
[06/16/2008, 10:22:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Matthew Brothers\Desktop\VirtumundoBeGone.exe" )
[06/16/2008, 10:22:15] - Detected System Information:
[06/16/2008, 10:22:15] -  Windows Version: 5.1.2600, Service Pack 2
[06/16/2008, 10:22:15] -  Current Username: Administrator (Admin)
[06/16/2008, 10:22:15] -  Windows is in SAFE mode with Networking.
[06/16/2008, 10:22:15] - Searching for Browser Helper Objects:
[06/16/2008, 10:22:15] -  BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/16/2008, 10:22:15] -  BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\SiteAdv
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[06/16/2008, 10:22:15] -  BHO 3: {3DCA501C-6417-4777-9307-4589893E3C21} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\ddcCVNGY
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\ddcCVNGY, continuing.
[06/16/2008, 10:22:15] -  BHO 4: {6357CD8F-12B0-4512-AC1F-2F3DAA49F22C} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  No filename found. Continuing.
[06/16/2008, 10:22:15] -  BHO 5: {9B8A1C0B-F8D6-4007-AB3D-EEC0C26FD8D4} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\yaywtUkh
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\yaywtUkh, continuing.
[06/16/2008, 10:22:15] -  BHO 6: {D75531C7-3C68-4E26-8FF8-844DF69452B1} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\rqRIbxvS
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\rqRIbxvS, continuing.
[06/16/2008, 10:22:15] -  BHO 7: {ea154076-e23f-4694-a1d9-4355a6ac95e1} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\xcykkfwy
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\xcykkfwy, continuing.
[06/16/2008, 10:22:15] -  BHO 8: {F15D0B7B-0A50-4DAB-8B80-DD5A80A94375} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  No filename found. Continuing.
[06/16/2008, 10:22:15] -  BHO 9: {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\hgGxVNfe
[06/16/2008, 10:22:15] -  Found: HKLM\...\Winlogon\Notify\hgGxVNfe - This is probably Virtumundo.
[06/16/2008, 10:22:15] -  Assigning {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} MSEvents Object
[06/16/2008, 10:22:15] - BHO list has been changed! Starting over...
[06/16/2008, 10:22:15] -  BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/16/2008, 10:22:15] -  BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\SiteAdv
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[06/16/2008, 10:22:15] -  BHO 3: {3DCA501C-6417-4777-9307-4589893E3C21} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\ddcCVNGY
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\ddcCVNGY, continuing.
[06/16/2008, 10:22:15] -  BHO 4: {6357CD8F-12B0-4512-AC1F-2F3DAA49F22C} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  No filename found. Continuing.
[06/16/2008, 10:22:15] -  BHO 5: {9B8A1C0B-F8D6-4007-AB3D-EEC0C26FD8D4} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\yaywtUkh
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\yaywtUkh, continuing.
[06/16/2008, 10:22:15] -  BHO 6: {D75531C7-3C68-4E26-8FF8-844DF69452B1} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\rqRIbxvS
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\rqRIbxvS, continuing.
[06/16/2008, 10:22:15] -  BHO 7: {ea154076-e23f-4694-a1d9-4355a6ac95e1} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  Checking for HKLM\...\Winlogon\Notify\xcykkfwy
[06/16/2008, 10:22:15] -  Key not found: HKLM\...\Winlogon\Notify\xcykkfwy, continuing.
[06/16/2008, 10:22:15] -  BHO 8: {F15D0B7B-0A50-4DAB-8B80-DD5A80A94375} ()
[06/16/2008, 10:22:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:15] -  No filename found. Continuing.
[06/16/2008, 10:22:15] -  BHO 9: {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC} (MSEvents Object)
[06/16/2008, 10:22:15] - ALERT: Found MSEvents Object!
[06/16/2008, 10:22:15] - Finished Searching Browser Helper Objects
[06/16/2008, 10:22:15] - *** Detected MSEvents Object
[06/16/2008, 10:22:15] - Trying to remove MSEvents Object...
[06/16/2008, 10:22:16] -    Terminating Process: IEXPLORE.EXE
[06/16/2008, 10:22:17] -    Terminating Process: RUNDLL32.EXE
[06/16/2008, 10:22:17] -    Disabling Automatic Shell Restart
[06/16/2008, 10:22:17] -    Terminating Process: EXPLORER.EXE
[06/16/2008, 10:22:17] -    Suspending the NT Session Manager System Service
[06/16/2008, 10:22:17] -    Terminating Windows NT Logon/Logoff Manager
[06/16/2008, 10:22:17] -    Re-enabling Automatic Shell Restart
[06/16/2008, 10:22:17] -   File to disable: C:\WINDOWS\system32\hgGxVNfe.dll
[06/16/2008, 10:22:17] -  Renaming C:\WINDOWS\system32\hgGxVNfe.dll -> C:\WINDOWS\system32\hgGxVNfe.dll.vir
[06/16/2008, 10:22:17] -  File successfully renamed!
[06/16/2008, 10:22:17] -   Removing HKLM\...\Browser Helper Objects\{F30B1B0B-C305-414E-A4FF-AC93A08DE0AC}
[06/16/2008, 10:22:17] -   Removing HKCR\CLSID\{F30B1B0B-C305-414E-A4FF-AC93A08DE0AC}
[06/16/2008, 10:22:17] -   Adding Kill Bit for ActiveX for GUID: {F30B1B0B-C305-414E-A4FF-AC93A08DE0AC}
[06/16/2008, 10:22:17] -   Deleting ATLEvents/MSEvents Registry entries
[06/16/2008, 10:22:17] -   Removing HKLM\...\Winlogon\Notify\hgGxVNfe
[06/16/2008, 10:22:17] - Searching for Browser Helper Objects:
[06/16/2008, 10:22:17] -  BHO 1: {053F9267-DC04-4294-A72C-58F732D338C0} (HP Print Clips)
[06/16/2008, 10:22:17] -  BHO 2: {089FD14D-132B-48FC-8861-0048AE113215} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] -  Checking for HKLM\...\Winlogon\Notify\SiteAdv
[06/16/2008, 10:22:17] -  Key not found: HKLM\...\Winlogon\Notify\SiteAdv, continuing.
[06/16/2008, 10:22:17] -  BHO 3: {3DCA501C-6417-4777-9307-4589893E3C21} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] -  Checking for HKLM\...\Winlogon\Notify\ddcCVNGY
[06/16/2008, 10:22:17] -  Key not found: HKLM\...\Winlogon\Notify\ddcCVNGY, continuing.
[06/16/2008, 10:22:17] -  BHO 4: {6357CD8F-12B0-4512-AC1F-2F3DAA49F22C} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] -  No filename found. Continuing.
[06/16/2008, 10:22:17] -  BHO 5: {9B8A1C0B-F8D6-4007-AB3D-EEC0C26FD8D4} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] -  Checking for HKLM\...\Winlogon\Notify\yaywtUkh
[06/16/2008, 10:22:17] -  Key not found: HKLM\...\Winlogon\Notify\yaywtUkh, continuing.
[06/16/2008, 10:22:17] -  BHO 6: {D75531C7-3C68-4E26-8FF8-844DF69452B1} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] -  Checking for HKLM\...\Winlogon\Notify\rqRIbxvS
[06/16/2008, 10:22:17] -  Key not found: HKLM\...\Winlogon\Notify\rqRIbxvS, continuing.
[06/16/2008, 10:22:17] -  BHO 7: {ea154076-e23f-4694-a1d9-4355a6ac95e1} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] -  Checking for HKLM\...\Winlogon\Notify\xcykkfwy
[06/16/2008, 10:22:17] -  Key not found: HKLM\...\Winlogon\Notify\xcykkfwy, continuing.
[06/16/2008, 10:22:17] -  BHO 8: {F15D0B7B-0A50-4DAB-8B80-DD5A80A94375} ()
[06/16/2008, 10:22:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/16/2008, 10:22:17] -  No filename found. Continuing.
[06/16/2008, 10:22:17] - Finished Searching Browser Helper Objects
[06/16/2008, 10:22:17] - Finishing up...
[06/16/2008, 10:22:17] - A restart is needed.
[06/16/2008, 10:22:28] - Attempting to Restart via STOP error (Blue Screen!)