[05/12/2008, 7:07:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WBERWFWN\VirtumundoBeGone[1].exe" ) [05/12/2008, 7:07:52] - Detected System Information: [05/12/2008, 7:07:52] - Windows Version: 5.1.2600, Service Pack 2 [05/12/2008, 7:07:52] - Current Username: Owner (Admin) [05/12/2008, 7:07:52] - Windows is in NORMAL mode. [05/12/2008, 7:07:52] - Searching for Browser Helper Objects: [05/12/2008, 7:07:52] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [05/12/2008, 7:07:52] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button) [05/12/2008, 7:07:52] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [05/12/2008, 7:07:52] - BHO 4: {9e0d6208-e09e-4c26-ad57-75dd9585348c} () [05/12/2008, 7:07:52] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/12/2008, 7:07:53] - Checking for HKLM\...\Winlogon\Notify\tiohshrf [05/12/2008, 7:07:53] - Key not found: HKLM\...\Winlogon\Notify\tiohshrf, continuing. [05/12/2008, 7:07:53] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class) [05/12/2008, 7:07:53] - BHO 6: {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} () [05/12/2008, 7:07:53] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/12/2008, 7:07:53] - Checking for HKLM\...\Winlogon\Notify\vtUkkkJY [05/12/2008, 7:07:53] - Found: HKLM\...\Winlogon\Notify\vtUkkkJY - This is probably Virtumundo. [05/12/2008, 7:07:53] - Assigning {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} MSEvents Object [05/12/2008, 7:07:53] - BHO list has been changed! Starting over... [05/12/2008, 7:07:53] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [05/12/2008, 7:07:53] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button) [05/12/2008, 7:07:53] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [05/12/2008, 7:07:53] - BHO 4: {9e0d6208-e09e-4c26-ad57-75dd9585348c} () [05/12/2008, 7:07:53] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/12/2008, 7:07:53] - Checking for HKLM\...\Winlogon\Notify\tiohshrf [05/12/2008, 7:07:53] - Key not found: HKLM\...\Winlogon\Notify\tiohshrf, continuing. [05/12/2008, 7:07:53] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class) [05/12/2008, 7:07:53] - BHO 6: {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} (MSEvents Object) [05/12/2008, 7:07:53] - ALERT: Found MSEvents Object! [05/12/2008, 7:07:53] - BHO 7: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} () [05/12/2008, 7:07:53] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/12/2008, 7:07:53] - No filename found. Continuing. [05/12/2008, 7:07:53] - Finished Searching Browser Helper Objects [05/12/2008, 7:07:53] - *** Detected MSEvents Object [05/12/2008, 7:07:53] - Trying to remove MSEvents Object... [05/12/2008, 7:07:54] - Terminating Process: IEXPLORE.EXE [05/12/2008, 7:07:55] - Terminating Process: RUNDLL32.EXE [05/12/2008, 7:07:55] - Disabling Automatic Shell Restart [05/12/2008, 7:07:55] - Terminating Process: EXPLORER.EXE [05/12/2008, 7:07:55] - Suspending the NT Session Manager System Service [05/12/2008, 7:07:55] - Terminating Windows NT Logon/Logoff Manager [05/12/2008, 7:07:55] - Re-enabling Automatic Shell Restart [05/12/2008, 7:07:55] - File to disable: C:\WINDOWS\system32\vtUkkkJY.dll [05/12/2008, 7:07:55] - Renaming C:\WINDOWS\system32\vtUkkkJY.dll -> C:\WINDOWS\system32\vtUkkkJY.dll.vir [05/12/2008, 7:07:56] - File successfully renamed! [05/12/2008, 7:07:56] - Removing HKLM\...\Browser Helper Objects\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} [05/12/2008, 7:07:56] - Removing HKCR\CLSID\{C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} [05/12/2008, 7:07:56] - Adding Kill Bit for ActiveX for GUID: {C7BBC1FA-E415-4926-9A47-9AB58D0B3BC8} [05/12/2008, 7:07:56] - Deleting ATLEvents/MSEvents Registry entries [05/12/2008, 7:07:56] - Removing HKLM\...\Winlogon\Notify\vtUkkkJY [05/12/2008, 7:07:56] - Searching for Browser Helper Objects: [05/12/2008, 7:07:56] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [05/12/2008, 7:07:56] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button) [05/12/2008, 7:07:56] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [05/12/2008, 7:07:56] - BHO 4: {9e0d6208-e09e-4c26-ad57-75dd9585348c} () [05/12/2008, 7:07:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/12/2008, 7:07:56] - Checking for HKLM\...\Winlogon\Notify\tiohshrf [05/12/2008, 7:07:56] - Key not found: HKLM\...\Winlogon\Notify\tiohshrf, continuing. [05/12/2008, 7:07:56] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class) [05/12/2008, 7:07:56] - BHO 6: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} () [05/12/2008, 7:07:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/12/2008, 7:07:56] - No filename found. Continuing. [05/12/2008, 7:07:56] - Finished Searching Browser Helper Objects [05/12/2008, 7:07:56] - Finishing up... [05/12/2008, 7:07:56] - A restart is needed. [05/12/2008, 7:08:09] - Attempting to Restart via STOP error (Blue Screen!) [05/17/2008, 10:25:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0RK2NTFN\VirtumundoBeGone[1].exe" ) [05/17/2008, 10:25:18] - Detected System Information: [05/17/2008, 10:25:18] - Windows Version: 5.1.2600, Service Pack 2 [05/17/2008, 10:25:18] - Current Username: Owner (Admin) [05/17/2008, 10:25:18] - Windows is in NORMAL mode. [05/17/2008, 10:25:18] - Searching for Browser Helper Objects: [05/17/2008, 10:25:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper) [05/17/2008, 10:25:18] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button) [05/17/2008, 10:25:18] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [05/17/2008, 10:25:18] - BHO 4: {9e0d6208-e09e-4c26-ad57-75dd9585348c} () [05/17/2008, 10:25:18] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/17/2008, 10:25:18] - Checking for HKLM\...\Winlogon\Notify\tiohshrf [05/17/2008, 10:25:18] - Key not found: HKLM\...\Winlogon\Notify\tiohshrf, continuing. [05/17/2008, 10:25:18] - BHO 5: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class) [05/17/2008, 10:25:18] - BHO 6: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} () [05/17/2008, 10:25:18] - WARNING: BHO has no default name. Checking for Winlogon reference. [05/17/2008, 10:25:18] - No filename found. Continuing. [05/17/2008, 10:25:18] - Finished Searching Browser Helper Objects [05/17/2008, 10:25:18] - Finishing up... [05/17/2008, 10:25:18] - Nothing found! Exiting...