[11/12/2006, 22:47:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\badboy\Local Settings\Temporary Internet Files\Content.IE5\ATG9C9GF\VirtumundoBeGone[1].exe" ) [11/12/2006, 22:48:20] - Detected System Information: [11/12/2006, 22:48:20] - Windows Version: 5.1.2600, Service Pack 2 [11/12/2006, 22:48:20] - Current Username: badboy (Admin) [11/12/2006, 22:48:20] - Windows is in NORMAL mode. [11/12/2006, 22:48:20] - Searching for Browser Helper Objects: [11/12/2006, 22:48:20] - BHO 1: {0979C81F-A46C-4606-9579-8BC82E9C2C31} (XBTP06796 Class) [11/12/2006, 22:48:20] - BHO 2: {2168D88D-86F7-4B4A-8623-6E36673E0EB3} () [11/12/2006, 22:48:20] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/12/2006, 22:48:20] - Checking for HKLM\...\Winlogon\Notify\iifee [11/12/2006, 22:48:20] - Found: HKLM\...\Winlogon\Notify\iifee - This is probably Virtumundo. [11/12/2006, 22:48:20] - Assigning {2168D88D-86F7-4B4A-8623-6E36673E0EB3} MSEvents Object [11/12/2006, 22:48:20] - BHO list has been changed! Starting over... [11/12/2006, 22:48:20] - BHO 1: {0979C81F-A46C-4606-9579-8BC82E9C2C31} (XBTP06796 Class) [11/12/2006, 22:48:20] - BHO 2: {2168D88D-86F7-4B4A-8623-6E36673E0EB3} (MSEvents Object) [11/12/2006, 22:48:20] - ALERT: Found MSEvents Object! [11/12/2006, 22:48:20] - BHO 3: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button) [11/12/2006, 22:48:20] - BHO 4: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard) [11/12/2006, 22:48:20] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [11/12/2006, 22:48:20] - BHO 6: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class) [11/12/2006, 22:48:20] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [11/12/2006, 22:48:20] - BHO 8: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor) [11/12/2006, 22:48:20] - BHO 9: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} () [11/12/2006, 22:48:20] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/12/2006, 22:48:20] - Checking for HKLM\...\Winlogon\Notify\fglprkou [11/12/2006, 22:48:20] - Key not found: HKLM\...\Winlogon\Notify\fglprkou, continuing. [11/12/2006, 22:48:20] - Finished Searching Browser Helper Objects [11/12/2006, 22:48:20] - *** Detected MSEvents Object [11/12/2006, 22:48:20] - Trying to remove MSEvents Object... [11/12/2006, 22:48:21] - Terminating Process: IEXPLORE.EXE [11/12/2006, 22:48:22] - Terminating Process: RUNDLL32.EXE [11/12/2006, 22:48:23] - Disabling Automatic Shell Restart [11/12/2006, 22:48:23] - Terminating Process: EXPLORER.EXE [11/12/2006, 22:48:23] - Suspending the NT Session Manager System Service [11/12/2006, 22:48:24] - Terminating Windows NT Logon/Logoff Manager [11/12/2006, 22:48:25] - Re-enabling Automatic Shell Restart [11/12/2006, 22:48:25] - File to disable: C:\WINDOWS\system32\iifee.dll [11/12/2006, 22:48:25] - Renaming C:\WINDOWS\system32\iifee.dll -> C:\WINDOWS\system32\iifee.dll.vir [11/12/2006, 22:48:25] - File successfully renamed! [11/12/2006, 22:48:25] - Removing HKLM\...\Browser Helper Objects\{2168D88D-86F7-4B4A-8623-6E36673E0EB3} [11/12/2006, 22:48:25] - Removing HKCR\CLSID\{2168D88D-86F7-4B4A-8623-6E36673E0EB3} [11/12/2006, 22:48:25] - Adding Kill Bit for ActiveX for GUID: {2168D88D-86F7-4B4A-8623-6E36673E0EB3} [11/12/2006, 22:48:25] - Deleting ATLEvents/MSEvents Registry entries [11/12/2006, 22:48:25] - Removing HKLM\...\Winlogon\Notify\iifee [11/12/2006, 22:48:25] - Searching for Browser Helper Objects: [11/12/2006, 22:48:25] - BHO 1: {0979C81F-A46C-4606-9579-8BC82E9C2C31} (XBTP06796 Class) [11/12/2006, 22:48:25] - BHO 2: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button) [11/12/2006, 22:48:25] - BHO 3: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} (PCTools Site Guard) [11/12/2006, 22:48:25] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [11/12/2006, 22:48:25] - BHO 5: {83B80A9C-D91A-4F22-8DCF-EA7204039F79} (NXIECatcher Class) [11/12/2006, 22:48:25] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [11/12/2006, 22:48:25] - BHO 7: {B56A7D7D-6927-48C8-A975-17DF180C71AC} (PCTools Browser Monitor) [11/12/2006, 22:48:25] - BHO 8: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} () [11/12/2006, 22:48:25] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/12/2006, 22:48:25] - Checking for HKLM\...\Winlogon\Notify\fglprkou [11/12/2006, 22:48:25] - Key not found: HKLM\...\Winlogon\Notify\fglprkou, continuing. [11/12/2006, 22:48:25] - Finished Searching Browser Helper Objects [11/12/2006, 22:48:25] - Finishing up... [11/12/2006, 22:48:25] - A restart is needed. [11/12/2006, 22:48:25] - Automatic Reboot on STOP Error is not set. User will have to manually restart. [11/12/2006, 22:48:41] - Attempting to Restart via STOP error (Blue Screen!)