[UDRays]

Hello,

Yesterday I started getting alot of popups. I did all of the things in the try this first section, and it cleared some stuff, but I think alot of it is still there. I have a Super Anti Spyware log and a VirtumundoBeGone log as well as my hijackthis log. I tried the pandascan as well but it IE crashed after I got so many popups during the scan. I am getting around 25 popups an hour or so. Thanks alot for your help.

Logfile of HijackThis v1.99.1
Scan saved at 6:16:08 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\c2c145.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {c79db4f1-4855-40f8-9c9f-abce9902b72c} - C:\WINDOWS\system32\dwxmqgh.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [c2c145] C:\WINDOWS\c2c145
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - https://accounting.q....568/qboax9.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.q...620/qboax10.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



My SuperAnti Spyware Log:

SUPERAntiSpyware Scan Log
Generated 06/13/2007 at 04:20 PM

Application Version : 3.6.1000

Core Rules Database Version : 3253
Trace Rules Database Version: 1264

Scan type : Complete Scan
Total Scan Time : 02:21:34

Memory items scanned : 498
Memory threats detected : 0
Registry items scanned : 7378
Registry threats detected : 5
File items scanned : 98156
File threats detected : 21

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8A61098D-612B-4EF2-943D-64E920684061}

Adware.Tracking Cookie
C:\Documents and Settings\Robert\Cookies\robert@adrevolver[1].txt
C:\Documents and Settings\Robert\Cookies\robert@doubleclick[1].txt
C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
C:\Documents and Settings\Robert\Cookies\robert@cpvfeed[2].txt
C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
C:\Documents and Settings\Robert\Cookies\robert@atdmt[1].txt
C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
C:\Documents and Settings\Robert\Cookies\robert@advertising[1].txt
C:\Documents and Settings\Robert\Cookies\[email protected][1].txt
C:\Documents and Settings\Robert\Cookies\robert@trafficmp[1].txt
C:\Documents and Settings\Robert\Cookies\robert@casalemedia[2].txt

Trojan.WinBo32/Enhance
HKLM\Software\System\sysold
HKLM\Software\System\sysold#c2c145
HKU\S-1-5-21-2104114017-3631238561-891195322-1005\Software\System\sysuid

Adware.ClickSpring/Outer Info Network
C:\Program Files\Outerinfo\Cache
C:\Program Files\Outerinfo\outerinfo.ico
C:\Program Files\Outerinfo\Terms.rtf
C:\Program Files\Outerinfo
C:\Documents and Settings\Robert\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Robert\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Robert\Start Menu\Programs\Outerinfo

Adware.Web Buying
HKU\S-1-5-21-2104114017-3631238561-891195322-1005\Software\WebBuying

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\XXYAYWV.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\CXIBKJWL\index[1].htm


My VirtumundoBeGone Log:


[06/13/2007, 2:08:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Robert\Desktop\VirtumundoBeGone.exe" )
[06/13/2007, 2:08:42] - Detected System Information:
[06/13/2007, 2:08:42] - Windows Version: 5.1.2600, Service Pack 2
[06/13/2007, 2:08:42] - Current Username: Robert (Admin)
[06/13/2007, 2:08:42] - Windows is in NORMAL mode.
[06/13/2007, 2:08:42] - Searching for Browser Helper Objects:
[06/13/2007, 2:08:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/13/2007, 2:08:42] - BHO 2: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
[06/13/2007, 2:08:42] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/13/2007, 2:08:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/13/2007, 2:08:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/13/2007, 2:08:42] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[06/13/2007, 2:08:42] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/13/2007, 2:08:42] - BHO 6: {8A61098D-612B-4EF2-943D-64E920684061} ()
[06/13/2007, 2:08:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:42] - Checking for HKLM\...\Winlogon\Notify\yayxxxy
[06/13/2007, 2:08:42] - Found: HKLM\...\Winlogon\Notify\yayxxxy - This is probably Virtumundo.
[06/13/2007, 2:08:42] - Assigning {8A61098D-612B-4EF2-943D-64E920684061} MSEvents Object
[06/13/2007, 2:08:42] - BHO list has been changed! Starting over...
[06/13/2007, 2:08:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/13/2007, 2:08:42] - BHO 2: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
[06/13/2007, 2:08:42] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/13/2007, 2:08:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/13/2007, 2:08:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/13/2007, 2:08:42] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[06/13/2007, 2:08:42] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/13/2007, 2:08:42] - BHO 6: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/13/2007, 2:08:42] - ALERT: Found MSEvents Object!
[06/13/2007, 2:08:42] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[06/13/2007, 2:08:42] - BHO 8: {c79db4f1-4855-40f8-9c9f-abce9902b72c} ()
[06/13/2007, 2:08:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:42] - Checking for HKLM\...\Winlogon\Notify\dwxmqgh
[06/13/2007, 2:08:42] - Key not found: HKLM\...\Winlogon\Notify\dwxmqgh, continuing.
[06/13/2007, 2:08:42] - BHO 9: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[06/13/2007, 2:08:42] - BHO 10: {FB2B8598-E7BE-4400-9094-AF571EAE22EE} ()
[06/13/2007, 2:08:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:42] - Checking for HKLM\...\Winlogon\Notify\ssqro
[06/13/2007, 2:08:42] - Found: HKLM\...\Winlogon\Notify\ssqro - This is probably Virtumundo.
[06/13/2007, 2:08:42] - Assigning {FB2B8598-E7BE-4400-9094-AF571EAE22EE} MSEvents Object
[06/13/2007, 2:08:42] - BHO list has been changed! Starting over...
[06/13/2007, 2:08:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/13/2007, 2:08:42] - BHO 2: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
[06/13/2007, 2:08:42] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/13/2007, 2:08:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/13/2007, 2:08:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/13/2007, 2:08:42] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[06/13/2007, 2:08:42] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/13/2007, 2:08:42] - BHO 6: {8A61098D-612B-4EF2-943D-64E920684061} (MSEvents Object)
[06/13/2007, 2:08:42] - ALERT: Found MSEvents Object!
[06/13/2007, 2:08:42] - BHO 7: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[06/13/2007, 2:08:42] - BHO 8: {c79db4f1-4855-40f8-9c9f-abce9902b72c} ()
[06/13/2007, 2:08:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:42] - Checking for HKLM\...\Winlogon\Notify\dwxmqgh
[06/13/2007, 2:08:42] - Key not found: HKLM\...\Winlogon\Notify\dwxmqgh, continuing.
[06/13/2007, 2:08:42] - BHO 9: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[06/13/2007, 2:08:42] - BHO 10: {FB2B8598-E7BE-4400-9094-AF571EAE22EE} (MSEvents Object)
[06/13/2007, 2:08:42] - ALERT: Found MSEvents Object!
[06/13/2007, 2:08:42] - Finished Searching Browser Helper Objects
[06/13/2007, 2:08:42] - *** Detected MSEvents Object
[06/13/2007, 2:08:42] - Trying to remove MSEvents Object...
[06/13/2007, 2:08:43] - Terminating Process: IEXPLORE.EXE
[06/13/2007, 2:08:43] - Terminating Process: RUNDLL32.EXE
[06/13/2007, 2:08:43] - Disabling Automatic Shell Restart
[06/13/2007, 2:08:43] - Terminating Process: EXPLORER.EXE
[06/13/2007, 2:08:44] - Suspending the NT Session Manager System Service
[06/13/2007, 2:08:44] - Terminating Windows NT Logon/Logoff Manager
[06/13/2007, 2:08:44] - Re-enabling Automatic Shell Restart
[06/13/2007, 2:08:44] - File to disable: C:\WINDOWS\system32\yayxxxy.dll
[06/13/2007, 2:08:44] - Renaming C:\WINDOWS\system32\yayxxxy.dll -> C:\WINDOWS\system32\yayxxxy.dll.vir
[06/13/2007, 2:08:44] - File successfully renamed!
[06/13/2007, 2:08:44] - Removing HKLM\...\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
[06/13/2007, 2:08:44] - Removing HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
[06/13/2007, 2:08:44] - Adding Kill Bit for ActiveX for GUID: {8A61098D-612B-4EF2-943D-64E920684061}
[06/13/2007, 2:08:44] - Deleting ATLEvents/MSEvents Registry entries
[06/13/2007, 2:08:44] - Removing HKLM\...\Winlogon\Notify\yayxxxy
[06/13/2007, 2:08:44] - Searching for Browser Helper Objects:
[06/13/2007, 2:08:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/13/2007, 2:08:44] - BHO 2: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
[06/13/2007, 2:08:44] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/13/2007, 2:08:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:44] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/13/2007, 2:08:44] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/13/2007, 2:08:44] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[06/13/2007, 2:08:44] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/13/2007, 2:08:44] - BHO 6: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[06/13/2007, 2:08:44] - BHO 7: {c79db4f1-4855-40f8-9c9f-abce9902b72c} ()
[06/13/2007, 2:08:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:44] - Checking for HKLM\...\Winlogon\Notify\dwxmqgh
[06/13/2007, 2:08:44] - Key not found: HKLM\...\Winlogon\Notify\dwxmqgh, continuing.
[06/13/2007, 2:08:44] - BHO 8: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[06/13/2007, 2:08:44] - BHO 9: {FB2B8598-E7BE-4400-9094-AF571EAE22EE} (MSEvents Object)
[06/13/2007, 2:08:44] - ALERT: Found MSEvents Object!
[06/13/2007, 2:08:44] - Finished Searching Browser Helper Objects
[06/13/2007, 2:08:44] - *** Detected MSEvents Object
[06/13/2007, 2:08:44] - Trying to remove MSEvents Object...
[06/13/2007, 2:08:45] - Terminating Process: IEXPLORE.EXE
[06/13/2007, 2:08:45] - Terminating Process: RUNDLL32.EXE
[06/13/2007, 2:08:45] - Disabling Automatic Shell Restart
[06/13/2007, 2:08:45] - Terminating Process: EXPLORER.EXE
[06/13/2007, 2:08:45] - Suspending the NT Session Manager System Service
[06/13/2007, 2:08:46] - Terminating Windows NT Logon/Logoff Manager
[06/13/2007, 2:08:46] - Re-enabling Automatic Shell Restart
[06/13/2007, 2:08:46] - File to disable: C:\WINDOWS\system32\ssqro.dll
[06/13/2007, 2:08:46] - Renaming C:\WINDOWS\system32\ssqro.dll -> C:\WINDOWS\system32\ssqro.dll.vir
[06/13/2007, 2:08:46] - File successfully renamed!
[06/13/2007, 2:08:46] - Removing HKLM\...\Browser Helper Objects\{FB2B8598-E7BE-4400-9094-AF571EAE22EE}
[06/13/2007, 2:08:46] - Removing HKCR\CLSID\{FB2B8598-E7BE-4400-9094-AF571EAE22EE}
[06/13/2007, 2:08:46] - Adding Kill Bit for ActiveX for GUID: {FB2B8598-E7BE-4400-9094-AF571EAE22EE}
[06/13/2007, 2:08:46] - Deleting ATLEvents/MSEvents Registry entries
[06/13/2007, 2:08:46] - Removing HKLM\...\Winlogon\Notify\ssqro
[06/13/2007, 2:08:46] - Searching for Browser Helper Objects:
[06/13/2007, 2:08:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/13/2007, 2:08:46] - BHO 2: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
[06/13/2007, 2:08:46] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[06/13/2007, 2:08:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:46] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[06/13/2007, 2:08:46] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[06/13/2007, 2:08:46] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[06/13/2007, 2:08:46] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/13/2007, 2:08:46] - BHO 6: {AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
[06/13/2007, 2:08:46] - BHO 7: {c79db4f1-4855-40f8-9c9f-abce9902b72c} ()
[06/13/2007, 2:08:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/13/2007, 2:08:46] - Checking for HKLM\...\Winlogon\Notify\dwxmqgh
[06/13/2007, 2:08:46] - Key not found: HKLM\...\Winlogon\Notify\dwxmqgh, continuing.
[06/13/2007, 2:08:46] - BHO 8: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[06/13/2007, 2:08:46] - Finished Searching Browser Helper Objects
[06/13/2007, 2:08:46] - Finishing up...
[06/13/2007, 2:08:46] - A restart is needed.
[06/13/2007, 2:08:46] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[06/13/2007, 2:09:02] - Attempting to Restart via STOP error (Blue Screen!)


Thanks so much for your help.