[12/26/2008, 22:38:58] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Matt Koppe\Desktop\VirtumundoBeGone.exe" )
[12/26/2008, 22:39:04] - Detected System Information:
[12/26/2008, 22:39:04] - Windows Version: 5.1.2600, Service Pack 3
[12/26/2008, 22:39:04] - Current Username: Matt Koppe (Admin)
[12/26/2008, 22:39:04] - Windows is in NORMAL mode.
[12/26/2008, 22:39:04] - Searching for Browser Helper Objects:
[12/26/2008, 22:39:04] - BHO 1: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/26/2008, 22:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/26/2008, 22:39:04] - Checking for HKLM\...\Winlogon\Notify\opnkkkkl
[12/26/2008, 22:39:04] - Found: HKLM\...\Winlogon\Notify\opnkkkkl - This is probably Virtumundo.
[12/26/2008, 22:39:04] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/26/2008, 22:39:04] - BHO list has been changed! Starting over...
[12/26/2008, 22:39:04] - BHO 1: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[12/26/2008, 22:39:04] - ALERT: Found MSEvents Object!
[12/26/2008, 22:39:04] - BHO 2: {758E0A6B-601F-4F85-979C-31246EC46B31} ()
[12/26/2008, 22:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/26/2008, 22:39:04] - Checking for HKLM\...\Winlogon\Notify\efcYOETJ
[12/26/2008, 22:39:04] - Key not found: HKLM\...\Winlogon\Notify\efcYOETJ, continuing.
[12/26/2008, 22:39:04] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java™ Plug-In SSV Helper)
[12/26/2008, 22:39:04] - BHO 4: {8321e080-0c38-445c-9961-858124bffb67} ()
[12/26/2008, 22:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/26/2008, 22:39:04] - Checking for HKLM\...\Winlogon\Notify\xydmdr
[12/26/2008, 22:39:04] - Key not found: HKLM\...\Winlogon\Notify\xydmdr, continuing.
[12/26/2008, 22:39:04] - BHO 5: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/26/2008, 22:39:04] - BHO 6: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
[12/26/2008, 22:39:04] - Finished Searching Browser Helper Objects
[12/26/2008, 22:39:04] - *** Detected MSEvents Object
[12/26/2008, 22:39:04] - Trying to remove MSEvents Object...
[12/26/2008, 22:39:05] - Terminating Process: IEXPLORE.EXE
[12/26/2008, 22:39:06] - Terminating Process: RUNDLL32.EXE
[12/26/2008, 22:39:06] - Disabling Automatic Shell Restart
[12/26/2008, 22:39:06] - Terminating Process: EXPLORER.EXE
[12/26/2008, 22:39:06] - Suspending the NT Session Manager System Service
[12/26/2008, 22:39:07] - Terminating Windows NT Logon/Logoff Manager
[12/26/2008, 22:39:07] - Re-enabling Automatic Shell Restart
[12/26/2008, 22:39:07] - File to disable: C:\WINDOWS\system32\opnkkkkl.dll
[12/26/2008, 22:39:07] - Renaming C:\WINDOWS\system32\opnkkkkl.dll -> C:\WINDOWS\system32\opnkkkkl.dll.vir
[12/26/2008, 22:39:08] - File successfully renamed!
[12/26/2008, 22:39:08] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/26/2008, 22:39:08] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/26/2008, 22:39:08] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/26/2008, 22:39:08] - Deleting ATLEvents/MSEvents Registry entries
[12/26/2008, 22:39:08] - Removing HKLM\...\Winlogon\Notify\opnkkkkl
[12/26/2008, 22:39:08] - Searching for Browser Helper Objects:
[12/26/2008, 22:39:09] - BHO 1: {758E0A6B-601F-4F85-979C-31246EC46B31} ()
[12/26/2008, 22:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/26/2008, 22:39:09] - Checking for HKLM\...\Winlogon\Notify\efcYOETJ
[12/26/2008, 22:39:09] - Key not found: HKLM\...\Winlogon\Notify\efcYOETJ, continuing.
[12/26/2008, 22:39:09] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java™ Plug-In SSV Helper)
[12/26/2008, 22:39:09] - BHO 3: {8321e080-0c38-445c-9961-858124bffb67} ()
[12/26/2008, 22:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/26/2008, 22:39:09] - Checking for HKLM\...\Winlogon\Notify\xydmdr
[12/26/2008, 22:39:09] - Key not found: HKLM\...\Winlogon\Notify\xydmdr, continuing.
[12/26/2008, 22:39:09] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/26/2008, 22:39:09] - BHO 5: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
[12/26/2008, 22:39:09] - Finished Searching Browser Helper Objects
[12/26/2008, 22:39:09] - Finishing up...
[12/26/2008, 22:39:09] - A restart is needed.
[12/26/2008, 22:39:16] - Attempting to Restart via STOP error (Blue Screen!)
**At this point, I had to do a hard restart. Here's what happened when I ran it again:
[12/26/2008, 22:58:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Matt Koppe\Desktop\VirtumundoBeGone.exe" )
[12/26/2008, 22:58:43] - Detected System Information:
[12/26/2008, 22:58:43] - Windows Version: 5.1.2600, Service Pack 3
[12/26/2008, 22:58:43] - Current Username: Matt Koppe (Admin)
[12/26/2008, 22:58:43] - Windows is in NORMAL mode.
[12/26/2008, 22:58:43] - Searching for Browser Helper Objects:
[12/26/2008, 22:58:43] - BHO 1: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java™ Plug-In SSV Helper)
[12/26/2008, 22:58:43] - BHO 2: {8321e080-0c38-445c-9961-858124bffb67} ()
[12/26/2008, 22:58:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/26/2008, 22:58:43] - Checking for HKLM\...\Winlogon\Notify\xydmdr
[12/26/2008, 22:58:43] - Key not found: HKLM\...\Winlogon\Notify\xydmdr, continuing.
[12/26/2008, 22:58:43] - BHO 3: {B9908638-6225-4A15-960F-740B241747E2} ()
[12/26/2008, 22:58:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/26/2008, 22:58:43] - Checking for HKLM\...\Winlogon\Notify\efcYOETJ
[12/26/2008, 22:58:43] - Key not found: HKLM\...\Winlogon\Notify\efcYOETJ, continuing.
[12/26/2008, 22:58:43] - BHO 4: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class)
[12/26/2008, 22:58:43] - BHO 5: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
[12/26/2008, 22:58:43] - Finished Searching Browser Helper Objects
[12/26/2008, 22:58:43] - Finishing up...
[12/26/2008, 22:58:43] - Nothing found! Exiting...
Sign In
Create Account
