 56,832 C:\WINDOWS\g144099187.dll
2006-07-07 04:05 56,832 C:\WINDOWS\g142778109.dll
2006-07-07 03:43 56,832 C:\WINDOWS\g141457703.dll
2006-07-07 03:21 56,832 C:\WINDOWS\g140137468.dll
2006-07-07 02:59 56,832 C:\WINDOWS\g138816484.dll
2006-07-07 02:39 56,832 C:\WINDOWS\g137615531.dll
2006-07-07 02:17 56,832 C:\WINDOWS\g136295312.dll
2006-07-07 01:27 56,832 C:\WINDOWS\g133294000.dll
2006-07-07 01:07 56,832 C:\WINDOWS\g132094593.dll
2006-07-06 21:53 56,832 C:\WINDOWS\g120451406.dll
2006-07-06 21:25 56,832 C:\WINDOWS\g118770781.dll
2006-07-06 21:05 56,832 C:\WINDOWS\g117570515.dll
2006-07-06 20:43 56,832 C:\WINDOWS\g116246656.dll
2006-07-06 20:21 56,832 C:\WINDOWS\g114926359.dll
2006-07-06 19:59 56,832 C:\WINDOWS\g113604531.dll
2006-07-06 19:37 56,832 C:\WINDOWS\g112283859.dll
2006-07-06 19:16 56,832 C:\WINDOWS\g111073015.dll
2006-07-06 18:56 56,832 C:\WINDOWS\g109870296.dll
2006-07-06 18:34 56,832 C:\WINDOWS\g108549812.dll
2006-07-06 18:12 56,832 C:\WINDOWS\g107228078.dll
2006-07-06 17:50 56,832 C:\WINDOWS\g105907859.dll
2006-07-06 17:28 56,832 C:\WINDOWS\g104584265.dll
2006-07-06 15:34 56,832 C:\WINDOWS\g97742031.dll
2006-07-06 14:26 56,832 C:\WINDOWS\g93659109.dll
2006-07-06 14:04 56,832 C:\WINDOWS\g92338281.dll
2006-07-06 13:42 56,832 C:\WINDOWS\g91017500.dll
2006-07-06 13:20 56,832 C:\WINDOWS\g89695312.dll
2006-07-06 13:00 56,832 C:\WINDOWS\g88490109.dll
2006-07-06 12:38 56,832 C:\WINDOWS\g87169359.dll
2006-07-06 12:16 56,832 C:\WINDOWS\g85848734.dll
2006-07-06 11:54 56,832 C:\WINDOWS\g84528171.dll
2006-07-06 11:32 56,832 C:\WINDOWS\g83208796.dll
2006-07-06 11:10 56,832 C:\WINDOWS\g81887156.dll
2006-07-06 00:50 56,832 C:\WINDOWS\g44685093.dll
2006-07-06 00:30 56,832 C:\WINDOWS\g43481750.dll
2006-07-06 00:08 56,832 C:\WINDOWS\g42160390.dll
2006-07-05 19:36 56,832 C:\WINDOWS\g25838640.dll
2006-07-05 19:14 56,832 C:\WINDOWS\g24517781.dll
2006-07-05 18:52 56,832 C:\WINDOWS\g23196781.dll
2006-07-05 18:30 56,832 C:\WINDOWS\g21877609.dll
2006-07-05 18:10 56,832 C:\WINDOWS\g20676203.dll
2006-07-05 17:48 56,832 C:\WINDOWS\g19355093.dll
2006-07-05 16:16 56,832 C:\WINDOWS\g13832812.dll
2006-07-05 15:54 56,832 C:\WINDOWS\g12513406.dll
2006-07-05 15:32 56,832 C:\WINDOWS\g11192015.dll
2006-07-05 14:20 56,832 C:\WINDOWS\g6867984.dll
2006-07-05 13:58 56,832 C:\WINDOWS\g5548078.dll
2006-07-05 13:36 56,832 C:\WINDOWS\g4226968.dll
2006-07-05 13:14 56,832 C:\WINDOWS\g2906500.dll
2006-07-05 12:52 56,832 C:\WINDOWS\g1586843.dll
2006-07-05 12:30 56,832 C:\WINDOWS\g265859.dll
2006-07-05 11:39 569,396 C:\WINDOWS\system32\pmnlj.dll.vir
2006-07-04 23:29 720,896 C:\WINDOWS\iun6002ev.exe
2006-07-04 19:28 81,920 C:\WINDOWS\system32\cmd.dll
2006-07-04 19:28 18,432 C:\WINDOWS\system32\winjte32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 23/07/2006 15:10:43.31
ComboFix ver 06.07.22 - This logfile is located at C:\ComboFix.txt

ComboFix.txt

HIjack This Log

Logfile of HijackThis v1.99.1
Scan saved at 15:13:20, on 23/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E49243E2-DD2C-4FEB-A1F5-C124CAB4A545} - C:\WINDOWS\System32\pmnlj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B02F494-9F57-4024-A2E9-58F1A44C4F6C}: NameServer = 195.166.128.16,195.166.128.17
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g193810000.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\System32\pmnlj.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:10 AM

Posted 23 July 2006 - 09:56 AM

Ok; let's use some automatic tools to clean up a bit more first, before we proceed with manual removal...

Perform next in the right order..

Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.

After reboot,

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
* After reboot, doubleclick Combofix present on your desktop and post the log in your next reply, together with the contents of the Ewido log you saved, the logfile c\windelf.txt and a new hijackhislog.

You may need more than one reply to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Macgilla

Macgilla
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 23 July 2006 - 11:38 AM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:31:55 23/07/2006

+ Scan result:



C:\WINDOWS\system32\cmd.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\VundoFix Backups\xxyvwuu.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\g104584265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g105907859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g107228078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g108549812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g109870296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g111073015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g11192015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g112283859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g113604531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g114926359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g116246656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g116713421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g117570515.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g118770781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g120451406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g1228453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g12513406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g128595031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g132094593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g133294000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g136295312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g137615531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g13832812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g138816484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g140137468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g141457703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g142778109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g144099187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g145419812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g146740234.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g148061000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g149381421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g150701812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g151277171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g152022750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g152597515.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g153223718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g153918671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g154543968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g155244515.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g155864796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g156559453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g157185312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g157880265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g158505843.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g1586843.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g159081015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g159826562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g160401421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g161147031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g161726265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g162467484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g162687703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g163787890.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g165088765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g165108421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g166409453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g166429156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g167629906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g167729843.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g168950687.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g170271093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g171473671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g172794796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g173994343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g174823906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g175196218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g176143312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g176516562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g177463812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g177836906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g178664546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g179157703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g179865390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g180718390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g181185984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g181922531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g182506703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g183243078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g183827125.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g185147328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g186467921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g187668843.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g188990203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g190310062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g191630671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g192486703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g192950890.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g19355093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g193810000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g194152734.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g195473078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g196793484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g1974968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g198114031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g199434718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g200755156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g201956078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g203277078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g204597640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g205918093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g20676203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g207238312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g208439187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g209760921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g210964656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g212165296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g21877609.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g23196781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g24517781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g256686968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g258008531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g25838640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g259328328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g260649187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g261969703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g263289375.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g265859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g279012156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g280222500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g281439578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g282627593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g283827171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g285147156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g286466203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g287786718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g288989140.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g290309046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g2906500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g291629015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g292950046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g294275937.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g295712000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g296917609.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g3178187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g321879671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g323200484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g324520625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g3255593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g325841515.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g327162796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g328483562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g329684468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g331005265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g332325265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g333647437.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g334967000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g336168609.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g337490406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g3375640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g338810500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g352613093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g353933890.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g355254265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g35563343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g356455062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g357775953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g359095937.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g360297296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g361617734.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g362938406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g364259500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g365579828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g366900234.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g368101562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g36890343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g369422000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g370742484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g372063187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g373383953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g374584578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g375904968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g377225390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g378547031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g379746453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g381066921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g38218468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g382269234.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g383589593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g384910250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g386230640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g387551171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g388752640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g390073031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g391393671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g392714765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g394035218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g395355765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g39541578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g396562187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g397881718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g399202265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g400523093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g401843546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g403045281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g404365187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g405685828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g406886500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g408208234.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g40868562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g409528984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g410728828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g412049609.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g413369843.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g414691250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g416012546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g417335343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g418536218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g419860562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g42083281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g42160390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g4226968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g422985359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g43410953.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g43481750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g44685093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g44736921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g4576359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g46063015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g47392015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g48597265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g49816625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g510359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g51143625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g52475140.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g53797656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g55113328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g5548078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g56321562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g57647000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g58966328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g5897078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g60288546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g61608812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g62929093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g64134312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g65454734.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g66775062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g68095875.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g6867984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g69416281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g70737156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g72057921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g7217546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g73140937.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g74701531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g81887156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g83208796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g84528171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g8538812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g85848734.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g86827281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g87169359.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g88028046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g88490109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g89348703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g89695312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g90669281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g91017500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g91990031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g92338281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g93659109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g97742031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[1124] C:\WINDOWS\g193810000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
[600] C:\WINDOWS\g193810000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\651B69AF-DF0B-47A1-8D79-6BF203\E22D3668-4A8B-4004-85E9-23A3CE -> Hijacker.StartPage.adc : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\6816A4E8-FF36-46F5-A765-01A40C\DC5F0944-E89E-4723-8B55-7AACBE -> Hijacker.StartPage.adc : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\F4FA8B0A-474C-4CDB-AE48-368CFA\5300CB74-0FDB-4E4C-862E-03AD6B -> Hijacker.StartPage.adc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\aafyabfb.dll -> Logger.VBStat.d : Cleaned with backup (quarantined).
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.335:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\house\Cookies\house@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.127:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.128:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.134:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.136:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.48:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.51:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.52:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.53:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.54:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup (quarantined).
:mozilla.22:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.152:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.153:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.154:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
:mozilla.21:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.23:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.24:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.25:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.26:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
:mozilla.361:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
:mozilla.339:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.80:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.81:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.82:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.83:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.84:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.64:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.65:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.66:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.67:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\house\Cookies\house@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.72:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.73:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.74:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.76:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.77:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.355:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.356:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup (quarantined).
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.42:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Setthnfs\Owner\Application Data\Mozilla\Firefox\Profiles\ej17zxlh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Setthnfs\Owner\Application Data\Mozilla\Firefox\Profiles\ej17zxlh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Setthnfs\Owner\Application Data\Mozilla\Firefox\Profiles\ej17zxlh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Setthnfs\Owner\Application Data\Mozilla\Firefox\Profiles\ej17zxlh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.37:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.43:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.44:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.45:C:\Cocuments and Settinfs\Owner\Application Data\Mozilla\Firefox\Profiles\1t7m79xq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\dx3zhfmv.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bsnsyeqc.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jdoryrea.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tjtylwyo.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\system32\PcastUpdate.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winjte32.dll -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

#10 Macgilla

Macgilla
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 23 July 2006 - 11:45 AM

Logfile of HijackThis v1.99.1
Scan saved at 17:38:00, on 23/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E49243E2-DD2C-4FEB-A1F5-C124CAB4A545} - C:\WINDOWS\System32\pmnlj.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B02F494-9F57-4024-A2E9-58F1A44C4F6C}: NameServer = 195.166.128.16,195.166.128.17
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g193810000.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\System32\pmnlj.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

Start Time= 23/07/2006 17:43:40.39
Running from: C:\Documents and Settings\Owner\Desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-23 17:34 <DIR> C:\Program Files\mozilla firefox
2006-07-23 17:34 <DIR> C:\Program Files\Common Files\symantec shared
2006-07-23 17:14 <DIR> C:\Documents and Settings\Owner\Application Data\adobe
2006-07-23 16:43 <DIR> C:\Program Files\ewido anti-spyware 4.0
2006-07-23 16:31 123 C:\Documents and Settings\Owner\Application Data\iscrobbler.ini
2006-07-23 15:09 90,240 C:\WINDOWS\system32\drivers\sptd4205.sys
2006-07-23 15:09 876 C:\WINDOWS\system32\jlnmp.ini
2006-07-23 15:08 876 C:\WINDOWS\system32\jlnmp.ini.vir
2006-07-22 16:05 <DIR> C:\Program Files\s?stem32 (sstem3~1)
2006-07-19 02:53 <DIR> C:\Program Files\windows media player
2006-07-19 02:52 <DIR> C:\Program Files\outlook express
2006-07-19 02:52 <DIR> C:\Program Files\Common Files\system
2006-07-17 16:46 <DIR> C:\Documents and Settings\Owner\Application Data\azureus
2006-07-17 01:59 <DIR> C:\Program Files\azureus
2006-07-16 01:53 716 C:\WINDOWS\win.ini
2006-07-14 02:42 <DIR> C:\WINDOWS\system32\t?sks (tsks~1)
2006-07-13 03:00 <DIR> C:\Documents and Settings\Owner\Application Data\yahoo!
2006-07-13 01:27 <DIR> C:\Program Files\yahoo!
2006-07-11 05:16 <DIR> C:\Program Files\msn messenger
2006-07-11 05:15 <DIR> C:\Program Files\Common Files\microsoft shared
2006-07-11 01:51 <DIR> C:\Program Files\spybot - search & destroy
2006-07-08 18:02 <DIR> C:\Program Files\gamehouse
2006-07-07 19:46 <DIR> C:\Program Files\spyware doctor
2006-07-07 19:46 <DIR> C:\Program Files\pcast
2006-07-07 19:19 <DIR> C:\Documents and Settings\Owner\Application Data\lavasoft
2006-07-07 18:26 <DIR> C:\Documents and Settings\Owner\Application Data\pc tools
2006-07-07 14:12 127 C:\WINDOWS\iplayer.ini
2006-07-07 00:54 <DIR> C:\Program Files\guitar pro 5
2006-07-05 11:39 569,396 C:\WINDOWS\system32\pmnlj.dll.vir
2006-07-05 01:07 <DIR> C:\Program Files\installshield installation information
2006-07-05 01:07 <DIR> C:\Program Files\digidesign
2006-07-05 01:07 <DIR> C:\Program Files\Common Files\digidesign
2006-07-05 01:06 <DIR> C:\Program Files\common files
2006-07-05 00:57 <DIR> C:\Program Files\bejeweled 2 deluxe
2006-07-04 23:29 720,896 C:\WINDOWS\iun6002ev.exe
2006-07-03 12:58 <DIR> C:\Program Files\itunes
2006-07-03 01:39 <DIR> C:\Program Files\trymedia
2006-06-27 00:57 <DIR> C:\Program Files\netmeeting
2006-06-22 00:16 <DIR> C:\Documents and Settings\Owner\Application Data\sun
2006-06-21 03:16 <DIR> C:\Program Files\limewire
2006-06-20 18:26 <DIR> C:\Documents and Settings\Owner\Application Data\adobeum
2006-06-20 17:56 <DIR> C:\Program Files\java
2006-06-20 17:52 <DIR> C:\Program Files\Common Files\java
2006-06-18 10:56 <DIR> C:\Program Files\Common Files\pace anti-piracy
2006-06-18 10:45 <DIR> C:\Program Files\winrar
2006-06-18 10:40 <DIR> C:\Program Files\protools
2006-06-17 04:30 <DIR> C:\Program Files\quicktime
2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll
2006-05-31 02:05 <DIR> C:\Documents and Settings\Owner\Application Data\macromedia
2006-05-19 13:15 83,456 C:\WINDOWS\system32\iphlpapi.dll
2006-05-19 13:15 70,656 C:\WINDOWS\system32\ws2_32.dll
2006-05-19 13:15 54,272 C:\WINDOWS\system32\ipv6mon.dll
2006-05-19 13:15 31,232 C:\WINDOWS\system32\inetmib1.dll
2006-05-19 13:15 140,288 C:\WINDOWS\system32\dnsapi.dll
2006-05-19 13:15 13,312 C:\WINDOWS\system32\wship6.dll
2006-05-19 13:15 103,936 C:\WINDOWS\system32\dhcpcsvc.dll
2006-05-19 09:51 159,232 C:\WINDOWS\system32\xpob2res.dll
2006-05-19 09:46 48,640 C:\WINDOWS\system32\ipv6.exe
2006-05-19 09:44 83,456 C:\WINDOWS\system32\netsh.exe
2006-05-14 10:13 98,304 C:\WINDOWS\system32\polstore.dll
2006-05-14 10:13 364,544 C:\WINDOWS\system32\ipsmsnap.dll
2006-05-14 10:13 334,848 C:\WINDOWS\system32\ipsecsnp.dll
2006-05-14 10:13 29,184 C:\WINDOWS\system32\winipsec.dll
2006-05-14 10:13 257,536 C:\WINDOWS\system32\oakley.dll
2006-05-14 10:13 159,744 C:\WINDOWS\system32\ipsecsvc.dll
2006-05-03 02:56 127,078 C:\WINDOWS\system32\javaws.exe
2006-05-03 01:19 53,346 C:\WINDOWS\system32\javaw.exe
2006-05-03 01:19 49,248 C:\WINDOWS\system32\java.exe


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-23 16:36 4,096 C:\WINDOWS\system32\reboot.exe
2006-07-23 16:36 16,384 C:\WINDOWS\system32\restart.exe
2006-07-23 16:36 11,430 C:\delfiles.bat
2006-07-22 16:03 876 C:\WINDOWS\system32\jlnmp.ini.vir
2006-07-22 16:03 876 C:\WINDOWS\system32\jlnmp.ini
2006-07-17 01:57 536,268,800 C:\hiberfil.sys
2006-07-16 02:13 991,232 C:\WINDOWS\system32\esent.dll
2006-07-05 11:39 569,396 C:\WINDOWS\system32\pmnlj.dll.vir
2006-07-04 23:29 720,896 C:\WINDOWS\iun6002ev.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 23/07/2006 17:43:56.14
ComboFix ver 06.07.22 - This logfile is located at C:\ComboFix.txt

ComboFix.txt
ComboFix2.txt
ComboFix3.txt

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:10 AM

Posted 23 July 2006 - 03:03 PM

Ok, as you've seen, Ewido already deleted a lot of leftovers... Let's deal with the rest now, because I like systems clean :thumbsup:

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {E49243E2-DD2C-4FEB-A1F5-C124CAB4A545} - C:\WINDOWS\System32\pmnlj.dll (file missing)
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g193810000.dll (file missing)
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\System32\pmnlj.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next folders and files:

C:\Program Files\s?stem32 <== this folder. Please make sure you don't delete the legit system32 folder. The one you have to delete, when you rightclick the folder and choose properties, the date should be 2006-07-22 16:05

C:\WINDOWS\system32\t?sks<== this folder. Please make sure you don't delete the legit tasks folder. The one you have to delete, when you rightclick the folder and choose properties, the date should be 2006-07-14 02:42

C:\WINDOWS\system32\jlnmp.ini.vir
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\pmnlj.dll.vir

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"=-

[-HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Let me know in your next reply how things are running now
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Macgilla

Macgilla
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 23 July 2006 - 04:34 PM

C:\Program Files\s?stem32 <== this folder. Please make sure you don't delete the legit system32 folder. The one you have to delete, when you rightclick the folder and choose properties, the date should be 2006-07-22 16:05

C:\WINDOWS\system32\t?sks<== this folder. Please make sure you don't delete the legit tasks folder. The one you have to delete, when you rightclick the folder and choose properties, the date should be 2006-07-14 02:42


Ive done everything apart from deleting the above, as these folders didnt appear to be there> Have i missed something?

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:10 AM

Posted 23 July 2006 - 04:44 PM

wasn't there a system32-folder present in your Program Files folder?
And wasn't there a tasks folder present in your system32-folder? Don't delete these folders from anywhere else!!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 Macgilla

Macgilla
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 23 July 2006 - 08:50 PM

there is system32-folder in th Program Files folder, but it is empty. There are no files in it at all

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:10 AM

Posted 24 July 2006 - 01:27 AM

Yes, delete that folder.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users