[08/30/2008, 15:29:11] - VirtumundoBeGone v1.

5 ( "C:\Documents and Settings\Admi

nistrator\Desktop\VirtumundoBeGone.exe" )
[08/30/2008, 15:29:15] - Detected System Information:
[08/30/2008, 15:29:15] - Windows Version: 5.1.2600, Service Pack 2
[08/30/2008, 15:29:15] - Current Username: Administrator (Admin)
[08/30/2008, 15:29:15] - Windows is in NORMAL mode.
[08/30/2008, 15:29:15] - Searching for Browser Helper Objects:
[08/30/2008, 15:29:15] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-
S&D IE Protection)
[08/30/2008, 15:29:15] - BHO 2: {ACED1C9F-2718-4512-9F69-F4E28C1F484F} ()
[08/30/2008, 15:29:15] - WARNING: BHO has no default name. Checking for Winlogon
reference.
[08/30/2008, 15:29:15] - Checking for HKLM\...\Winlogon\Notify\cbXQJDVM
[08/30/2008, 15:29:15] - Found: HKLM\...\Winlogon\Notify\cbXQJDVM - This is pro
bably Virtumundo.
[08/30/2008, 15:29:15] - Assigning {ACED1C9F-2718-4512-9F69-F4E28C1F484F} MSEve
nts Object
[08/30/2008, 15:29:15] - BHO list has been changed! Starting over...
[08/30/2008, 15:29:15] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-
S&D IE Protection)
[08/30/2008, 15:29:15] - BHO 2: {ACED1C9F-2718-4512-9F69-F4E28C1F484F} (MSEvent
s Object)
[08/30/2008, 15:29:15] - ALERT: Found MSEvents Object!
[08/30/2008, 15:29:15] - BHO 3: {c2c54aa4-058d-4c79-95ca-3c4a46489814} ()
[08/30/2008, 15:29:15] - WARNING: BHO has no default name. Checking for Winlogon
reference.
[08/30/2008, 15:29:15] - Checking for HKLM\...\Winlogon\Notify\evtqyf
[08/30/2008, 15:29:15] - Key not found: HKLM\...\Winlogon\Notify\evtqyf, contin
uing.
[08/30/2008, 15:29:15] - BHO 4: {D76E77A5-114C-4945-BA88-3E8F64AB502F} ()
[08/30/2008, 15:29:15] - WARNING: BHO has no default name. Checking for Winlogon
reference.
[08/30/2008, 15:29:15] - Checking for HKLM\...\Winlogon\Notify\yayYsSKA
[08/30/2008, 15:29:15] - Key not found: HKLM\...\Winlogon\Notify\yayYsSKA, cont
inuing.
[08/30/2008, 15:29:15] - Finished Searching Browser Helper Objects
[08/30/2008, 15:29:15] - *** Detected MSEvents Object
[08/30/2008, 15:29:15] - Trying to remove MSEvents Object...
[08/30/2008, 15:29:16] - Terminating Process: IEXPLORE.EXE
[08/30/2008, 15:29:16] - Terminating Process: RUNDLL32.EXE
[08/30/2008, 15:29:16] - Disabling Automatic Shell Restart
[08/30/2008, 15:29:16] - Terminating Process: EXPLORER.EXE
[08/30/2008, 15:29:17] - Suspending the NT Session Manager System Service
[08/30/2008, 15:29:17] - Terminating Windows NT Logon/Logoff Manager
[08/30/2008, 15:29:18] - Re-enabling Automatic Shell Restart
[08/30/2008, 15:29:18] - File to disable: C:\WINDOWS\system32\cbXQJDVM.dll
[08/30/2008, 15:29:18] - Removing HKLM\...\Browser Helper Objects\{ACED1C9F-27
18-4512-9F69-F4E28C1F484F}
[08/30/2008, 15:29:18] - Removing HKCR\CLSID\{ACED1C9F-2718-4512-9F69-F4E28C1F
484F}
[08/30/2008, 15:29:19] - Adding Kill Bit for ActiveX for GUID: {ACED1C9F-2718-
4512-9F69-F4E28C1F484F}
[08/30/2008, 15:29:19] - Deleting ATLEvents/MSEvents Registry entries
[08/30/2008, 15:29:19] - Removing HKLM\...\Winlogon\Notify\cbXQJDVM
[08/30/2008, 15:29:19] - Searching for Browser Helper Objects:
[08/30/2008, 15:29:19] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-
S&D IE Protection)
[08/30/2008, 15:29:19] - BHO 2: {c2c54aa4-058d-4c79-95ca-3c4a46489814} ()
[08/30/2008, 15:29:19] - WARNING: BHO has no default name. Checking for Winlogon
 reference.
[08/30/2008, 15:29:19] - Checking for HKLM\...\Winlogon\Notify\evtqyf
[08/30/2008, 15:29:19] - Key not found: HKLM\...\Winlogon\Notify\evtqyf, contin
uing.
[08/30/2008, 15:29:19] - BHO 3: {D76E77A5-114C-4945-BA88-3E8F64AB502F} ()
[08/30/2008, 15:29:19] - WARNING: BHO has no default name. Checking for Winlogon
reference.
[08/30/2008, 15:29:19] - Checking for HKLM\...\Winlogon\Notify\yayYsSKA
[08/30/2008, 15:29:19] - Key not found: HKLM\...\Winlogon\Notify\yayYsSKA, cont
inuing.
[08/30/2008, 15:29:19] - Finished Searching Browser Helper Objects
[08/30/2008, 15:29:19] - Finishing up...
[08/30/2008, 15:29:19] - A restart is needed.
[08/30/2008, 15:29:22] - Attempting to Restart via STOP error (Blue Screen!)