[01/25/2009, 17:01:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mabel Yee\Desktop\VirtumundoBeGone.exe" ) [01/25/2009, 17:01:36] - Detected System Information: [01/25/2009, 17:01:36] - Windows Version: 5.1.2600, Service Pack 2 [01/25/2009, 17:01:36] - Current Username: Mabel Yee (Admin) [01/25/2009, 17:01:36] - Windows is in NORMAL mode. [01/25/2009, 17:01:36] - Searching for Browser Helper Objects: [01/25/2009, 17:01:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/25/2009, 17:01:36] - BHO 2: {174d87b0-f9f1-4492-a8e3-93860a68ff53} () [01/25/2009, 17:01:36] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/25/2009, 17:01:36] - Checking for HKLM\...\Winlogon\Notify\syiuvk [01/25/2009, 17:01:36] - Key not found: HKLM\...\Winlogon\Notify\syiuvk, continuing. [01/25/2009, 17:01:36] - BHO 3: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} () [01/25/2009, 17:01:36] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/25/2009, 17:01:36] - Checking for HKLM\...\Winlogon\Notify\pmnlKBTm [01/25/2009, 17:01:36] - Found: HKLM\...\Winlogon\Notify\pmnlKBTm - This is probably Virtumundo. [01/25/2009, 17:01:36] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object [01/25/2009, 17:01:36] - BHO list has been changed! Starting over... [01/25/2009, 17:01:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/25/2009, 17:01:36] - BHO 2: {174d87b0-f9f1-4492-a8e3-93860a68ff53} () [01/25/2009, 17:01:36] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/25/2009, 17:01:36] - Checking for HKLM\...\Winlogon\Notify\syiuvk [01/25/2009, 17:01:36] - Key not found: HKLM\...\Winlogon\Notify\syiuvk, continuing. [01/25/2009, 17:01:36] - BHO 3: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object) [01/25/2009, 17:01:36] - ALERT: Found MSEvents Object! [01/25/2009, 17:01:36] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [01/25/2009, 17:01:36] - BHO 5: {A9DF62E3-7418-4C7F-8F4E-5FF90446C4A1} () [01/25/2009, 17:01:36] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/25/2009, 17:01:36] - Checking for HKLM\...\Winlogon\Notify\wvUmjIcc [01/25/2009, 17:01:36] - Key not found: HKLM\...\Winlogon\Notify\wvUmjIcc, continuing. [01/25/2009, 17:01:36] - BHO 6: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object) [01/25/2009, 17:01:36] - Finished Searching Browser Helper Objects [01/25/2009, 17:01:36] - *** Detected MSEvents Object [01/25/2009, 17:01:36] - Trying to remove MSEvents Object... [01/25/2009, 17:01:37] - Terminating Process: IEXPLORE.EXE [01/25/2009, 17:01:37] - Terminating Process: RUNDLL32.EXE [01/25/2009, 17:01:38] - Disabling Automatic Shell Restart [01/25/2009, 17:01:38] - Terminating Process: EXPLORER.EXE [01/25/2009, 17:01:38] - Suspending the NT Session Manager System Service [01/25/2009, 17:01:38] - Terminating Windows NT Logon/Logoff Manager [01/25/2009, 17:01:38] - Re-enabling Automatic Shell Restart [01/25/2009, 17:01:38] - File to disable: C:\WINDOWS\system32\pmnlKBTm.dll [01/25/2009, 17:01:38] - Renaming C:\WINDOWS\system32\pmnlKBTm.dll -> C:\WINDOWS\system32\pmnlKBTm.dll.vir [01/25/2009, 17:01:38] - File successfully renamed! [01/25/2009, 17:01:38] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [01/25/2009, 17:01:38] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [01/25/2009, 17:01:38] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [01/25/2009, 17:01:38] - Deleting ATLEvents/MSEvents Registry entries [01/25/2009, 17:01:38] - Removing HKLM\...\Winlogon\Notify\pmnlKBTm [01/25/2009, 17:01:38] - Searching for Browser Helper Objects: [01/25/2009, 17:01:38] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/25/2009, 17:01:38] - BHO 2: {174d87b0-f9f1-4492-a8e3-93860a68ff53} () [01/25/2009, 17:01:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/25/2009, 17:01:38] - Checking for HKLM\...\Winlogon\Notify\syiuvk [01/25/2009, 17:01:38] - Key not found: HKLM\...\Winlogon\Notify\syiuvk, continuing. [01/25/2009, 17:01:38] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [01/25/2009, 17:01:38] - BHO 4: {A9DF62E3-7418-4C7F-8F4E-5FF90446C4A1} () [01/25/2009, 17:01:38] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/25/2009, 17:01:38] - Checking for HKLM\...\Winlogon\Notify\wvUmjIcc [01/25/2009, 17:01:38] - Key not found: HKLM\...\Winlogon\Notify\wvUmjIcc, continuing. [01/25/2009, 17:01:38] - BHO 5: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object) [01/25/2009, 17:01:38] - Finished Searching Browser Helper Objects [01/25/2009, 17:01:38] - Finishing up... [01/25/2009, 17:01:38] - A restart is needed. [01/25/2009, 17:01:38] - Automatic Reboot on STOP Error is not set. User will have to manually restart. [01/25/2009, 17:01:49] - Attempting to Restart via STOP error (Blue Screen!) [01/25/2009, 17:05:12] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mabel Yee\Desktop\VirtumundoBeGone.exe" ) [01/25/2009, 17:05:16] - Detected System Information: [01/25/2009, 17:05:16] - Windows Version: 5.1.2600, Service Pack 2 [01/25/2009, 17:05:16] - Current Username: Mabel Yee (Admin) [01/25/2009, 17:05:16] - Windows is in NORMAL mode. [01/25/2009, 17:05:16] - Searching for Browser Helper Objects: [01/25/2009, 17:05:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/25/2009, 17:05:16] - BHO 2: {174d87b0-f9f1-4492-a8e3-93860a68ff53} () [01/25/2009, 17:05:16] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/25/2009, 17:05:16] - Checking for HKLM\...\Winlogon\Notify\syiuvk [01/25/2009, 17:05:16] - Key not found: HKLM\...\Winlogon\Notify\syiuvk, continuing. [01/25/2009, 17:05:16] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [01/25/2009, 17:05:16] - BHO 4: {A6FB7E91-C219-4750-B6F8-EA922848A645} () [01/25/2009, 17:05:16] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/25/2009, 17:05:16] - Checking for HKLM\...\Winlogon\Notify\wvUmjIcc [01/25/2009, 17:05:16] - Key not found: HKLM\...\Winlogon\Notify\wvUmjIcc, continuing. [01/25/2009, 17:05:16] - BHO 5: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object) [01/25/2009, 17:05:16] - Finished Searching Browser Helper Objects [01/25/2009, 17:05:16] - Finishing up... [01/25/2009, 17:05:16] - Nothing found! Exiting... [01/26/2009, 21:52:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mabel Yee\Desktop\VirtumundoBeGone.exe" ) [01/26/2009, 21:52:36] - Detected System Information: [01/26/2009, 21:52:36] - Windows Version: 5.1.2600, Service Pack 2 [01/26/2009, 21:52:36] - Current Username: Mabel Yee (Admin) [01/26/2009, 21:52:36] - Windows is in NORMAL mode. [01/26/2009, 21:52:36] - Searching for Browser Helper Objects: [01/26/2009, 21:52:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [01/26/2009, 21:52:36] - BHO 2: {174d87b0-f9f1-4492-a8e3-93860a68ff53} () [01/26/2009, 21:52:36] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/26/2009, 21:52:36] - Checking for HKLM\...\Winlogon\Notify\syiuvk [01/26/2009, 21:52:36] - Key not found: HKLM\...\Winlogon\Notify\syiuvk, continuing. [01/26/2009, 21:52:36] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [01/26/2009, 21:52:36] - BHO 4: {A6FB7E91-C219-4750-B6F8-EA922848A645} () [01/26/2009, 21:52:36] - WARNING: BHO has no default name. Checking for Winlogon reference. [01/26/2009, 21:52:36] - Checking for HKLM\...\Winlogon\Notify\wvUmjIcc [01/26/2009, 21:52:36] - Key not found: HKLM\...\Winlogon\Notify\wvUmjIcc, continuing. [01/26/2009, 21:52:36] - BHO 5: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object) [01/26/2009, 21:52:36] - Finished Searching Browser Helper Objects [01/26/2009, 21:52:36] - Finishing up... [01/26/2009, 21:52:36] - Nothing found! Exiting...