[12/30/2008, 9:37:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Griso\Desktop\VirtumundoBeGone.exe" )
[12/30/2008, 9:37:33] - Detected System Information:
[12/30/2008, 9:37:33] - Windows Version: 5.1.2600, Service Pack 2
[12/30/2008, 9:37:33] - Current Username: griso (Admin)
[12/30/2008, 9:37:33] - Windows is in NORMAL mode.
[12/30/2008, 9:37:33] - Searching for Browser Helper Objects:
[12/30/2008, 9:37:33] - BHO 1: {17771EF1-01FD-474D-9DE5-D062B737EF0F} ()
[12/30/2008, 9:37:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/30/2008, 9:37:33] - Checking for HKLM\...\Winlogon\Notify\xxyXqPHW
[12/30/2008, 9:37:33] - Key not found: HKLM\...\Winlogon\Notify\xxyXqPHW, continuing.
[12/30/2008, 9:37:33] - BHO 2: {1F68BEF9-C8B0-4D2E-B059-06007F6274DE} (wcTrace.clsTrace)
[12/30/2008, 9:37:33] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/30/2008, 9:37:33] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} ()
[12/30/2008, 9:37:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/30/2008, 9:37:33] - Checking for HKLM\...\Winlogon\Notify\byXpnmJb
[12/30/2008, 9:37:33] - Found: HKLM\...\Winlogon\Notify\byXpnmJb - This is probably Virtumundo.
[12/30/2008, 9:37:34] - Assigning {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} MSEvents Object
[12/30/2008, 9:37:34] - BHO list has been changed! Starting over...
[12/30/2008, 9:37:34] - BHO 1: {17771EF1-01FD-474D-9DE5-D062B737EF0F} ()
[12/30/2008, 9:37:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/30/2008, 9:37:34] - Checking for HKLM\...\Winlogon\Notify\xxyXqPHW
[12/30/2008, 9:37:34] - Key not found: HKLM\...\Winlogon\Notify\xxyXqPHW, continuing.
[12/30/2008, 9:37:34] - BHO 2: {1F68BEF9-C8B0-4D2E-B059-06007F6274DE} (wcTrace.clsTrace)
[12/30/2008, 9:37:34] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/30/2008, 9:37:34] - BHO 4: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (MSEvents Object)
[12/30/2008, 9:37:34] - ALERT: Found MSEvents Object!
[12/30/2008, 9:37:34] - BHO 5: {74BC2618-A8EB-4925-8EF1-0EB14CB221BE} ()
[12/30/2008, 9:37:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/30/2008, 9:37:34] - No filename found. Continuing.
[12/30/2008, 9:37:34] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/30/2008, 9:37:34] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/30/2008, 9:37:34] - BHO 8: {d36b6590-0b2e-4768-87a7-c4f831d310fe} ()
[12/30/2008, 9:37:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/30/2008, 9:37:34] - Checking for HKLM\...\Winlogon\Notify\yzsqvh
[12/30/2008, 9:37:34] - Key not found: HKLM\...\Winlogon\Notify\yzsqvh, continuing.
[12/30/2008, 9:37:34] - Finished Searching Browser Helper Objects
[12/30/2008, 9:37:34] - *** Detected MSEvents Object
[12/30/2008, 9:37:34] - Trying to remove MSEvents Object...
[12/30/2008, 9:37:35] - Terminating Process: IEXPLORE.EXE
[12/30/2008, 9:37:35] - Terminating Process: RUNDLL32.EXE
[12/30/2008, 9:37:35] - Disabling Automatic Shell Restart
[12/30/2008, 9:37:35] - Terminating Process: EXPLORER.EXE
[12/30/2008, 9:37:36] - Suspending the NT Session Manager System Service
[12/30/2008, 9:37:36] - Terminating Windows NT Logon/Logoff Manager
[12/30/2008, 9:37:36] - Re-enabling Automatic Shell Restart
[12/30/2008, 9:37:36] - File to disable: C:\WINDOWS\system32\byXpnmJb.dll
[12/30/2008, 9:37:36] - Renaming C:\WINDOWS\system32\byXpnmJb.dll -> C:\WINDOWS\system32\byXpnmJb.dll.vir
[12/30/2008, 9:37:36] - File successfully renamed!
[12/30/2008, 9:37:36] - Removing HKLM\...\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/30/2008, 9:37:36] - Removing HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/30/2008, 9:37:36] - Adding Kill Bit for ActiveX for GUID: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
[12/30/2008, 9:37:36] - Deleting ATLEvents/MSEvents Registry entries
[12/30/2008, 9:37:36] - Removing HKLM\...\Winlogon\Notify\byXpnmJb
[12/30/2008, 9:37:36] - Searching for Browser Helper Objects:
[12/30/2008, 9:37:36] - BHO 1: {17771EF1-01FD-474D-9DE5-D062B737EF0F} ()
[12/30/2008, 9:37:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/30/2008, 9:37:37] - Checking for HKLM\...\Winlogon\Notify\xxyXqPHW
[12/30/2008, 9:37:37] - Key not found: HKLM\...\Winlogon\Notify\xxyXqPHW, continuing.
[12/30/2008, 9:37:37] - BHO 2: {1F68BEF9-C8B0-4D2E-B059-06007F6274DE} (wcTrace.clsTrace)
[12/30/2008, 9:37:37] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[12/30/2008, 9:37:37] - BHO 4: {74BC2618-A8EB-4925-8EF1-0EB14CB221BE} ()
[12/30/2008, 9:37:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/30/2008, 9:37:37] - No filename found. Continuing.
[12/30/2008, 9:37:37] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/30/2008, 9:37:37] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[12/30/2008, 9:37:37] - BHO 7: {d36b6590-0b2e-4768-87a7-c4f831d310fe} ()
[12/30/2008, 9:37:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/30/2008, 9:37:37] - Checking for HKLM\...\Winlogon\Notify\yzsqvh
[12/30/2008, 9:37:37] - Key not found: HKLM\...\Winlogon\Notify\yzsqvh, continuing.
[12/30/2008, 9:37:37] - Finished Searching Browser Helper Objects
[12/30/2008, 9:37:37] - Finishing up...
[12/30/2008, 9:37:37] - A restart is needed.
[12/30/2008, 9:37:48] - Attempting to Restart via STOP error (Blue Screen!)
Sign In
Create Account
