Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Winfixer popup [RESOLVED]

Started by shinebindi , Oct 24 2005 08:47 PM

Page 4 of 6
2
3
4
5
6

This topic is locked

#46
Crustyoldbloke

Posted 24 November 2005 - 09:47 AM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello again

Normally, this infection lasts for one fix only, but for some reason with you it is very stubborn. I am still of the opinion that the reason the bad file can not be deleted is to do with accounts.

Do you still have two accounts for this PC, your own and family? If so, can we reduce that to one account, family only and give that account administrator's rights?

You should then reboot normally; you shouldn't need to logon since there is only one profile now. Download a fresh Vundo fix and run it in safe mode and in normal mode, still using C:\WINDOWS\system32\jkhfe.dll for first filepath and C:\WINDOWS\system32\efhkj.* for the second filepath.

We also know that this infection can normally be dealt with by running SpySweeper, but unfortunately your use of their trial period has already been used. I would suggest paying for it, but there is no assurance it will work since this infection on your PC is not behaving normally.

You could again try Ewido as it does sometimes get Vundo and delete it. make sure you update it before running since this is a very recent occurrence.

#47
shinebindi

Posted 24 November 2005 - 09:52 AM

Member

Topic Starter
Member
51 posts

Do I seriously have to delete my account?
Can I delete the family account?
Because it is rarely ever used...
and if I delete this account... I am going to have to back up so much...
any other alternatives?

#48
Crustyoldbloke

Posted 24 November 2005 - 10:24 AM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Well, I think that the infection is controlled by the family account, but I have this feeling that something in your account is stopping the fixes from working.

When you delete and account, Windows creates a folder with all the documents realating to that account only in it, and places it on the desktop.

I can see your reasoning, and actually, it might work. I am just surface thinking and typing at the same time here. If you kill the family account, then the infection becomes unhooked and should go, but if the winlogon is from your account and is occupying it, then we may be back to square one.

Do nothing for the moment, let me chat this through with a member of staff.

#49
Crustyoldbloke

Posted 24 November 2005 - 03:31 PM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello again

After a ponder and chat, dkv01 with all of his expertise believes we can now beat this with an online scan since up to date definitions now include this threat..

Please visit Kaspersky for an online scan.

Please post the log it produces into this thread.

#50
shinebindi

Posted 24 November 2005 - 07:48 PM

Member

Topic Starter
Member
51 posts

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, November 24, 2005 19:46:57
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/11/2005
Kaspersky Anti-Virus database records: 151648
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 54205
Number of viruses found: 6
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 3151 sec

Infected Object Name - Virus Name
C:\news.exe Infected: Trojan.Win32.Small.gf
C:\news4.exe Infected: Trojan.Win32.Small.gf
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0014604.exe Infected: Backdoor.Win32.SdBot.ago
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP116\A0016741.dll Infected: Trojan-Downloader.Win32.Agent.yf
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP116\A0016742.exe Infected: Trojan-Downloader.Win32.Small.bpk
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017204.exe Infected: Backdoor.Win32.IRCBot.jl
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS Infected: Trojan.Win32.Qhost.r
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.msn Infected: Trojan.Win32.Qhost.r

Scan process completed.

#51
Crustyoldbloke

Posted 25 November 2005 - 04:33 AM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello again

I can see that you did the scan, however, the file we are looking for was not picked up. I am informed that if you rescan and select extended bases, the scan should find the infected dll.

You have to click scan settings to access the option, and you will find it to be the second option from the top.

Thanks

#52
shinebindi

Posted 25 November 2005 - 02:48 PM

Member

Topic Starter
Member
51 posts

ok here it is

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, November 25, 2005 14:45:34
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 25/11/2005
Kaspersky Anti-Virus database records: 161560
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 54728
Number of viruses found: 7
Number of infected objects: 52
Number of suspicious objects: 1
Duration of the scan process: 3470 sec

Infected Object Name - Virus Name
C:\news.exe Infected: Trojan.Win32.Small.gf
C:\news4.exe Infected: Trojan.Win32.Small.gf
C:\Program Files\HiJack This\backups\backup-20051120-102254-711.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\Program Files\HiJack This\backups\backup-20051120-120439-256.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\Program Files\HiJack This\backups\backup-20051122-205835-329.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\Program Files\HiJack This\backups\backup-20051123-190936-453.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0014604.exe Suspicious: PESpin
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014705.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014706.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014707.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014708.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014709.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014710.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014711.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014712.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014713.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014714.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014715.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014716.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014717.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014718.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014719.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014720.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014721.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014722.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014723.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014724.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014725.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014726.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014727.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014728.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP104\A0014729.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP111\A0016282.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP111\A0016283.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP116\A0016741.dll Infected: Trojan-Downloader.Win32.Agent.yf
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP116\A0016742.exe Infected: Trojan-Downloader.Win32.Small.bpk
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017120.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017134.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017169.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017170.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017171.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017172.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017173.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017174.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017175.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017176.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017180.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP122\A0017204.exe Infected: Backdoor.Win32.IRCBot.jl
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP128\A0017456.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP128\A0017460.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS Infected: Trojan.Win32.Qhost.r
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.msn Infected: Trojan.Win32.Qhost.r
C:\WINDOWS\SYSTEM32\jkhfe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q

Scan process completed.

#53
Crustyoldbloke

Posted 25 November 2005 - 06:40 PM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello again

Can I see a HJT log from all remaining profiles please?

Please paste them into this thread with either a name or a number for identity.

#54
shinebindi

Posted 25 November 2005 - 08:15 PM

Member

Topic Starter
Member
51 posts

Here's the HJT log for the Family account:

Logfile of HijackThis v1.99.1
Scan saved at 8:12:36 PM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Browser mouse\1.2\mouse32a.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ddayy.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\jkhfe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Brother MFL Pro Remote Setup] C:\Program Files\Brother\BRMFLPRO\brsmirsp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123553964031
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddayy - C:\WINDOWS\SYSTEM32\ddayy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfe - C:\WINDOWS\system32\jkhfe.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Bindi\Local Settings\Temporary Internet Files\Content.IE5\WRTXGTCZ\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

#55
shinebindi

Posted 25 November 2005 - 08:37 PM

Member

Topic Starter
Member
51 posts

heres the HJT log for my account (accounts name is Bindi)

Logfile of HijackThis v1.99.1
Scan saved at 8:36:33 PM, on 11/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Browser mouse\1.2\mouse32a.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\SYSTEM32\MSPAINT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\ddayy.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\jkhfe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Brother MFL Pro Remote Setup] C:\Program Files\Brother\BRMFLPRO\brsmirsp.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - Startup: Browser Mouse 1.2.lnk = C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - Startup: Office Keyboard 1.2.lnk = C:\Program Files\Office keyboard utility\1.2\OFFICEKB.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123553964031
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddayy - C:\WINDOWS\SYSTEM32\ddayy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfe - C:\WINDOWS\system32\jkhfe.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Bindi\Local Settings\Temporary Internet Files\Content.IE5\WRTXGTCZ\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

#56
Crustyoldbloke

Posted 26 November 2005 - 08:27 AM

Old Malware Surgeon with a shaky scalpel

Retired Staff
15,131 posts

Hello Bindi

We are going to try and delete the extra file that you have keeping the Vundo alive.

Please download
Killbox by Option^Explicit

Please install Killbox by Option^Explicit.

Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
In the Killbox programme, select the Delete on Reboot option.
Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddaya.dll

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the reboot now prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

Download VirtumundoBegone and save it to your desktop.

http://secured2k.hom...mundoBeGone.exe

Reboot your computer into Safe Mode

Then double click VirtumundoBeGone.exe you just downloaded and follow the instructions.

Exit when it has finished.

Please post the log it creates into your next reply

#57
shinebindi

Posted 26 November 2005 - 12:37 PM

Member

Topic Starter
Member
51 posts

When trying to delete ddayy.dll, i got an error that said "PendingFileRenameOperations Registry Data has been Removed by External Process!" So I'm not sure of that... and I think the ddaya.dll file is deleted...

I am going to have to insert the VBG log in a lot of different posts... because it is too big for 1 post and too big to attach..

[11/26/2005, 11:04:03] - Starting Process...
[11/26/2005, 11:04:03] - Looking for Browser Helper Object [MSEvents Object]
[11/26/2005, 11:04:03] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:04:03] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:04:03] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:04:03] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:04:04] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:04:04] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:04] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:04:04] - Found MSEvents Object!
[11/26/2005, 11:04:04] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:04] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:04] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:04] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:05] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:05] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:05] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:05] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:05] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:05] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:04:06] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:06] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:08] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:08] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:04:08] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:08] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:04:08] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:04:08] - Checking for WinLogon Notify reference. (File: )
[11/26/2005, 11:04:08] - Couldn't find in Winlogon Notify. Ignoring {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}.
[11/26/2005, 11:04:08] - 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:04:08] - 3: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:04:08] - WARNING: 3: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:04:08] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:04:08] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:04:08] - 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:04:08] - 5: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:04:08] - Found MSEvents Object!
[11/26/2005, 11:04:08] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:08] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:08] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:09] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:11] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:11] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:11] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:11] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:11] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:11] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:04:12] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:12] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:13] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:14] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:04:14] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:14] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:04:14] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:04:14] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:04:14] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:04:15] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:04:15] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:15] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:04:15] - Found MSEvents Object!
[11/26/2005, 11:04:15] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:15] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:15] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:16] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:16] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:16] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:17] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:17] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:17] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:17] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:04:17] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:17] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:17] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:17] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:04:17] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:17] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:04:17] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:04:17] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:04:17] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:04:17] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:04:17] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:04:17] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:04:17] - Found MSEvents Object!
[11/26/2005, 11:04:17] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:17] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:17] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:17] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:17] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:18] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:19] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:19] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:19] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:19] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:04:19] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:19] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:20] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:20] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:04:20] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:20] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:04:20] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:04:20] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:04:20] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:04:20] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:04:21] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:21] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:04:21] - Found MSEvents Object!
[11/26/2005, 11:04:21] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:21] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:21] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:21] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:21] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:22] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:22] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:22] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:22] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:23] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:04:23] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:23] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:23] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:23] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:04:23] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:23] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:04:23] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:04:23] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:04:23] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:04:23] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:04:23] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:04:23] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:04:23] - Found MSEvents Object!
[11/26/2005, 11:04:23] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:23] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:23] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:23] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:23] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:24] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:24] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:24] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:24] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:25] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:04:25] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:25] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:25] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:25] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:04:25] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:25] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:04:25] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:04:25] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:04:25] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:04:26] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:04:27] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:27] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:04:27] - Found MSEvents Object!
[11/26/2005, 11:04:27] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:27] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:27] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:28] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:28] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:28] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:28] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:28] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:28] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:28] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:04:28] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:28] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:28] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:29] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:04:29] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:29] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:04:29] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:04:29] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:04:29] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:04:29] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:04:29] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:04:29] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:04:29] - Found MSEvents Object!
[11/26/2005, 11:04:29] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:29] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:29] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:29] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:29] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:29] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:30] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:30] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:30] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:30] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:04:30] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:30] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:33] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:33] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:04:33] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:33] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:04:33] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:04:33] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:04:33] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:04:34] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:04:35] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:35] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:04:35] - Found MSEvents Object!
[11/26/2005, 11:04:35] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:35] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:35] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:35] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:35] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:35] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:35] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:35] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:35] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:36] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:04:36] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:36] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:36] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:36] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:04:36] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:36] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:04:36] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:04:36] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:04:36] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:04:36] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:04:36] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:04:36] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:04:36] - Found MSEvents Object!
[11/26/2005, 11:04:36] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:36] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:36] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:36] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:36] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:37] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:37] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:37] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:37] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:38] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:04:38] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:38] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:41] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:41] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:04:41] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:41] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:04:41] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:04:41] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:04:41] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:04:42] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:04:42] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:42] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:04:42] - Found MSEvents Object!
[11/26/2005, 11:04:42] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:42] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:42] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:43] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:43] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:43] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:43] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:43] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:43] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:43] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:04:43] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:43] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:43] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:43] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:04:43] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:43] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:04:43] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:04:43] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:04:43] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:04:43] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:04:43] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:04:43] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:04:43] - Found MSEvents Object!
[11/26/2005, 11:04:43] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:43] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:43] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:43] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:43] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:44] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:44] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:44] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:45] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:45] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:04:45] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:45] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:46] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:46] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:04:46] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:46] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:04:46] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:04:46] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:04:46] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:04:47] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:04:47] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:47] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:04:47] - Found MSEvents Object!
[11/26/2005, 11:04:47] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:47] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:47] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:47] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:47] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:48] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:48] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:48] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:49] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:49] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:04:49] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:49] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:49] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:04:49] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:04:49] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:49] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:04:49] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:04:49] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:04:49] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:04:49] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:04:49] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:04:49] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:04:49] - Found MSEvents Object!
[11/26/2005, 11:04:49] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:49] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:04:49] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:49] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:49] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:50] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:50] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:51] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:51] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:51] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:04:51] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:51] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:53] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:04:53] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:04:53] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:53] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:04:53] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:04:53] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:04:53] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:04:54] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:04:55] - BHO list has been changed! Starting over...
[11/26/2005, 11:04:55] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:04:55] - Found MSEvents Object!
[11/26/2005, 11:04:55] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:55] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:04:55] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:04:56] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:04:56] - Disabling Automatic Shell Restart
[11/26/2005, 11:04:57] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:04:57] - Suspending the NT Session Manager System Service
[11/26/2005, 11:04:58] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:04:58] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:04:58] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:04:58] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:04:58] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:00] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:00] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:05:00] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:00] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:05:00] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:05:00] - Checking for WinLogon Notify reference. (File: )
[11/26/2005, 11:05:00] - Couldn't find in Winlogon Notify. Ignoring {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}.
[11/26/2005, 11:05:00] - 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:05:00] - 3: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:05:00] - WARNING: 3: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:05:00] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:05:00] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:05:00] - 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:05:00] - 5: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:05:00] - Found MSEvents Object!
[11/26/2005, 11:05:00] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:00] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:00] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:01] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:01] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:02] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:02] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:02] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:02] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:02] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:05:02] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:02] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:02] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:02] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:05:02] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:02] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:05:02] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:05:02] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:05:02] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:05:03] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:05:03] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:03] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:05:03] - Found MSEvents Object!
[11/26/2005, 11:05:03] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:03] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:03] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:03] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:04] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:05] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:07] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:07] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:07] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:07] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:05:07] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:07] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:08] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:08] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:05:08] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:08] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:05:08] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:05:08] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:05:08] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:05:08] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:05:08] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:05:08] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:05:08] - Found MSEvents Object!
[11/26/2005, 11:05:08] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:08] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:08] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:09] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:09] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:10] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:10] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:10] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:10] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:11] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:05:11] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:11] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:15] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:15] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:05:15] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:15] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:05:15] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:05:15] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:05:15] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:05:16] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:05:16] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:16] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:05:16] - Found MSEvents Object!
[11/26/2005, 11:05:16] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:16] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:16] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:16] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:16] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:16] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:16] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:17] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:17] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:17] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:05:17] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:17] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:17] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:17] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:05:17] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:17] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:05:17] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:05:17] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:05:17] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:05:17] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:05:17] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:05:17] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:05:17] - Found MSEvents Object!
[11/26/2005, 11:05:17] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:17] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:17] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:17] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:17] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:18] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:19] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:19] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:19] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:20] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:05:20] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:20] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:23] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:23] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:05:24] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:24] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:05:24] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:05:24] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:05:24] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:05:24] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:05:25] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:25] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:05:25] - Found MSEvents Object!
[11/26/2005, 11:05:25] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:25] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:25] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:25] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:25] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:25] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:25] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:25] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:25] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:26] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:05:26] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:26] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:27] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:27] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:05:28] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:28] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:05:28] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:05:28] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:05:28] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:05:28] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:05:28] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:05:28] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:05:28] - Found MSEvents Object!
[11/26/2005, 11:05:28] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:28] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:28] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:28] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:28] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:28] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:28] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:29] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:29] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:29] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:05:29] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:29] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:32] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:32] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:05:32] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:32] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:05:32] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:05:32] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:05:32] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:05:32] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:05:33] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:33] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:05:33] - Found MSEvents Object!
[11/26/2005, 11:05:33] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:33] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:33] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:34] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:34] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:34] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:34] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:34] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:34] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:35] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:05:35] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:35] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:35] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:35] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:05:35] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:35] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:05:35] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:05:35] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:05:35] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:05:35] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:05:35] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:05:35] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:05:35] - Found MSEvents Object!
[11/26/2005, 11:05:35] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:35] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:35] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:35] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:35] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:36] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:36] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:36] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:36] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:37] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:05:37] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:37] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:40] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:40] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:05:40] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:40] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:05:40] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:05:40] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:05:40] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:05:41] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:05:42] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:42] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:05:42] - Found MSEvents Object!
[11/26/2005, 11:05:42] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:42] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:42] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:42] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:42] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:43] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:43] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:43] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:43] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:43] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:05:43] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:43] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:43] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:43] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:05:43] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:43] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:05:43] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:05:43] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:05:43] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:05:43] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:05:43] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:05:43] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:05:43] - Found MSEvents Object!
[11/26/2005, 11:05:43] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:43] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:43] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:43] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:43] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:44] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:45] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:45] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:45] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:45] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:05:45] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:45] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:50] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:50] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:05:50] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:50] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:05:50] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:05:50] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:05:50] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:05:50] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:05:51] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:51] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:05:51] - Found MSEvents Object!
[11/26/2005, 11:05:51] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:51] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:51] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:51] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:51] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:52] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:52] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:52] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:52] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:52] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:05:52] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:52] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:52] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:52] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:05:52] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:52] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:05:52] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:05:52] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:05:52] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:05:52] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:05:52] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:05:52] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:05:52] - Found MSEvents Object!
[11/26/2005, 11:05:52] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:52] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:52] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:52] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:52] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:53] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:53] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:53] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:54] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:54] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:05:54] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:54] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:55] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:05:55] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:05:55] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:55] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:05:55] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:05:55] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:05:55] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:05:55] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:05:56] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:56] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:05:56] - Found MSEvents Object!
[11/26/2005, 11:05:56] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:56] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:05:56] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:56] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:56] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:57] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:57] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:57] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:57] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:05:57] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:05:57] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:05:57] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:57] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:05:57] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:05:57] - BHO list has been changed! Starting over...
[11/26/2005, 11:05:57] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:05:57] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:05:57] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:05:57] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:05:57] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:05:57] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:05:57] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:05:57] - Found MSEvents Object!
[11/26/2005, 11:05:57] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:57] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:05:57] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:05:57] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:05:57] - Disabling Automatic Shell Restart
[11/26/2005, 11:05:58] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:05:59] - Suspending the NT Session Manager System Service
[11/26/2005, 11:05:59] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:05:59] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:06:00] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:06:00] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:06:00] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:06:00] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:06:00] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:06:00] - BHO list has been changed! Starting over...
[11/26/2005, 11:06:00] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:06:00] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:06:00] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:06:00] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:06:00] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:06:01] - BHO list has been changed! Starting over...
[11/26/2005, 11:06:01] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:06:01] - Found MSEvents Object!
[11/26/2005, 11:06:01] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:06:01] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:06:01] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:06:01] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:06:01] - Disabling Automatic Shell Restart
[11/26/2005, 11:06:02] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:06:02] - Suspending the NT Session Manager System Service
[11/26/2005, 11:06:02] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:06:02] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:06:02] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:06:03] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:06:03] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:06:04] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:06:04] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:06:04] - BHO list has been changed! Starting over...
[11/26/2005, 11:06:04] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:06:04] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:06:04] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:06:04] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:06:04] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:06:04] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:06:04] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:06:04] - Found MSEvents Object!
[11/26/2005, 11:06:04] - File location: C:\WINDOWS

#58
shinebindi

Posted 26 November 2005 - 12:40 PM

Member

Topic Starter
Member
51 posts

[11/26/2005, 11:07:35] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:07:35] - Found MSEvents Object!
[11/26/2005, 11:07:35] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:07:35] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:07:35] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:07:36] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:07:36] - Disabling Automatic Shell Restart
[11/26/2005, 11:07:37] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:07:37] - Suspending the NT Session Manager System Service
[11/26/2005, 11:07:37] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:07:37] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:07:38] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:07:38] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:07:38] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:07:39] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:07:39] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:07:39] - BHO list has been changed! Starting over...
[11/26/2005, 11:07:39] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:07:39] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:07:39] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:07:39] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:07:39] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:07:40] - BHO list has been changed! Starting over...
[11/26/2005, 11:07:40] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:07:40] - Found MSEvents Object!
[11/26/2005, 11:07:40] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:07:40] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:07:40] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:07:40] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:07:40] - Disabling Automatic Shell Restart
[11/26/2005, 11:07:41] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:07:41] - Suspending the NT Session Manager System Service
[11/26/2005, 11:07:41] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:07:41] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:07:41] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:07:41] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:07:41] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:07:43] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:07:43] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:07:43] - BHO list has been changed! Starting over...
[11/26/2005, 11:07:43] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:07:43] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:07:43] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:07:43] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:07:43] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:07:43] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:07:43] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:07:43] - Found MSEvents Object!
[11/26/2005, 11:07:43] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:07:43] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:07:43] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:07:43] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:07:43] - Disabling Automatic Shell Restart
[11/26/2005, 11:07:44] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:07:44] - Suspending the NT Session Manager System Service
[11/26/2005, 11:07:44] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:07:44] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:07:44] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:07:45] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:07:45] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:07:45] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:07:45] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:07:45] - BHO list has been changed! Starting over...
[11/26/2005, 11:07:45] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:07:45] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:07:45] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:07:45] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:07:46] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:07:46] - BHO list has been changed! Starting over...
[11/26/2005, 11:07:46] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:07:46] - Found MSEvents Object!
[11/26/2005, 11:07:46] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:07:46] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:07:46] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:07:46] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:07:46] - Disabling Automatic Shell Restart
[11/26/2005, 11:07:47] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:07:47] - Suspending the NT Session Manager System Service
[11/26/2005, 11:07:47] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:07:47] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:07:48] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:07:49] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:07:49] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:07:49] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:07:49] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:07:49] - BHO list has been changed! Starting over...
[11/26/2005, 11:07:49] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:07:49] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:07:49] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:07:49] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:07:49] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:07:49] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:07:49] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:07:49] - Found MSEvents Object!
[11/26/2005, 11:07:49] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:07:49] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:07:49] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:07:49] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:07:49] - Disabling Automatic Shell Restart
[11/26/2005, 11:07:50] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:07:50] - Suspending the NT Session Manager System Service
[11/26/2005, 11:07:50] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:07:50] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:07:50] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:07:51] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:07:51] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:07:53] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:07:53] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:07:53] - BHO list has been changed! Starting over...
[11/26/2005, 11:07:53] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:07:53] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:07:53] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:07:53] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:07:54] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:07:56] - BHO list has been changed! Starting over...
[11/26/2005, 11:07:56] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:07:56] - Found MSEvents Object!
[11/26/2005, 11:07:56] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:07:56] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:07:56] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:07:56] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:07:56] - Disabling Automatic Shell Restart
[11/26/2005, 11:07:56] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:07:57] - Suspending the NT Session Manager System Service
[11/26/2005, 11:07:57] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:07:57] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:07:57] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:07:57] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:07:57] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:07:59] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:07:59] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:07:59] - BHO list has been changed! Starting over...
[11/26/2005, 11:07:59] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:07:59] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:07:59] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:07:59] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:07:59] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:07:59] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:07:59] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:07:59] - Found MSEvents Object!
[11/26/2005, 11:08:00] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:00] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:00] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:00] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:00] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:01] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:01] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:01] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:01] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:01] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:08:02] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:02] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:02] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:02] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:08:02] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:02] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:08:02] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:08:02] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:08:02] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:08:03] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:08:04] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:04] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:08:04] - Found MSEvents Object!
[11/26/2005, 11:08:04] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:04] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:04] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:04] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:04] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:05] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:05] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:05] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:05] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:06] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:08:06] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:06] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:06] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:06] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:08:06] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:06] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:08:06] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:08:06] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:08:06] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:08:06] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:08:06] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:08:06] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:08:06] - Found MSEvents Object!
[11/26/2005, 11:08:06] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:06] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:06] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:06] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:06] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:07] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:08] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:08] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:08] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:09] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:08:09] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:09] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:10] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:10] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:08:10] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:10] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:08:10] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:08:11] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:08:11] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:08:11] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:08:11] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:11] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:08:11] - Found MSEvents Object!
[11/26/2005, 11:08:11] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:11] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:11] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:11] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:11] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:12] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:13] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:13] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:13] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:14] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:08:14] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:14] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:14] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:14] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:08:15] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:15] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:08:15] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:08:15] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:08:15] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:08:15] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:08:15] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:08:15] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:08:15] - Found MSEvents Object!
[11/26/2005, 11:08:15] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:15] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:15] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:16] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:16] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:16] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:16] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:16] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:17] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:17] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:08:17] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:17] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:21] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:21] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:08:21] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:21] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:08:21] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:08:21] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:08:21] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:08:21] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:08:22] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:22] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:08:22] - Found MSEvents Object!
[11/26/2005, 11:08:22] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:22] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:22] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:22] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:22] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:22] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:22] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:22] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:22] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:23] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:08:23] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:23] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:24] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:24] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:08:24] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:24] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:08:24] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:08:24] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:08:25] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:08:25] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:08:25] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:08:25] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:08:25] - Found MSEvents Object!
[11/26/2005, 11:08:25] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:25] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:25] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:25] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:25] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:25] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:25] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:25] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:26] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:26] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:08:26] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:26] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:26] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:26] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:08:26] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:26] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:08:26] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:08:26] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:08:26] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:08:26] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:08:27] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:27] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:08:27] - Found MSEvents Object!
[11/26/2005, 11:08:27] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:27] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:27] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:27] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:27] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:28] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:28] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:28] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:28] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:29] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:08:29] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:29] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:30] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:30] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:08:30] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:30] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:08:30] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:08:30] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:08:30] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:08:30] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:08:30] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:08:30] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:08:30] - Found MSEvents Object!
[11/26/2005, 11:08:30] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:30] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:30] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:30] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:30] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:31] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:32] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:32] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:32] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:32] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:08:32] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:32] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:36] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:36] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:08:37] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:37] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:08:37] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:08:37] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:08:37] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:08:37] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:08:38] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:38] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:08:38] - Found MSEvents Object!
[11/26/2005, 11:08:38] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:38] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:38] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:38] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:38] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:38] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:38] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:39] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:39] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:39] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:08:39] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:39] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:39] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:39] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:08:39] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:39] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:08:39] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:08:39] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:08:39] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:08:39] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:08:39] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:08:39] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:08:39] - Found MSEvents Object!
[11/26/2005, 11:08:39] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:39] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:39] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:39] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:39] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:40] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:41] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:41] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:41] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:41] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:08:41] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:41] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:41] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:41] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:08:41] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:41] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:08:41] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:08:42] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:08:42] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:08:43] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:08:43] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:43] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:08:43] - Found MSEvents Object!
[11/26/2005, 11:08:43] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:43] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:43] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:43] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:43] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:43] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:44] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:44] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:44] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:44] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:08:44] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:44] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:44] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:44] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:08:44] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:44] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:08:44] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:08:44] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:08:44] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:08:44] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:08:44] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:08:44] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:08:44] - Found MSEvents Object!
[11/26/2005, 11:08:44] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:44] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:44] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:44] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:44] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:45] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:45] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:45] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:45] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:46] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:08:46] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:46] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:49] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:49] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:08:49] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:49] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:08:49] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:08:49] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:08:49] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:08:50] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:08:51] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:51] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:08:51] - Found MSEvents Object!
[11/26/2005, 11:08:51] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:51] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:51] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:51] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:51] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:52] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:52] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:52] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:52] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:52] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:08:52] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:52] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:54] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:08:54] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:08:54] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:54] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:08:54] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:08:54] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:08:54] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:08:54] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:08:54] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:08:54] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:08:54] - Found MSEvents Object!
[11/26/2005, 11:08:54] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:54] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:08:54] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:55] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:55] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:55] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:56] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:56] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:56] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:56] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:08:56] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:08:56] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:56] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:08:56] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:08:56] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:56] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:08:56] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:08:56] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:08:56] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:08:56] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:08:57] - BHO list has been changed! Starting over...
[11/26/2005, 11:08:57] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:08:57] - Found MSEvents Object!
[11/26/2005, 11:08:57] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:57] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:08:57] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:08:57] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:08:58] - Disabling Automatic Shell Restart
[11/26/2005, 11:08:58] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:08:58] - Suspending the NT Session Manager System Service
[11/26/2005, 11:08:59] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:08:59] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:08:59] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:09:01] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:01] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:01] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:01] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:09:01] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:01] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:09:01] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:09:01] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:09:01] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:09:01] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:09:01] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:09:01] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:09:01] - Found MSEvents Object!
[11/26/2005, 11:09:01] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:01] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:01] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:01] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:02] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:03] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:03] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:03] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:03] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:03] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:09:03] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:03] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:04] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:04] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:09:04] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:04] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:09:04] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:09:04] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:09:04] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:09:04] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:09:05] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:05] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:09:05] - Found MSEvents Object!
[11/26/2005, 11:09:05] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:05] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:05] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:05] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:05] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:06] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:06] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:06] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:06] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:06] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:09:06] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:06] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:07] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:07] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:09:07] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:07] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:09:07] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:09:07] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:09:07] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:09:07] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:09:07] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:09:07] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:09:07] - Found MSEvents Object!
[11/26/2005, 11:09:07] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:07] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:07] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:07] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:07] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:07] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:07] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:08] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:08] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:09] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:09:09] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:09] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:12] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:12] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:09:12] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:12] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:09:12] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:09:12] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:09:12] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:09:12] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:09:12] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:12] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:09:12] - Found MSEvents Object!
[11/26/2005, 11:09:12] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:12] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:12] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:13] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:13] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:14] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:14] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:14] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:15] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:15] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:09:15] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:15] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:15] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:15] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:09:15] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:15] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:09:15] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:09:15] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:09:15] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:09:15] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:09:15] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:09:15] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:09:15] - Found MSEvents Object!
[11/26/2005, 11:09:15] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:15] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:15] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:16] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:16] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:16] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:16] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:16] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:16] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:18] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:09:18] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:18] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:20] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:20] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:09:20] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:20] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:09:20] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:09:20] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:09:20] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:09:21] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:09:21] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:21] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:09:21] - Found MSEvents Object!
[11/26/2005, 11:09:21] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:21] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:21] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:21] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:21] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:22] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:22] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:22] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:22] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:22] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:09:22] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:22] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:22] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:22] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:09:22] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:22] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:09:22] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:09:22] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:09:22] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:09:22] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:09:22] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:09:22] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:09:22] - Found MSEvents Object!
[11/26/2005, 11:09:22] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:22] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:22] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:22] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:22] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:23] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:23] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:24] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:24] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:24] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:09:24] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:24] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:26] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:26] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:09:26] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:26] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:09:26] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:09:26] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:09:26] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:09:26] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:09:26] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:26] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:09:26] - Found MSEvents Object!
[11/26/2005, 11:09:26] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:26] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:26] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:27] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:27] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:27] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:27] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:27] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:27] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:27] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:09:27] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:27] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:28] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:28] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:09:29] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:29] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:09:29] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:09:29] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:09:29] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:09:29] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:09:29] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:09:29] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:09:29] - Found MSEvents Object!
[11/26/2005, 11:09:29] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:29] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:09:29] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:29] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:29] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:29] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:29] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:29] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:30] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:30] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:09:31] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:31] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:33] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:09:33] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:09:33] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:34] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:09:34] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:09:34] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:09:34] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:09:35] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:09:36] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:36] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:09:36] - Found MSEvents Object!
[11/26/2005, 11:09:36] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:36] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:09:36] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:09:36] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:09:36] - Disabling Automatic Shell Restart
[11/26/2005, 11:09:36] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:09:36] - Suspending the NT Session Manager System Service
[11/26/2005, 11:09:36] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:09:36] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:09:36] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:09:36] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:09:36] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:37] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:09:37] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:09:37] - BHO list has been changed! Starting over...
[11/26/2005, 11:09:37] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:09:37] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:09:37] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:09:37] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:09:37] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:09:37] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:09:37] - 4: {

#59
shinebindi

Posted 26 November 2005 - 12:42 PM

Member

Topic Starter
Member
51 posts

[11/26/2005, 11:12:48] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:12:49] - BHO list has been changed! Starting over...
[11/26/2005, 11:12:49] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:12:49] - Found MSEvents Object!
[11/26/2005, 11:12:49] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:12:49] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:12:49] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:12:49] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:12:49] - Disabling Automatic Shell Restart
[11/26/2005, 11:12:49] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:12:49] - Suspending the NT Session Manager System Service
[11/26/2005, 11:12:49] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:12:50] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:12:50] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:12:50] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:12:50] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:12:50] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:12:50] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:12:50] - BHO list has been changed! Starting over...
[11/26/2005, 11:12:50] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:12:50] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:12:50] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:12:50] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:12:50] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:12:50] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:12:50] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:12:50] - Found MSEvents Object!
[11/26/2005, 11:12:50] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:12:50] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:12:50] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:12:50] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:12:50] - Disabling Automatic Shell Restart
[11/26/2005, 11:12:51] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:12:52] - Suspending the NT Session Manager System Service
[11/26/2005, 11:12:52] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:12:52] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:12:52] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:12:52] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:12:52] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:12:53] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:12:53] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:12:53] - BHO list has been changed! Starting over...
[11/26/2005, 11:12:53] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:12:53] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:12:53] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:12:53] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:12:54] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:12:55] - BHO list has been changed! Starting over...
[11/26/2005, 11:12:56] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:12:56] - Found MSEvents Object!
[11/26/2005, 11:12:56] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:12:56] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:12:56] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:12:56] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:12:56] - Disabling Automatic Shell Restart
[11/26/2005, 11:12:57] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:12:57] - Suspending the NT Session Manager System Service
[11/26/2005, 11:12:57] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:12:57] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:12:57] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:12:57] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:12:57] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:12:57] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:12:57] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:12:57] - BHO list has been changed! Starting over...
[11/26/2005, 11:12:57] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:12:57] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:12:57] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:12:57] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:12:57] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:12:57] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:12:57] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:12:57] - Found MSEvents Object!
[11/26/2005, 11:12:57] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:12:57] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:12:57] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:12:57] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:12:57] - Disabling Automatic Shell Restart
[11/26/2005, 11:12:58] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:12:59] - Suspending the NT Session Manager System Service
[11/26/2005, 11:12:59] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:12:59] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:00] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:13:00] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:00] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:02] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:02] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:13:02] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:02] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:13:03] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:13:03] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:13:03] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:13:03] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:13:03] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:03] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:13:03] - Found MSEvents Object!
[11/26/2005, 11:13:03] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:03] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:03] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:08] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:08] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:08] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:08] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:08] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:08] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:08] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:13:09] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:09] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:09] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:09] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:13:09] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:09] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:13:09] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:13:09] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:13:09] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:13:09] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:13:09] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:13:09] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:13:09] - Found MSEvents Object!
[11/26/2005, 11:13:09] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:09] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:09] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:09] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:09] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:10] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:11] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:11] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:11] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:11] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:13:11] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:11] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:13] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:15] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:13:15] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:15] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:13:15] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:13:15] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:13:15] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:13:16] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:13:17] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:17] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:13:17] - Found MSEvents Object!
[11/26/2005, 11:13:17] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:17] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:17] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:17] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:17] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:17] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:17] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:17] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:17] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:17] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:13:18] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:18] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:18] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:18] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:13:18] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:18] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:13:18] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:13:18] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:13:18] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:13:18] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:13:18] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:13:18] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:13:18] - Found MSEvents Object!
[11/26/2005, 11:13:18] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:18] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:18] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:18] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:18] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:19] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:19] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:19] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:20] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:20] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:13:20] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:20] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:20] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:20] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:13:20] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:20] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:13:20] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:13:20] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:13:20] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:13:20] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:13:22] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:23] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:13:23] - Found MSEvents Object!
[11/26/2005, 11:13:23] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:23] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:23] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:23] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:23] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:24] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:24] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:24] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:24] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:24] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:13:24] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:24] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:24] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:24] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:13:24] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:24] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:13:24] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:13:24] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:13:24] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:13:24] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:13:24] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:13:24] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:13:24] - Found MSEvents Object!
[11/26/2005, 11:13:24] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:24] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:24] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:24] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:25] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:25] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:26] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:27] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:27] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:27] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:13:27] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:27] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:27] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:27] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:13:27] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:27] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:13:27] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:13:27] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:13:27] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:13:28] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:13:28] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:28] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:13:28] - Found MSEvents Object!
[11/26/2005, 11:13:28] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:28] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:28] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:28] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:28] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:29] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:29] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:29] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:29] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:30] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:13:30] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:30] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:30] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:30] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:13:30] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:30] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:13:30] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:13:30] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:13:30] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:13:30] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:13:30] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:13:30] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:13:30] - Found MSEvents Object!
[11/26/2005, 11:13:30] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:30] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:30] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:30] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:30] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:31] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:32] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:32] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:32] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:32] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:13:32] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:32] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:36] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:36] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:13:36] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:36] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:13:36] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:13:36] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:13:36] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:13:36] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:13:36] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:36] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:13:36] - Found MSEvents Object!
[11/26/2005, 11:13:36] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:36] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:36] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:36] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:37] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:37] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:37] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:37] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:37] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:37] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:13:37] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:37] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:37] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:37] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:13:37] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:37] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:13:37] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:13:37] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:13:37] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:13:37] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:13:37] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:13:37] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:13:37] - Found MSEvents Object!
[11/26/2005, 11:13:37] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:37] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:37] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:37] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:38] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:39] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:39] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:39] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:39] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:40] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:13:40] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:40] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:41] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:41] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:13:41] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:41] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:13:41] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:13:41] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:13:41] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:13:41] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:13:42] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:44] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:13:44] - Found MSEvents Object!
[11/26/2005, 11:13:44] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:44] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:44] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:44] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:44] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:44] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:44] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:44] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:44] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:45] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:13:45] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:45] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:45] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:45] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:13:45] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:45] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:13:45] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:13:45] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:13:45] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:13:45] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:13:45] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:13:45] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:13:45] - Found MSEvents Object!
[11/26/2005, 11:13:45] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:45] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:45] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:45] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:45] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:46] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:47] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:47] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:47] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:47] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:13:47] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:47] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:49] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:49] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:13:50] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:50] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:13:50] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:13:50] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:13:50] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:13:51] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:13:54] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:54] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:13:54] - Found MSEvents Object!
[11/26/2005, 11:13:54] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:54] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:13:54] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:55] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:55] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:55] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:55] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:55] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:55] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:55] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:13:55] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:55] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:55] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:13:55] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:13:55] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:55] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:13:55] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:13:55] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:13:55] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:13:55] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:13:55] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:13:55] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:13:55] - Found MSEvents Object!
[11/26/2005, 11:13:55] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:55] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:13:55] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:13:56] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:13:57] - Disabling Automatic Shell Restart
[11/26/2005, 11:13:57] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:13:57] - Suspending the NT Session Manager System Service
[11/26/2005, 11:13:57] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:13:57] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:13:58] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:13:58] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:13:58] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:58] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:13:58] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:13:58] - BHO list has been changed! Starting over...
[11/26/2005, 11:13:58] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:13:58] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:13:58] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:13:58] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:13:59] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:13:59] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:01] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:14:01] - Found MSEvents Object!
[11/26/2005, 11:14:01] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:01] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:01] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:01] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:01] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:01] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:01] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:01] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:01] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:02] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:14:02] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:02] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:02] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:02] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:14:02] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:02] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:14:02] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:14:02] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:14:02] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:14:02] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:14:02] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:14:02] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:14:02] - Found MSEvents Object!
[11/26/2005, 11:14:02] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:02] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:02] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:02] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:02] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:03] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:04] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:04] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:04] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:05] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:14:05] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:05] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:05] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:05] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:14:05] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:05] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:14:05] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:14:05] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:14:05] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:14:05] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:14:06] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:06] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:14:06] - Found MSEvents Object!
[11/26/2005, 11:14:06] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:06] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:06] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:06] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:07] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:08] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:08] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:08] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:08] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:08] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:14:08] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:08] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:08] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:08] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:14:09] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:09] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:14:09] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:14:09] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:14:09] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:14:09] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:14:09] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:14:09] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:14:09] - Found MSEvents Object!
[11/26/2005, 11:14:09] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:09] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:09] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:09] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:09] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:11] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:11] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:11] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:11] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:11] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:14:11] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:11] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:12] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:12] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:14:12] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:12] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:14:12] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:14:12] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:14:12] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:14:12] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:14:13] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:13] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:14:13] - Found MSEvents Object!
[11/26/2005, 11:14:13] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:13] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:13] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:16] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:16] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:16] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:16] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:16] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:16] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:17] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:14:17] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:17] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:18] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:18] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:14:18] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:18] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:14:18] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:14:18] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:14:18] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:14:18] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:14:18] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:14:18] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:14:18] - Found MSEvents Object!
[11/26/2005, 11:14:18] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:18] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:18] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:18] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:18] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:19] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:20] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:20] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:20] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:20] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:14:21] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:21] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:21] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:21] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:14:21] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:21] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:14:21] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:14:21] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:14:21] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:14:22] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:14:23] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:23] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:14:23] - Found MSEvents Object!
[11/26/2005, 11:14:23] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:23] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:23] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:24] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:24] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:24] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:24] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:24] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:24] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:24] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:14:24] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:24] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:26] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:26] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:14:26] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:26] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:14:26] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:14:26] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:14:26] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:14:26] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:14:26] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:14:26] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:14:26] - Found MSEvents Object!
[11/26/2005, 11:14:26] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:26] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:26] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:27] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:27] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:28] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:29] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:29] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:29] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:30] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:14:30] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:30] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:30] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:30] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:14:31] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:31] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:14:31] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:14:31] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:14:31] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:14:31] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:14:31] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:31] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:14:31] - Found MSEvents Object!
[11/26/2005, 11:14:31] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:31] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:31] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:31] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:32] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:32] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:33] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:33] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:33] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:34] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:14:34] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:34] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:34] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:34] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:14:34] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:34] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:14:34] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:14:34] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:14:34] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:14:34] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:14:34] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:14:34] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:14:34] - Found MSEvents Object!
[11/26/2005, 11:14:34] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:34] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:34] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:34] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:34] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:35] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:36] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:36] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:36] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:37] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:14:37] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:37] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:41] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:41] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:14:41] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:41] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:14:41] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:14:41] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:14:41] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:14:41] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:14:42] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:42] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:14:42] - Found MSEvents Object!
[11/26/2005, 11:14:42] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:42] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:42] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:42] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:42] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:42] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:42] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:42] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:42] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:43] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:14:43] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:43] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:43] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:43] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:14:43] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:43] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:14:43] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:14:43] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:14:43] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:14:43] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:14:43] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:14:43] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:14:43] - Found MSEvents Object!
[11/26/2005, 11:14:43] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:43] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:43] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:43] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:43] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:44] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:44] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:44] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:44] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:45] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:14:45] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:45] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:48] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:48] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:14:48] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:48] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:14:48] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:14:48] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:14:48] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:14:49] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:14:50] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:50] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:14:50] - Found MSEvents Object!
[11/26/2005, 11:14:50] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:50] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:14:50] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:50] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:50] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:50] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:51] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:51] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:51] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:51] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:14:51] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:51] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:51] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:14:51] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:14:51] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:51] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:14:51] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:14:51] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:14:51] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:14:51] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:14:51] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:14:51] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:14:51] - Found MSEvents Object!
[11/26/2005, 11:14:51] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:51] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:14:51] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:14:51] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:14:51] - Disabling Automatic Shell Restart
[11/26/2005, 11:14:52] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:14:53] - Suspending the NT Session Manager System Service
[11/26/2005, 11:14:53] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:14:53] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:14:53] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:14:53] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:14:53] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:58] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:14:58] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:14:58] - BHO list has been changed! Starting over...
[11/26/2005, 11:14:58] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:14:58] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:14:58] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:14:58] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:14:58] - Assigning

#60
shinebindi

Posted 26 November 2005 - 12:44 PM

Member

Topic Starter
Member
51 posts

[11/26/2005, 11:20:17] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:20:17] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:20:17] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:20:17] - Found MSEvents Object!
[11/26/2005, 11:20:17] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:17] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:17] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:18] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:18] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:18] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:18] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:18] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:18] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:19] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:20:19] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:19] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:23] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:23] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:20:23] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:23] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:20:23] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:20:23] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:20:23] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:20:23] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:20:23] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:23] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:20:23] - Found MSEvents Object!
[11/26/2005, 11:20:23] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:23] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:23] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:23] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:24] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:24] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:24] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:24] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:24] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:24] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:20:25] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:25] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:25] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:25] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:20:25] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:25] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:20:25] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:20:25] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:20:25] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:20:25] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:20:25] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:20:25] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:20:25] - Found MSEvents Object!
[11/26/2005, 11:20:25] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:25] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:25] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:25] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:25] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:26] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:26] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:26] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:26] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:27] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:20:27] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:27] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:27] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:27] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:20:27] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:27] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:20:27] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:20:29] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:20:29] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:20:29] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:20:29] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:29] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:20:29] - Found MSEvents Object!
[11/26/2005, 11:20:29] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:29] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:29] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:29] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:29] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:30] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:30] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:30] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:30] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:30] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:20:31] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:31] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:31] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:31] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:20:31] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:31] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:20:31] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:20:31] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:20:31] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:20:31] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:20:31] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:20:31] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:20:31] - Found MSEvents Object!
[11/26/2005, 11:20:31] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:31] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:31] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:31] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:31] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:32] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:32] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:33] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:33] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:34] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:20:34] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:34] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:35] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:35] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:20:35] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:35] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:20:35] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:20:35] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:20:35] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:20:35] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:20:36] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:36] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:20:36] - Found MSEvents Object!
[11/26/2005, 11:20:36] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:36] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:36] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:37] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:37] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:37] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:37] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:37] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:38] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:38] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:20:38] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:38] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:39] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:39] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:20:39] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:39] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:20:39] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:20:39] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:20:39] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:20:39] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:20:39] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:20:39] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:20:39] - Found MSEvents Object!
[11/26/2005, 11:20:39] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:39] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:39] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:39] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:39] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:40] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:41] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:41] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:41] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:41] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:20:41] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:41] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:46] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:46] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:20:46] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:46] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:20:46] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:20:46] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:20:46] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:20:46] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:20:47] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:47] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:20:47] - Found MSEvents Object!
[11/26/2005, 11:20:47] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:47] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:47] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:47] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:47] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:47] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:47] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:47] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:48] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:48] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:20:48] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:48] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:49] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:49] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:20:49] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:49] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:20:49] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:20:49] - Checking for WinLogon Notify reference. (File: )
[11/26/2005, 11:20:49] - Couldn't find in Winlogon Notify. Ignoring {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}.
[11/26/2005, 11:20:49] - 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:20:50] - 3: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:20:50] - WARNING: 3: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:20:50] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:20:50] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:20:50] - 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:20:50] - 5: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:20:50] - Found MSEvents Object!
[11/26/2005, 11:20:50] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:50] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:50] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:50] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:50] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:51] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:51] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:51] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:51] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:51] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:20:51] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:51] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:55] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:20:55] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:20:55] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:55] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:20:55] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:20:55] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:20:55] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:20:56] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:20:56] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:56] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:20:56] - Found MSEvents Object!
[11/26/2005, 11:20:56] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:56] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:20:56] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:56] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:56] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:57] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:57] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:57] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:57] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:57] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:20:57] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:57] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:57] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:20:57] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:20:57] - BHO list has been changed! Starting over...
[11/26/2005, 11:20:57] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:20:57] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:20:57] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:20:57] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:20:57] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:20:57] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:20:57] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:20:57] - Found MSEvents Object!
[11/26/2005, 11:20:57] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:57] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:20:57] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:20:57] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:20:57] - Disabling Automatic Shell Restart
[11/26/2005, 11:20:58] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:20:58] - Suspending the NT Session Manager System Service
[11/26/2005, 11:20:58] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:20:59] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:20:59] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:20:59] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:20:59] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:02] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:02] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:21:02] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:02] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:21:02] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:21:02] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:21:02] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:21:02] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:21:03] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:03] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:21:03] - Found MSEvents Object!
[11/26/2005, 11:21:03] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:03] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:03] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:03] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:03] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:04] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:04] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:04] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:04] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:04] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:21:04] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:04] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:04] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:04] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:21:04] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:04] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:21:04] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:21:04] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:21:04] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:21:04] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:21:04] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:21:04] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:21:04] - Found MSEvents Object!
[11/26/2005, 11:21:04] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:04] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:04] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:04] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:04] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:05] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:05] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:05] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:05] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:06] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:21:06] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:06] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:06] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:06] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:21:06] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:06] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:21:06] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:21:06] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:21:06] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:21:07] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:21:08] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:08] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:21:08] - Found MSEvents Object!
[11/26/2005, 11:21:08] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:08] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:08] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:08] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:08] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:09] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:10] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:10] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:10] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:11] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:21:11] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:11] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:11] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:11] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:21:11] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:11] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:21:11] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:21:11] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:21:11] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:21:11] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:21:11] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:21:11] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:21:11] - Found MSEvents Object!
[11/26/2005, 11:21:11] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:11] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:11] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:11] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:11] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:12] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:12] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:12] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:12] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:13] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:21:13] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:13] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:17] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:17] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:21:17] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:17] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:21:17] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:21:17] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:21:17] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:21:17] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:21:18] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:18] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:21:18] - Found MSEvents Object!
[11/26/2005, 11:21:18] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:18] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:18] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:18] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:18] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:18] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:18] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:18] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:18] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:19] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:21:19] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:19] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:19] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:19] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:21:20] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:20] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:21:20] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:21:20] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:21:20] - Couldn't find ddayy in Winlogon Notify. Ignoring {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}.
[11/26/2005, 11:21:20] - 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:21:20] - 3: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:21:20] - WARNING: 3: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:21:20] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:21:20] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:21:20] - 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:21:20] - 5: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:21:20] - Found MSEvents Object!
[11/26/2005, 11:21:20] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:20] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:20] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:21] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:21] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:21] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:21] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:21] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:21] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:22] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:21:22] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:22] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:27] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:27] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:21:27] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:27] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:21:27] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:21:27] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:21:27] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:21:27] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:21:28] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:28] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:21:28] - Found MSEvents Object!
[11/26/2005, 11:21:28] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:28] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:28] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:28] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:28] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:28] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:28] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:29] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:29] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:29] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:21:29] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:29] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:29] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:29] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:21:29] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:29] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:21:29] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:21:29] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:21:29] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:21:29] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:21:29] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:21:29] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:21:29] - Found MSEvents Object!
[11/26/2005, 11:21:29] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:29] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:29] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:29] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:29] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:30] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:30] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:30] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:30] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:31] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:21:32] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:32] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:35] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:35] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:21:35] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:35] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:21:35] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:21:35] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:21:35] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:21:35] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:21:36] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:36] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:21:36] - Found MSEvents Object!
[11/26/2005, 11:21:36] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:36] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:36] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:36] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:36] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:36] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:36] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:36] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:36] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:37] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:21:37] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:37] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:37] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:37] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:21:37] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:37] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:21:37] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:21:37] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:21:37] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:21:37] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:21:37] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:21:37] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:21:37] - Found MSEvents Object!
[11/26/2005, 11:21:37] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:37] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:37] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:37] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:37] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:38] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:39] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:39] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:39] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:39] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:21:40] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:40] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:43] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:43] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:21:43] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:43] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:21:43] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:21:43] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:21:43] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:21:43] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:21:44] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:44] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:21:44] - Found MSEvents Object!
[11/26/2005, 11:21:44] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:44] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:44] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:44] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:44] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:44] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:44] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:44] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:44] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:44] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:21:45] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:45] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:45] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:45] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:21:46] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:46] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:21:46] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:21:46] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:21:46] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:21:46] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:21:46] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:21:46] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:21:46] - Found MSEvents Object!
[11/26/2005, 11:21:46] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:46] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:46] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:46] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:46] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:47] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:47] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:47] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:47] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:48] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:21:48] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:48] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:48] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:48] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:21:48] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:48] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:21:48] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:21:48] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:21:48] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:21:49] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:21:49] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:49] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:21:49] - Found MSEvents Object!
[11/26/2005, 11:21:49] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:49] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:49] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:49] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:49] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:50] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:50] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:50] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:50] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:50] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:21:50] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:50] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:51] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:21:51] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:21:51] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:51] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:21:51] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:21:51] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:21:51] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:21:51] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:21:52] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:21:52] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:21:52] - Found MSEvents Object!
[11/26/2005, 11:21:52] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:52] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:21:52] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:21:52] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:21:52] - Disabling Automatic Shell Restart
[11/26/2005, 11:21:53] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:21:53] - Suspending the NT Session Manager System Service
[11/26/2005, 11:21:53] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:21:53] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:21:53] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:21:53] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:21:53] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:55] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:21:55] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:21:55] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:55] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:21:55] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:21:55] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:21:55] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:21:55] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:21:56] - BHO list has been changed! Starting over...
[11/26/2005, 11:21:56] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:21:56] - Found MSEvents Object!
[11/26/2005, 11:21:56] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:56] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:21:56] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:22:00] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:22:00] - Disabling Automatic Shell Restart
[11/26/2005, 11:22:00] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:22:00] - Suspending the NT Session Manager System Service
[11/26/2005, 11:22:00] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:22:00] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:22:01] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:22:01] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:22:01] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:22:01] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:22:01] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:22:03] - BHO list has been changed! Starting over...
[11/26/2005, 11:22:03] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:22:03] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:22:03] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:22:03] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:22:03] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:22:03] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:22:03] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:22:03] - Found MSEvents Object!
[11/26/2005, 11:22:03] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:22:03] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:22:03] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:22:03] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:22:03] - Disabling Automatic Shell Restart
[11/26/2005, 11:22:03] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:22:03] - Suspending the NT Session Manager System Service
[11/26/2005, 11:22:03] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:22:03] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:22:04] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:22:05] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:22:05] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:22:08] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:22:08] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:22:08] - BHO list has been changed! Starting over...
[11/26/2005, 11:22:09] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:22:09] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:22:09] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:22:09] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:22:09] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:22:09] - BHO list has been changed! Starting over...
[11/26/2005, 11:22:09] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:22:09] - Found MSEvents Object!
[11/26/2005, 11:22:09] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:22:09] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:22:09] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:22:09] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:22:09] - Disabling Automatic Shell Restart
[11/26/2005, 11:22:10] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:22:10] - Suspending the NT Session Manager System Service
[11/26/2005, 11:22:10] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:22:10] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:22:10] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:22:10] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:22:10] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:22:10] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:22:10] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:22:11] - BHO list has been changed! Starting over...
[11/26/2005, 11:22:12] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:22:12] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:22:12] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:22:12] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:22:12] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:22:12] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:22:12] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:22:12] - Found MSEvents Object!
[11/26/2005, 11:22:12] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:22:12] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:22:12] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:22:12] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:22:12] - Disabling Automatic Shell Restart
[11/26/2005, 11:22:12] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:22:12] - Suspending the NT Session Manager System Service
[11/26/2005, 11:22:12] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:22:12] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:22:13] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:22:13] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:22:13] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:22:13] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:22:13] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:22:13] - BHO list has been changed! Starting over...
[11/26/2005, 11:22:13] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:22:13] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:22:13] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:22:13] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:22:14] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:22:14] - BHO list has been changed! Starting over...
[11/26/2005, 11:22:14] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:22:14] - Found MSEvents Object!
[11/26/2005, 11:22:14] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:22:14] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:22:14] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:22:14] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:22:14] - Disabling Automatic Shell Restart
[11/26/2005, 11:22:15] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:22:15] - Suspending the NT Session Manager System Service
[11/26/2005, 11:22:15] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:22:15] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:22:15] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:22:15] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:22:15] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:22:16] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/26/2005, 11:22:16] - Removing Winlogon Notify Entry: ddayy
[11/26/2005, 11:22:17] - BHO list has been changed! Starting over...
[11/26/2005, 11:22:17] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/26/2005, 11:22:17] - 2: {53707962-6F74-2D53-2644-206D7942484F} -
[11/26/2005, 11:22:17] - WARNING: 2: {53707962-6F74-2D53-2644-206D7942484F} - BHO Name is blank.
[11/26/2005, 11:22:17] - Checking for WinLogon Notify reference. (File: C:\PROGRA~1\SPYBOT~1\SDHelper.dll)
[11/26/2005, 11:22:17] - Couldn't find SDHelper in Winlogon Notify. Ignoring {53707962-6F74-2D53-2644-206D7942484F}.
[11/26/2005, 11:22:17] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/26/2005, 11:22:17] - 4: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/26/2005, 11:22:18] - Found MSEvents Object!
[11/26/2005, 11:22:18] - File location: C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:22:18] - Attempting to kill C:\WINDOWS\system32\jkhfe.dll
[11/26/2005, 11:22:18] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:22:18] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:22:18] - Disabling Automatic Shell Restart
[11/26/2005, 11:22:18] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:22:18] - Suspending the NT Session Manager System Service
[11/26/2005, 11:22:18] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:22:18] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:22:19] - Renaming C:\WINDOWS\system32\jkhfe.dll -> C:\WINDOWS\system32\jkhfe.dll.vir
[11/26/2005, 11:22:19] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/2005, 11:22:19] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:22:19] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/26/2005, 11:22:19] - Removing Winlogon Notify Entry: jkhfe
[11/26/2005, 11:22:19] - BHO list has been changed! Starting over...
[11/26/2005, 11:22:19] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/26/2005, 11:22:19] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/26/2005, 11:22:19] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\ddayy.dll)
[11/26/2005, 11:22:19] - Found a reference to C:\WINDOWS\system32\ddayy.dll in Winlogon Notify! This is most likely Virtumundo!
[11/26/2005, 11:22:19] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/26/2005, 11:22:20] - BHO list has been changed! Starting over...
[11/26/2005, 11:22:20] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/26/2005, 11:22:20] - Found MSEvents Object!
[11/26/2005, 11:22:20] - File location: C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:22:20] - Attempting to kill C:\WINDOWS\system32\ddayy.dll
[11/26/2005, 11:22:20] - Terminating Process: RUNDLL32.EXE
[11/26/2005, 11:22:20] - Terminating Process: IEXPLORE.EXE
[11/26/2005, 11:22:21] - Disabling Automatic Shell Restart
[11/26/2005, 11:22:22] - Terminating Process: EXPLORER.EXE
[11/26/2005, 11:22:22] - Suspending the NT Session Manager System Service
[11/26/2005, 11:22:22] - Terminating Windows NT Logon/Logoff Manager
[11/26/2005, 11:22:22] - Re-enabling Automatic Shell Restart
[11/26/2005, 11:22:23] - Renaming C:\WINDOWS\system32\ddayy.dll -> C:\WINDOWS\system32\ddayy.dll.vir
[11/26/2005, 11:22:23] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/26/