[08/04/2008, 8:40:56] - VirtumundoBeGone v1.5 ( "C:\_reaves\_downloads\windows\VirtumundoBeGone.exe" ) [08/04/2008, 8:41:02] - Detected System Information: [08/04/2008, 8:41:02] - Windows Version: 5.1.2600, Service Pack 2 [08/04/2008, 8:41:02] - Current Username: rmorris (Admin) [08/04/2008, 8:41:02] - Windows is in NORMAL mode. [08/04/2008, 8:41:02] - Searching for Browser Helper Objects: [08/04/2008, 8:41:02] - BHO 1: {1ECE0D85-079A-4C62-A0A8-1EDC4F180309} () [08/04/2008, 8:41:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 8:41:02] - Checking for HKLM\...\Winlogon\Notify\vtUmKEVO [08/04/2008, 8:41:02] - Key not found: HKLM\...\Winlogon\Notify\vtUmKEVO, continuing. [08/04/2008, 8:41:02] - BHO 2: {2ae6873f-3246-4600-b9f4-9d9b78f7b304} () [08/04/2008, 8:41:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 8:41:02] - Checking for HKLM\...\Winlogon\Notify\mlzgnj [08/04/2008, 8:41:02] - Key not found: HKLM\...\Winlogon\Notify\mlzgnj, continuing. [08/04/2008, 8:41:02] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [08/04/2008, 8:41:02] - BHO 4: {55D17579-F6FF-4A63-981B-6683F99B9972} () [08/04/2008, 8:41:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 8:41:02] - Checking for HKLM\...\Winlogon\Notify\ljJAQhgd [08/04/2008, 8:41:02] - Found: HKLM\...\Winlogon\Notify\ljJAQhgd - This is probably Virtumundo. [08/04/2008, 8:41:02] - Assigning {55D17579-F6FF-4A63-981B-6683F99B9972} MSEvents Object [08/04/2008, 8:41:02] - BHO list has been changed! Starting over... [08/04/2008, 8:41:02] - BHO 1: {1ECE0D85-079A-4C62-A0A8-1EDC4F180309} () [08/04/2008, 8:41:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 8:41:02] - Checking for HKLM\...\Winlogon\Notify\vtUmKEVO [08/04/2008, 8:41:02] - Key not found: HKLM\...\Winlogon\Notify\vtUmKEVO, continuing. [08/04/2008, 8:41:02] - BHO 2: {2ae6873f-3246-4600-b9f4-9d9b78f7b304} () [08/04/2008, 8:41:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 8:41:02] - Checking for HKLM\...\Winlogon\Notify\mlzgnj [08/04/2008, 8:41:02] - Key not found: HKLM\...\Winlogon\Notify\mlzgnj, continuing. [08/04/2008, 8:41:02] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [08/04/2008, 8:41:02] - BHO 4: {55D17579-F6FF-4A63-981B-6683F99B9972} (MSEvents Object) [08/04/2008, 8:41:02] - ALERT: Found MSEvents Object! [08/04/2008, 8:41:02] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/04/2008, 8:41:02] - BHO 6: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [08/04/2008, 8:41:02] - BHO 7: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [08/04/2008, 8:41:02] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [08/04/2008, 8:41:02] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [08/04/2008, 8:41:02] - Finished Searching Browser Helper Objects [08/04/2008, 8:41:02] - *** Detected MSEvents Object [08/04/2008, 8:41:02] - Trying to remove MSEvents Object... [08/04/2008, 8:41:03] - Terminating Process: IEXPLORE.EXE [08/04/2008, 8:41:03] - Terminating Process: RUNDLL32.EXE [08/04/2008, 8:41:04] - Disabling Automatic Shell Restart [08/04/2008, 8:41:04] - Terminating Process: EXPLORER.EXE [08/04/2008, 8:41:05] - Suspending the NT Session Manager System Service [08/04/2008, 8:41:05] - Terminating Windows NT Logon/Logoff Manager [08/04/2008, 8:41:05] - Re-enabling Automatic Shell Restart [08/04/2008, 8:41:05] - File to disable: C:\WINDOWS\system32\ljJAQhgd.dll [08/04/2008, 8:41:05] - Renaming C:\WINDOWS\system32\ljJAQhgd.dll -> C:\WINDOWS\system32\ljJAQhgd.dll.vir [08/04/2008, 8:41:05] - File successfully renamed! [08/04/2008, 8:41:05] - Removing HKLM\...\Browser Helper Objects\{55D17579-F6FF-4A63-981B-6683F99B9972} [08/04/2008, 8:41:05] - Removing HKCR\CLSID\{55D17579-F6FF-4A63-981B-6683F99B9972} [08/04/2008, 8:41:05] - Adding Kill Bit for ActiveX for GUID: {55D17579-F6FF-4A63-981B-6683F99B9972} [08/04/2008, 8:41:05] - Deleting ATLEvents/MSEvents Registry entries [08/04/2008, 8:41:05] - Removing HKLM\...\Winlogon\Notify\ljJAQhgd [08/04/2008, 8:41:05] - Searching for Browser Helper Objects: [08/04/2008, 8:41:05] - BHO 1: {1ECE0D85-079A-4C62-A0A8-1EDC4F180309} () [08/04/2008, 8:41:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 8:41:05] - Checking for HKLM\...\Winlogon\Notify\vtUmKEVO [08/04/2008, 8:41:05] - Key not found: HKLM\...\Winlogon\Notify\vtUmKEVO, continuing. [08/04/2008, 8:41:05] - BHO 2: {2ae6873f-3246-4600-b9f4-9d9b78f7b304} () [08/04/2008, 8:41:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 8:41:05] - Checking for HKLM\...\Winlogon\Notify\mlzgnj [08/04/2008, 8:41:05] - Key not found: HKLM\...\Winlogon\Notify\mlzgnj, continuing. [08/04/2008, 8:41:05] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [08/04/2008, 8:41:05] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/04/2008, 8:41:06] - BHO 5: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [08/04/2008, 8:41:06] - BHO 6: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [08/04/2008, 8:41:06] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [08/04/2008, 8:41:06] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [08/04/2008, 8:41:06] - Finished Searching Browser Helper Objects [08/04/2008, 8:41:06] - Finishing up... [08/04/2008, 8:41:06] - A restart is needed. [08/04/2008, 8:41:06] - Automatic Reboot on STOP Error is not set. User will have to manually restart. [08/04/2008, 8:41:13] - Attempting to Restart via STOP error (Blue Screen!) [08/04/2008, 9:03:08] - VirtumundoBeGone v1.5 ( "C:\_reaves\_downloads\windows\VirtumundoBeGone.exe" ) [08/04/2008, 9:03:13] - User choose NOT to continue. Exiting... [08/04/2008, 9:44:04] - VirtumundoBeGone v1.5 ( "C:\_reaves\_downloads\windows\VirtumundoBeGone.exe" ) [08/04/2008, 9:44:07] - Detected System Information: [08/04/2008, 9:44:07] - Windows Version: 5.1.2600, Service Pack 2 [08/04/2008, 9:44:07] - Current Username: rmorris (Admin) [08/04/2008, 9:44:07] - Windows is in NORMAL mode. [08/04/2008, 9:44:07] - Searching for Browser Helper Objects: [08/04/2008, 9:44:07] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [08/04/2008, 9:44:07] - BHO 2: {68cb1380-0077-4f2e-ae8d-512b1a485461} () [08/04/2008, 9:44:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 9:44:07] - Checking for HKLM\...\Winlogon\Notify\wjnslj [08/04/2008, 9:44:07] - Key not found: HKLM\...\Winlogon\Notify\wjnslj, continuing. [08/04/2008, 9:44:07] - BHO 3: {7401301B-0C50-43D4-B50A-F55FCA05BA90} () [08/04/2008, 9:44:07] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 9:44:07] - Checking for HKLM\...\Winlogon\Notify\vtUmKEVO [08/04/2008, 9:44:07] - Key not found: HKLM\...\Winlogon\Notify\vtUmKEVO, continuing. [08/04/2008, 9:44:07] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/04/2008, 9:44:07] - BHO 5: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [08/04/2008, 9:44:07] - BHO 6: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [08/04/2008, 9:44:07] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [08/04/2008, 9:44:07] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [08/04/2008, 9:44:07] - Finished Searching Browser Helper Objects [08/04/2008, 9:44:07] - Finishing up... [08/04/2008, 9:44:07] - Nothing found! Exiting... [08/04/2008, 9:45:03] - VirtumundoBeGone v1.5 ( "C:\_reaves\_downloads\windows\VirtumundoBeGone.exe" ) [08/04/2008, 9:45:05] - Detected System Information: [08/04/2008, 9:45:05] - Windows Version: 5.1.2600, Service Pack 2 [08/04/2008, 9:45:05] - Current Username: rmorris (Admin) [08/04/2008, 9:45:05] - Windows is in NORMAL mode. [08/04/2008, 9:45:05] - Searching for Browser Helper Objects: [08/04/2008, 9:45:05] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [08/04/2008, 9:45:05] - BHO 2: {68cb1380-0077-4f2e-ae8d-512b1a485461} () [08/04/2008, 9:45:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 9:45:05] - Checking for HKLM\...\Winlogon\Notify\wjnslj [08/04/2008, 9:45:05] - Key not found: HKLM\...\Winlogon\Notify\wjnslj, continuing. [08/04/2008, 9:45:05] - BHO 3: {7401301B-0C50-43D4-B50A-F55FCA05BA90} () [08/04/2008, 9:45:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 9:45:05] - Checking for HKLM\...\Winlogon\Notify\vtUmKEVO [08/04/2008, 9:45:05] - Key not found: HKLM\...\Winlogon\Notify\vtUmKEVO, continuing. [08/04/2008, 9:45:05] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/04/2008, 9:45:05] - BHO 5: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [08/04/2008, 9:45:05] - BHO 6: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [08/04/2008, 9:45:05] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [08/04/2008, 9:45:05] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [08/04/2008, 9:45:05] - Finished Searching Browser Helper Objects [08/04/2008, 9:45:05] - Finishing up... [08/04/2008, 9:45:05] - Nothing found! Exiting... [08/04/2008, 10:09:30] - VirtumundoBeGone v1.5 ( "c:\_reaves\_downloads\windows\VirtumundoBeGone.exe" ) [08/04/2008, 10:09:32] - Detected System Information: [08/04/2008, 10:09:32] - Windows Version: 5.1.2600, Service Pack 2 [08/04/2008, 10:09:32] - Current Username: rmorris (Admin) [08/04/2008, 10:09:32] - Windows is in NORMAL mode. [08/04/2008, 10:09:32] - Searching for Browser Helper Objects: [08/04/2008, 10:09:32] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [08/04/2008, 10:09:32] - BHO 2: {68cb1380-0077-4f2e-ae8d-512b1a485461} () [08/04/2008, 10:09:32] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 10:09:32] - Checking for HKLM\...\Winlogon\Notify\wjnslj [08/04/2008, 10:09:32] - Key not found: HKLM\...\Winlogon\Notify\wjnslj, continuing. [08/04/2008, 10:09:32] - BHO 3: {7267E256-F76C-40DA-9DD5-976231A2C2A5} () [08/04/2008, 10:09:32] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 10:09:32] - Checking for HKLM\...\Winlogon\Notify\vtUmKEVO [08/04/2008, 10:09:32] - Key not found: HKLM\...\Winlogon\Notify\vtUmKEVO, continuing. [08/04/2008, 10:09:32] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/04/2008, 10:09:32] - BHO 5: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [08/04/2008, 10:09:32] - BHO 6: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [08/04/2008, 10:09:32] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [08/04/2008, 10:09:32] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [08/04/2008, 10:09:32] - Finished Searching Browser Helper Objects [08/04/2008, 10:09:32] - Finishing up... [08/04/2008, 10:09:32] - Nothing found! Exiting... [08/04/2008, 14:26:00] - VirtumundoBeGone v1.5 ( "C:\_reaves\_downloads\windows\VirtumundoBeGone.exe" ) [08/04/2008, 14:26:04] - Detected System Information: [08/04/2008, 14:26:04] - Windows Version: 5.1.2600, Service Pack 2 [08/04/2008, 14:26:04] - Current Username: rmorris (Admin) [08/04/2008, 14:26:04] - Windows is in NORMAL mode. [08/04/2008, 14:26:04] - Searching for Browser Helper Objects: [08/04/2008, 14:26:04] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection) [08/04/2008, 14:26:04] - BHO 2: {68cb1380-0077-4f2e-ae8d-512b1a485461} () [08/04/2008, 14:26:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 14:26:04] - Checking for HKLM\...\Winlogon\Notify\wjnslj [08/04/2008, 14:26:04] - Key not found: HKLM\...\Winlogon\Notify\wjnslj, continuing. [08/04/2008, 14:26:04] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/04/2008, 14:26:04] - BHO 4: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class) [08/04/2008, 14:26:04] - BHO 5: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class) [08/04/2008, 14:26:04] - BHO 6: {A9E91A82-8FD7-4BB0-AE3B-BD3A24BCAD8F} () [08/04/2008, 14:26:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/04/2008, 14:26:04] - Checking for HKLM\...\Winlogon\Notify\vtUmKEVO [08/04/2008, 14:26:04] - Key not found: HKLM\...\Winlogon\Notify\vtUmKEVO, continuing. [08/04/2008, 14:26:04] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [08/04/2008, 14:26:04] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) [08/04/2008, 14:26:04] - Finished Searching Browser Helper Objects [08/04/2008, 14:26:04] - Finishing up... [08/04/2008, 14:26:04] - Nothing found! Exiting...