
[04/11/2008, 8:49:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Computer\Desktop\VirtumundoBeGone.exe" )
[04/11/2008, 8:49:49] - Detected System Information:
[04/11/2008, 8:49:49] -  Windows Version: 5.1.2600, Service Pack 2
[04/11/2008, 8:49:49] -  Current Username: Computer (Admin)
[04/11/2008, 8:49:49] -  Windows is in NORMAL mode.
[04/11/2008, 8:49:49] - Searching for Browser Helper Objects:
[04/11/2008, 8:49:49] -  BHO 1: {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} ()
[04/11/2008, 8:49:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:49] -  Checking for HKLM\...\Winlogon\Notify\fccbARKE
[04/11/2008, 8:49:49] -  Found: HKLM\...\Winlogon\Notify\fccbARKE - This is probably Virtumundo.
[04/11/2008, 8:49:49] -  Assigning {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} MSEvents Object
[04/11/2008, 8:49:49] - BHO list has been changed! Starting over...
[04/11/2008, 8:49:49] -  BHO 1: {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} (MSEvents Object)
[04/11/2008, 8:49:49] - ALERT: Found MSEvents Object!
[04/11/2008, 8:49:49] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2008, 8:49:49] -  BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/11/2008, 8:49:49] -  BHO 4: {717DFDB9-6A2D-495F-A96A-835801C80B7F} ()
[04/11/2008, 8:49:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:49] -  Checking for HKLM\...\Winlogon\Notify\urqQkjIb
[04/11/2008, 8:49:49] -  Key not found: HKLM\...\Winlogon\Notify\urqQkjIb, continuing.
[04/11/2008, 8:49:49] -  BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/11/2008, 8:49:49] -  BHO 6: {AE7B07B4-C2C2-4976-B8C5-74C18BEAF098} ()
[04/11/2008, 8:49:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:49] -  No filename found. Continuing.
[04/11/2008, 8:49:49] -  BHO 7: {B0BBF3BE-B722-4AD4-AD6A-96CB9A353B83} ()
[04/11/2008, 8:49:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:49] -  No filename found. Continuing.
[04/11/2008, 8:49:49] -  BHO 8: {bf72f809-99d6-4dc3-8e22-7c13bf4d1bd1} ()
[04/11/2008, 8:49:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:49] -  No filename found. Continuing.
[04/11/2008, 8:49:49] -  BHO 9: {E5B5AE7A-C924-480C-B654-2CDBDC3766D7} ()
[04/11/2008, 8:49:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:49] -  Checking for HKLM\...\Winlogon\Notify\rqRIxxYP
[04/11/2008, 8:49:49] -  Key not found: HKLM\...\Winlogon\Notify\rqRIxxYP, continuing.
[04/11/2008, 8:49:49] -  BHO 10: {EC1D56DF-EB97-4A64-8D95-8DEEFB153E9F} ()
[04/11/2008, 8:49:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:49] -  No filename found. Continuing.
[04/11/2008, 8:49:49] -  BHO 11: {EC62E4A6-8475-4EBF-B40B-626CE4034800} ()
[04/11/2008, 8:49:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:49] -  Checking for HKLM\...\Winlogon\Notify\khfEVmjh
[04/11/2008, 8:49:49] -  Key not found: HKLM\...\Winlogon\Notify\khfEVmjh, continuing.
[04/11/2008, 8:49:49] -  BHO 12: {FAF3A6BE-5552-47D0-973E-754D9EC88C79} ()
[04/11/2008, 8:49:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:49] -  No filename found. Continuing.
[04/11/2008, 8:49:49] - Finished Searching Browser Helper Objects
[04/11/2008, 8:49:49] - *** Detected MSEvents Object
[04/11/2008, 8:49:49] - Trying to remove MSEvents Object...
[04/11/2008, 8:49:50] -    Terminating Process: IEXPLORE.EXE
[04/11/2008, 8:49:50] -    Terminating Process: RUNDLL32.EXE
[04/11/2008, 8:49:51] -    Disabling Automatic Shell Restart
[04/11/2008, 8:49:51] -    Terminating Process: EXPLORER.EXE
[04/11/2008, 8:49:52] -    Suspending the NT Session Manager System Service
[04/11/2008, 8:49:52] -    Terminating Windows NT Logon/Logoff Manager
[04/11/2008, 8:49:53] -    Re-enabling Automatic Shell Restart
[04/11/2008, 8:49:53] -   File to disable: C:\WINDOWS\system32\fccbARKE.dll
[04/11/2008, 8:49:53] -  Renaming C:\WINDOWS\system32\fccbARKE.dll -> C:\WINDOWS\system32\fccbARKE.dll.vir
[04/11/2008, 8:49:53] -  File successfully renamed!
[04/11/2008, 8:49:53] -   Removing HKLM\...\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}
[04/11/2008, 8:49:54] -   Removing HKCR\CLSID\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}
[04/11/2008, 8:49:55] -   Adding Kill Bit for ActiveX for GUID: {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}
[04/11/2008, 8:49:55] -   Deleting ATLEvents/MSEvents Registry entries
[04/11/2008, 8:49:55] -   Removing HKLM\...\Winlogon\Notify\fccbARKE
[04/11/2008, 8:49:55] - Searching for Browser Helper Objects:
[04/11/2008, 8:49:55] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/11/2008, 8:49:55] -  BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[04/11/2008, 8:49:55] -  BHO 3: {717DFDB9-6A2D-495F-A96A-835801C80B7F} ()
[04/11/2008, 8:49:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:55] -  Checking for HKLM\...\Winlogon\Notify\urqQkjIb
[04/11/2008, 8:49:55] -  Key not found: HKLM\...\Winlogon\Notify\urqQkjIb, continuing.
[04/11/2008, 8:49:55] -  BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[04/11/2008, 8:49:55] -  BHO 5: {AE7B07B4-C2C2-4976-B8C5-74C18BEAF098} ()
[04/11/2008, 8:49:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:55] -  No filename found. Continuing.
[04/11/2008, 8:49:55] -  BHO 6: {B0BBF3BE-B722-4AD4-AD6A-96CB9A353B83} ()
[04/11/2008, 8:49:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:55] -  No filename found. Continuing.
[04/11/2008, 8:49:55] -  BHO 7: {bf72f809-99d6-4dc3-8e22-7c13bf4d1bd1} ()
[04/11/2008, 8:49:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:55] -  No filename found. Continuing.
[04/11/2008, 8:49:55] -  BHO 8: {E5B5AE7A-C924-480C-B654-2CDBDC3766D7} ()
[04/11/2008, 8:49:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:55] -  Checking for HKLM\...\Winlogon\Notify\rqRIxxYP
[04/11/2008, 8:49:55] -  Key not found: HKLM\...\Winlogon\Notify\rqRIxxYP, continuing.
[04/11/2008, 8:49:55] -  BHO 9: {EC1D56DF-EB97-4A64-8D95-8DEEFB153E9F} ()
[04/11/2008, 8:49:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:55] -  No filename found. Continuing.
[04/11/2008, 8:49:55] -  BHO 10: {EC62E4A6-8475-4EBF-B40B-626CE4034800} ()
[04/11/2008, 8:49:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:55] -  Checking for HKLM\...\Winlogon\Notify\khfEVmjh
[04/11/2008, 8:49:55] -  Key not found: HKLM\...\Winlogon\Notify\khfEVmjh, continuing.
[04/11/2008, 8:49:55] -  BHO 11: {FAF3A6BE-5552-47D0-973E-754D9EC88C79} ()
[04/11/2008, 8:49:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/11/2008, 8:49:55] -  No filename found. Continuing.
[04/11/2008, 8:49:55] - Finished Searching Browser Helper Objects
[04/11/2008, 8:49:55] - Finishing up...
[04/11/2008, 8:49:55] - A restart is needed.
[04/11/2008, 8:50:07] - Attempting to Restart via STOP error (Blue Screen!)