
[05/27/2008, 2:58:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Stephen Pearce.OFFICE\Desktop\VirtumundoBeGone.exe" )
[05/27/2008, 2:58:57] - Detected System Information:
[05/27/2008, 2:58:57] -  Windows Version: 5.1.2600, Service Pack 2
[05/27/2008, 2:58:57] -  Current Username: Stephen Pearce (Admin)
[05/27/2008, 2:58:57] -  Windows is in NORMAL mode.
[05/27/2008, 2:58:57] - Searching for Browser Helper Objects:
[05/27/2008, 2:58:57] -  BHO 1: {07a0c07f-47df-4bfc-84ec-e2f7ce616d09} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  No filename found. Continuing.
[05/27/2008, 2:58:57] -  BHO 2: {0DEED8D6-1CAA-42E9-81BD-B6FC7C06DE51} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  Checking for HKLM\...\Winlogon\Notify\nnnlJArS
[05/27/2008, 2:58:57] -  Key not found: HKLM\...\Winlogon\Notify\nnnlJArS, continuing.
[05/27/2008, 2:58:57] -  BHO 3: {254A87B4-74A2-48A1-8647-0BEEF455E525} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  No filename found. Continuing.
[05/27/2008, 2:58:57] -  BHO 4: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  No filename found. Continuing.
[05/27/2008, 2:58:57] -  BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/27/2008, 2:58:57] -  BHO 6: {65BFA841-C5A1-41D6-AD7F-8797348852C1} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  Checking for HKLM\...\Winlogon\Notify\byXOfdcD
[05/27/2008, 2:58:57] -  Found: HKLM\...\Winlogon\Notify\byXOfdcD - This is probably Virtumundo.
[05/27/2008, 2:58:57] -  Assigning {65BFA841-C5A1-41D6-AD7F-8797348852C1} MSEvents Object
[05/27/2008, 2:58:57] - BHO list has been changed! Starting over...
[05/27/2008, 2:58:57] -  BHO 1: {07a0c07f-47df-4bfc-84ec-e2f7ce616d09} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  No filename found. Continuing.
[05/27/2008, 2:58:57] -  BHO 2: {0DEED8D6-1CAA-42E9-81BD-B6FC7C06DE51} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  Checking for HKLM\...\Winlogon\Notify\nnnlJArS
[05/27/2008, 2:58:57] -  Key not found: HKLM\...\Winlogon\Notify\nnnlJArS, continuing.
[05/27/2008, 2:58:57] -  BHO 3: {254A87B4-74A2-48A1-8647-0BEEF455E525} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  No filename found. Continuing.
[05/27/2008, 2:58:57] -  BHO 4: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  No filename found. Continuing.
[05/27/2008, 2:58:57] -  BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/27/2008, 2:58:57] -  BHO 6: {65BFA841-C5A1-41D6-AD7F-8797348852C1} (MSEvents Object)
[05/27/2008, 2:58:57] - ALERT: Found MSEvents Object!
[05/27/2008, 2:58:57] -  BHO 7: {71E7A62F-E0AA-4FD6-9247-90FFDF8FDA75} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  Checking for HKLM\...\Winlogon\Notify\xxyayyWm
[05/27/2008, 2:58:57] -  Key not found: HKLM\...\Winlogon\Notify\xxyayyWm, continuing.
[05/27/2008, 2:58:57] -  BHO 8: {724d43a9-0d85-11d4-9908-00400523e39a} ()
[05/27/2008, 2:58:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:57] -  Checking for HKLM\...\Winlogon\Notify\roboform
[05/27/2008, 2:58:57] -  Key not found: HKLM\...\Winlogon\Notify\roboform, continuing.
[05/27/2008, 2:58:57] -  BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/27/2008, 2:58:58] -  BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/27/2008, 2:58:58] -  BHO 11: {947C9DDD-1CAE-4223-B6DF-D9C05E2D6147} ()
[05/27/2008, 2:58:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:58] -  Checking for HKLM\...\Winlogon\Notify\tuvTkjJc
[05/27/2008, 2:58:58] -  Key not found: HKLM\...\Winlogon\Notify\tuvTkjJc, continuing.
[05/27/2008, 2:58:58] -  BHO 12: {C3ADE1ED-EF48-4BB3-BE0B-14280EFE2135} ()
[05/27/2008, 2:58:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:58] -  Checking for HKLM\...\Winlogon\Notify\qoMfEtQI
[05/27/2008, 2:58:58] -  Key not found: HKLM\...\Winlogon\Notify\qoMfEtQI, continuing.
[05/27/2008, 2:58:58] -  BHO 13: {CB8F5CA7-9A18-434F-B7D5-0F9A208E0804} ()
[05/27/2008, 2:58:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:58] -  No filename found. Continuing.
[05/27/2008, 2:58:58] -  BHO 14: {DF3EE66B-1419-455E-A4B0-7B7F02001066} ()
[05/27/2008, 2:58:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:58] -  Checking for HKLM\...\Winlogon\Notify\jkkLBuUk
[05/27/2008, 2:58:58] -  Key not found: HKLM\...\Winlogon\Notify\jkkLBuUk, continuing.
[05/27/2008, 2:58:58] -  BHO 15: {F0AB100B-97F5-4878-AB07-E03ED998805C} ()
[05/27/2008, 2:58:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:58] -  No filename found. Continuing.
[05/27/2008, 2:58:58] -  BHO 16: {F7AD0AA3-42E1-4D6C-9A4A-871194F1699C} ()
[05/27/2008, 2:58:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:58:58] -  Checking for HKLM\...\Winlogon\Notify\jkkIcCtQ
[05/27/2008, 2:58:58] -  Key not found: HKLM\...\Winlogon\Notify\jkkIcCtQ, continuing.
[05/27/2008, 2:58:58] - Finished Searching Browser Helper Objects
[05/27/2008, 2:58:58] - *** Detected MSEvents Object
[05/27/2008, 2:58:58] - Trying to remove MSEvents Object...
[05/27/2008, 2:58:59] -    Terminating Process: IEXPLORE.EXE
[05/27/2008, 2:59:00] -    Terminating Process: RUNDLL32.EXE
[05/27/2008, 2:59:00] -    Disabling Automatic Shell Restart
[05/27/2008, 2:59:00] -    Terminating Process: EXPLORER.EXE
[05/27/2008, 2:59:00] -    Suspending the NT Session Manager System Service
[05/27/2008, 2:59:02] -    Terminating Windows NT Logon/Logoff Manager
[05/27/2008, 2:59:02] -    Re-enabling Automatic Shell Restart
[05/27/2008, 2:59:02] -   File to disable: C:\WINDOWS\system32\byXOfdcD.dll
[05/27/2008, 2:59:02] -  Renaming C:\WINDOWS\system32\byXOfdcD.dll -> C:\WINDOWS\system32\byXOfdcD.dll.vir
[05/27/2008, 2:59:04] -  File successfully renamed!
[05/27/2008, 2:59:04] -   Removing HKLM\...\Browser Helper Objects\{65BFA841-C5A1-41D6-AD7F-8797348852C1}
[05/27/2008, 2:59:04] -   Removing HKCR\CLSID\{65BFA841-C5A1-41D6-AD7F-8797348852C1}
[05/27/2008, 2:59:04] -   Adding Kill Bit for ActiveX for GUID: {65BFA841-C5A1-41D6-AD7F-8797348852C1}
[05/27/2008, 2:59:04] -   Deleting ATLEvents/MSEvents Registry entries
[05/27/2008, 2:59:04] -   Removing HKLM\...\Winlogon\Notify\byXOfdcD
[05/27/2008, 2:59:04] - Searching for Browser Helper Objects:
[05/27/2008, 2:59:04] -  BHO 1: {07a0c07f-47df-4bfc-84ec-e2f7ce616d09} ()
[05/27/2008, 2:59:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:04] -  No filename found. Continuing.
[05/27/2008, 2:59:04] -  BHO 2: {0DEED8D6-1CAA-42E9-81BD-B6FC7C06DE51} ()
[05/27/2008, 2:59:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:04] -  Checking for HKLM\...\Winlogon\Notify\nnnlJArS
[05/27/2008, 2:59:04] -  Key not found: HKLM\...\Winlogon\Notify\nnnlJArS, continuing.
[05/27/2008, 2:59:04] -  BHO 3: {254A87B4-74A2-48A1-8647-0BEEF455E525} ()
[05/27/2008, 2:59:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:04] -  No filename found. Continuing.
[05/27/2008, 2:59:04] -  BHO 4: {514A5C49-0C7D-42c3-A71B-38864A269B7A} ()
[05/27/2008, 2:59:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:04] -  No filename found. Continuing.
[05/27/2008, 2:59:04] -  BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/27/2008, 2:59:04] -  BHO 6: {71E7A62F-E0AA-4FD6-9247-90FFDF8FDA75} ()
[05/27/2008, 2:59:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:04] -  Checking for HKLM\...\Winlogon\Notify\xxyayyWm
[05/27/2008, 2:59:05] -  Key not found: HKLM\...\Winlogon\Notify\xxyayyWm, continuing.
[05/27/2008, 2:59:05] -  BHO 7: {724d43a9-0d85-11d4-9908-00400523e39a} ()
[05/27/2008, 2:59:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:05] -  Checking for HKLM\...\Winlogon\Notify\roboform
[05/27/2008, 2:59:05] -  Key not found: HKLM\...\Winlogon\Notify\roboform, continuing.
[05/27/2008, 2:59:05] -  BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/27/2008, 2:59:05] -  BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/27/2008, 2:59:05] -  BHO 10: {947C9DDD-1CAE-4223-B6DF-D9C05E2D6147} ()
[05/27/2008, 2:59:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:05] -  Checking for HKLM\...\Winlogon\Notify\tuvTkjJc
[05/27/2008, 2:59:05] -  Key not found: HKLM\...\Winlogon\Notify\tuvTkjJc, continuing.
[05/27/2008, 2:59:05] -  BHO 11: {C3ADE1ED-EF48-4BB3-BE0B-14280EFE2135} ()
[05/27/2008, 2:59:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:05] -  Checking for HKLM\...\Winlogon\Notify\qoMfEtQI
[05/27/2008, 2:59:05] -  Key not found: HKLM\...\Winlogon\Notify\qoMfEtQI, continuing.
[05/27/2008, 2:59:05] -  BHO 12: {CB8F5CA7-9A18-434F-B7D5-0F9A208E0804} ()
[05/27/2008, 2:59:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:05] -  No filename found. Continuing.
[05/27/2008, 2:59:05] -  BHO 13: {DF3EE66B-1419-455E-A4B0-7B7F02001066} ()
[05/27/2008, 2:59:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:05] -  Checking for HKLM\...\Winlogon\Notify\jkkLBuUk
[05/27/2008, 2:59:05] -  Key not found: HKLM\...\Winlogon\Notify\jkkLBuUk, continuing.
[05/27/2008, 2:59:05] -  BHO 14: {F0AB100B-97F5-4878-AB07-E03ED998805C} ()
[05/27/2008, 2:59:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:05] -  No filename found. Continuing.
[05/27/2008, 2:59:05] -  BHO 15: {F7AD0AA3-42E1-4D6C-9A4A-871194F1699C} ()
[05/27/2008, 2:59:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/27/2008, 2:59:05] -  Checking for HKLM\...\Winlogon\Notify\jkkIcCtQ
[05/27/2008, 2:59:05] -  Key not found: HKLM\...\Winlogon\Notify\jkkIcCtQ, continuing.
[05/27/2008, 2:59:06] - Finished Searching Browser Helper Objects
[05/27/2008, 2:59:06] - Finishing up...
[05/27/2008, 2:59:06] - A restart is needed.
[05/27/2008, 2:59:18] - Attempting to Restart via STOP error (Blue Screen!)