please analyze and help remove spydawn AND winantivirus

lsals · Feb 18, 2007

Hi guys. I posted on here a while back because my computer had been infected with win antivirus and 'warezmonster' was very good at helping me get rid of it. I now have it again. A little red icon appears in the bottom right of the screen with a yellow '!' in the centre and also a blue and white circle appears with a white '?' in the centre. The first one is win antivirus and the second is spydawn and they both keep spawning popups and pretend to be useful programs.

I followed Warezmonsters removal guide as I did the first time but it didn't get rid of them so I have ran Hijack this. Please can someone analyze my log and help me out??

thanks alot

Anthony

Logfile of HijackThis v1.99.1
Scan saved at 17:54:52, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BB12649-D5A7-C516-6E29-01A0C222C039} - C:\WINDOWS\system32\xsvebvb.dll
O2 - BHO: (no name) - {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} - (no file)
O2 - BHO: (no name) - {613E7B70-5380-4063-A060-C147AB994C02} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll
O2 - BHO: (no name) - {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} - C:\WINDOWS\system32\ixl.dll (file missing)
O2 - BHO: (no name) - {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\snfcgjqm.dll
O2 - BHO: (no name) - {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} - (no file)
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddayv - C:\WINDOWS\
O20 - Winlogon Notify: ksapgh - C:\WINDOWS\SYSTEM32\ksapgh.dll
O20 - Winlogon Notify: nnnkhgf - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: vtstr - C:\WINDOWS\
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: msieupdater (Microsoft IE Updater) - Unknown owner - C:\WINDOWS\system32\update00822631.exe
O23 - Service: ieupdater2 (Microsoft IE Updater2) - Unknown owner - C:\Documents and Settings\Ant\~tmp0374.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Jam3s-Zer0 · Feb 18, 2007

Yo Anthony, you have a severely infected log there.

Please run thru the guide linked here: http://techist.com/showthread.php?s=&threadid=119852

Remember to run each step carefully and if you cannot do a step, carry on and posted back with the problem.

lsals · Feb 19, 2007

re

Hi. thanks for your reply. lol, I thought it would be pretty bad. That guide is the guide I said I have already ran through. Is there anything else I can do to get rid?

thanks

Ant

Osiris · Feb 19, 2007

Download This program by clicking on the link: VirtumundoBeGone.exe [94.7 KB]
Run the program and follow the directions. Make sure you save all your work before!
If the virus is detected it will force you to restart your computer right away.

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

post results after the scan

lsals · Feb 19, 2007

re

hi warez. thanks for your help again. I did a system restore and then ran that program. here is my new log.

Logfile of HijackThis v1.99.1
Scan saved at 20:04:50, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theworldsfavouritehomepage.com/test
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: vtstr - C:\WINDOWS\
O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

lsals · Feb 19, 2007

re

and here's the log from vbg. thanks alot

[11/05/2006, 20:40:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" )
[11/05/2006, 20:40:24] - Detected System Information:
[11/05/2006, 20:40:24] - Windows Version: 5.1.2600, Service Pack 2
[11/05/2006, 20:40:24] - Current Username: Ant (Admin)
[11/05/2006, 20:40:24] - Windows is in NORMAL mode.
[11/05/2006, 20:40:24] - Searching for Browser Helper Objects:
[11/05/2006, 20:40:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/05/2006, 20:40:24] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} ()
[11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:40:24] - Checking for HKLM\...\Winlogon\Notify\vtstr
[11/05/2006, 20:40:24] - Found: HKLM\...\Winlogon\Notify\vtstr - This is probably Virtumundo.
[11/05/2006, 20:40:24] - Assigning {202B0345-79EA-4A71-988A-0C87B1FEC268} MSEvents Object
[11/05/2006, 20:40:24] - BHO list has been changed! Starting over...
[11/05/2006, 20:40:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/05/2006, 20:40:24] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} (MSEvents Object)
[11/05/2006, 20:40:24] - ALERT: Found MSEvents Object!
[11/05/2006, 20:40:24] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} ()
[11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:40:24] - Checking for HKLM\...\Winlogon\Notify\aankmyf
[11/05/2006, 20:40:24] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing.
[11/05/2006, 20:40:24] - BHO 4: {61977312-9CD2-B371-D388-C4693FDD8EC8} ()
[11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:40:24] - Checking for HKLM\...\Winlogon\Notify\adglbc
[11/05/2006, 20:40:24] - Key not found: HKLM\...\Winlogon\Notify\adglbc, continuing.
[11/05/2006, 20:40:24] - BHO 5: {77701e16-9bfe-4b63-a5b4-7bd156758a37} ()
[11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:40:24] - No filename found. Continuing.
[11/05/2006, 20:40:24] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/05/2006, 20:40:24] - BHO 7: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} ()
[11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:40:24] - No filename found. Continuing.
[11/05/2006, 20:40:24] - BHO 8: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888)
[11/05/2006, 20:40:24] - BHO 9: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} ()
[11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:40:24] - Checking for HKLM\...\Winlogon\Notify\xlovduhs
[11/05/2006, 20:40:24] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing.
[11/05/2006, 20:40:24] - Finished Searching Browser Helper Objects
[11/05/2006, 20:40:24] - *** Detected MSEvents Object
[11/05/2006, 20:40:24] - Trying to remove MSEvents Object...
[11/05/2006, 20:40:25] - Terminating Process: IEXPLORE.EXE
[11/05/2006, 20:40:25] - Terminating Process: RUNDLL32.EXE
[11/05/2006, 20:40:26] - Disabling Automatic Shell Restart
[11/05/2006, 20:40:26] - Terminating Process: EXPLORER.EXE
[11/05/2006, 20:40:26] - Suspending the NT Session Manager System Service
[11/05/2006, 20:40:27] - Terminating Windows NT Logon/Logoff Manager

[11/05/2006, 20:46:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" )
[11/05/2006, 20:46:55] - Detected System Information:
[11/05/2006, 20:46:55] - Windows Version: 5.1.2600, Service Pack 2
[11/05/2006, 20:46:55] - Current Username: Ant (Admin)
[11/05/2006, 20:46:55] - Windows is in NORMAL mode.
[11/05/2006, 20:46:55] - Searching for Browser Helper Objects:
[11/05/2006, 20:46:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/05/2006, 20:46:55] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} ()
[11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:55] - No filename found. Continuing.
[11/05/2006, 20:46:55] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} ()
[11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:55] - Checking for HKLM\...\Winlogon\Notify\aankmyf
[11/05/2006, 20:46:55] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing.
[11/05/2006, 20:46:55] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} ()
[11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:55] - No filename found. Continuing.
[11/05/2006, 20:46:55] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/05/2006, 20:46:55] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} ()
[11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:55] - No filename found. Continuing.
[11/05/2006, 20:46:55] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888)
[11/05/2006, 20:46:55] - BHO 8: {DD857116-8BFD-498C-9F40-FB91E52966EB} ()
[11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:55] - Checking for HKLM\...\Winlogon\Notify\vtstr
[11/05/2006, 20:46:55] - Found: HKLM\...\Winlogon\Notify\vtstr - This is probably Virtumundo.
[11/05/2006, 20:46:55] - Assigning {DD857116-8BFD-498C-9F40-FB91E52966EB} MSEvents Object
[11/05/2006, 20:46:55] - BHO list has been changed! Starting over...
[11/05/2006, 20:46:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/05/2006, 20:46:55] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} ()
[11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:55] - No filename found. Continuing.
[11/05/2006, 20:46:55] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} ()
[11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:55] - Checking for HKLM\...\Winlogon\Notify\aankmyf
[11/05/2006, 20:46:55] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing.
[11/05/2006, 20:46:55] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} ()
[11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:55] - No filename found. Continuing.
[11/05/2006, 20:46:55] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/05/2006, 20:46:56] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} ()
[11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:56] - No filename found. Continuing.
[11/05/2006, 20:46:56] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888)
[11/05/2006, 20:46:56] - BHO 8: {DD857116-8BFD-498C-9F40-FB91E52966EB} (MSEvents Object)
[11/05/2006, 20:46:56] - ALERT: Found MSEvents Object!
[11/05/2006, 20:46:56] - BHO 9: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} ()
[11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:56] - Checking for HKLM\...\Winlogon\Notify\xlovduhs
[11/05/2006, 20:46:56] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing.
[11/05/2006, 20:46:56] - BHO 10: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} ()
[11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:56] - Checking for HKLM\...\Winlogon\Notify\wvutusp
[11/05/2006, 20:46:56] - Found: HKLM\...\Winlogon\Notify\wvutusp - This is probably Virtumundo.
[11/05/2006, 20:46:56] - Assigning {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} MSEvents Object
[11/05/2006, 20:46:56] - BHO list has been changed! Starting over...
[11/05/2006, 20:46:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/05/2006, 20:46:56] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} ()
[11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:56] - No filename found. Continuing.
[11/05/2006, 20:46:56] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} ()
[11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:56] - Checking for HKLM\...\Winlogon\Notify\aankmyf
[11/05/2006, 20:46:56] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing.
[11/05/2006, 20:46:56] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} ()
[11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:56] - No filename found. Continuing.
[11/05/2006, 20:46:56] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/05/2006, 20:46:56] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} ()
[11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:56] - No filename found. Continuing.
[11/05/2006, 20:46:56] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888)
[11/05/2006, 20:46:56] - BHO 8: {DD857116-8BFD-498C-9F40-FB91E52966EB} (MSEvents Object)
[11/05/2006, 20:46:56] - ALERT: Found MSEvents Object!
[11/05/2006, 20:46:56] - BHO 9: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} ()
[11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:46:56] - Checking for HKLM\...\Winlogon\Notify\xlovduhs
[11/05/2006, 20:46:56] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing.
[11/05/2006, 20:46:56] - BHO 10: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} (MSEvents Object)
[11/05/2006, 20:46:56] - ALERT: Found MSEvents Object!
[11/05/2006, 20:46:56] - Finished Searching Browser Helper Objects
[11/05/2006, 20:46:56] - *** Detected MSEvents Object
[11/05/2006, 20:46:56] - Trying to remove MSEvents Object...
[11/05/2006, 20:46:57] - Terminating Process: IEXPLORE.EXE
[11/05/2006, 20:46:58] - Terminating Process: RUNDLL32.EXE
[11/05/2006, 20:46:58] - Disabling Automatic Shell Restart
[11/05/2006, 20:46:58] - Terminating Process: EXPLORER.EXE
[11/05/2006, 20:46:58] - Suspending the NT Session Manager System Service
[11/05/2006, 20:46:58] - Terminating Windows NT Logon/Logoff Manager
[11/05/2006, 20:52:27] - Re-enabling Automatic Shell Restart
[11/05/2006, 20:52:27] - File to disable: C:\WINDOWS\system32\vtstr.dll
[11/05/2006, 20:52:27] - Renaming C:\WINDOWS\system32\vtstr.dll -> C:\WINDOWS\system32\vtstr.dll.vir
[11/05/2006, 20:52:27] - File successfully renamed!
[11/05/2006, 20:52:27] - Removing HKLM\...\Browser Helper Objects\{DD857116-8BFD-498C-9F40-FB91E52966EB}
[11/05/2006, 20:52:27] - Removing HKCR\CLSID\{DD857116-8BFD-498C-9F40-FB91E52966EB}
[11/05/2006, 20:52:27] - Adding Kill Bit for ActiveX for GUID: {DD857116-8BFD-498C-9F40-FB91E52966EB}
[11/05/2006, 20:52:27] - Deleting ATLEvents/MSEvents Registry entries
[11/05/2006, 20:52:27] - Removing HKLM\...\Winlogon\Notify\vtstr
[11/05/2006, 20:52:27] - Searching for Browser Helper Objects:
[11/05/2006, 20:52:27] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/05/2006, 20:52:27] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} ()
[11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:27] - No filename found. Continuing.
[11/05/2006, 20:52:27] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} ()
[11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:27] - Checking for HKLM\...\Winlogon\Notify\aankmyf
[11/05/2006, 20:52:27] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing.
[11/05/2006, 20:52:27] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} ()
[11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:27] - No filename found. Continuing.
[11/05/2006, 20:52:27] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/05/2006, 20:52:27] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} ()
[11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:27] - No filename found. Continuing.
[11/05/2006, 20:52:27] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888)
[11/05/2006, 20:52:27] - BHO 8: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} ()
[11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:27] - Checking for HKLM\...\Winlogon\Notify\xlovduhs
[11/05/2006, 20:52:27] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing.
[11/05/2006, 20:52:27] - BHO 9: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} (MSEvents Object)
[11/05/2006, 20:52:27] - ALERT: Found MSEvents Object!
[11/05/2006, 20:52:27] - Finished Searching Browser Helper Objects
[11/05/2006, 20:52:27] - *** Detected MSEvents Object
[11/05/2006, 20:52:27] - Trying to remove MSEvents Object...
[11/05/2006, 20:52:28] - Terminating Process: IEXPLORE.EXE
[11/05/2006, 20:52:29] - Terminating Process: RUNDLL32.EXE
[11/05/2006, 20:52:29] - Disabling Automatic Shell Restart
[11/05/2006, 20:52:29] - Terminating Process: EXPLORER.EXE
[11/05/2006, 20:52:29] - Suspending the NT Session Manager System Service
[11/05/2006, 20:52:29] - Terminating Windows NT Logon/Logoff Manager
[11/05/2006, 20:52:29] - Re-enabling Automatic Shell Restart
[11/05/2006, 20:52:29] - File to disable: C:\WINDOWS\system32\wvutusp.dll
[11/05/2006, 20:52:29] - Renaming C:\WINDOWS\system32\wvutusp.dll -> C:\WINDOWS\system32\wvutusp.dll.vir
[11/05/2006, 20:52:29] - File successfully renamed!
[11/05/2006, 20:52:29] - Removing HKLM\...\Browser Helper Objects\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}
[11/05/2006, 20:52:29] - Removing HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}
[11/05/2006, 20:52:29] - Adding Kill Bit for ActiveX for GUID: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2}
[11/05/2006, 20:52:29] - Deleting ATLEvents/MSEvents Registry entries
[11/05/2006, 20:52:29] - Removing HKLM\...\Winlogon\Notify\wvutusp
[11/05/2006, 20:52:29] - Searching for Browser Helper Objects:
[11/05/2006, 20:52:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/05/2006, 20:52:29] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} ()
[11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:29] - No filename found. Continuing.
[11/05/2006, 20:52:29] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} ()
[11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:29] - Checking for HKLM\...\Winlogon\Notify\aankmyf
[11/05/2006, 20:52:29] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing.
[11/05/2006, 20:52:29] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} ()
[11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:29] - No filename found. Continuing.
[11/05/2006, 20:52:29] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[11/05/2006, 20:52:29] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} ()
[11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:29] - No filename found. Continuing.
[11/05/2006, 20:52:29] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888)
[11/05/2006, 20:52:29] - BHO 8: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} ()
[11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/05/2006, 20:52:29] - Checking for HKLM\...\Winlogon\Notify\xlovduhs
[11/05/2006, 20:52:29] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing.
[11/05/2006, 20:52:29] - Finished Searching Browser Helper Objects
[11/05/2006, 20:52:29] - Finishing up...
[11/05/2006, 20:52:29] - A restart is needed.
[11/05/2006, 20:52:55] - Attempting to Restart via STOP error (Blue Screen!)

[02/17/2007, 13:46:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" )
[02/17/2007, 13:46:40] - Detected System Information:
[02/17/2007, 13:46:40] - Windows Version: 5.1.2600, Service Pack 2
[02/17/2007, 13:46:40] - Current Username: Ant (Admin)
[02/17/2007, 13:46:40] - Windows is in NORMAL mode.
[02/17/2007, 13:46:40] - Searching for Browser Helper Objects:
[02/17/2007, 13:46:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/17/2007, 13:46:40] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/17/2007, 13:46:40] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/17/2007, 13:46:40] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - No filename found. Continuing.
[02/17/2007, 13:46:40] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\nnnkhgf
[02/17/2007, 13:46:40] - Found: HKLM\...\Winlogon\Notify\nnnkhgf - This is probably Virtumundo.
[02/17/2007, 13:46:40] - Assigning {613E7B70-5380-4063-A060-C147AB994C02} MSEvents Object
[02/17/2007, 13:46:40] - BHO list has been changed! Starting over...
[02/17/2007, 13:46:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/17/2007, 13:46:40] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/17/2007, 13:46:40] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/17/2007, 13:46:40] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - No filename found. Continuing.
[02/17/2007, 13:46:40] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} (MSEvents Object)
[02/17/2007, 13:46:40] - ALERT: Found MSEvents Object!
[02/17/2007, 13:46:40] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/17/2007, 13:46:40] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\ixl
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing.
[02/17/2007, 13:46:40] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - No filename found. Continuing.
[02/17/2007, 13:46:40] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/17/2007, 13:46:40] - BHO 10: {CFD92842-4212-438D-957F-955DF13E78EE} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\ddayv
[02/17/2007, 13:46:40] - Found: HKLM\...\Winlogon\Notify\ddayv - This is probably Virtumundo.
[02/17/2007, 13:46:40] - Assigning {CFD92842-4212-438D-957F-955DF13E78EE} MSEvents Object
[02/17/2007, 13:46:40] - BHO list has been changed! Starting over...
[02/17/2007, 13:46:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/17/2007, 13:46:40] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/17/2007, 13:46:40] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/17/2007, 13:46:40] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - No filename found. Continuing.
[02/17/2007, 13:46:40] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} (MSEvents Object)
[02/17/2007, 13:46:40] - ALERT: Found MSEvents Object!
[02/17/2007, 13:46:40] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/17/2007, 13:46:40] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\ixl
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing.
[02/17/2007, 13:46:40] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - No filename found. Continuing.
[02/17/2007, 13:46:40] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/17/2007, 13:46:40] - BHO 10: {CFD92842-4212-438D-957F-955DF13E78EE} (MSEvents Object)
[02/17/2007, 13:46:40] - ALERT: Found MSEvents Object!
[02/17/2007, 13:46:40] - BHO 11: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm
[02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing.
[02/17/2007, 13:46:40] - BHO 12: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} ()
[02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:46:40] - No filename found. Continuing.
[02/17/2007, 13:46:40] - Finished Searching Browser Helper Objects
[02/17/2007, 13:46:40] - *** Detected MSEvents Object
[02/17/2007, 13:46:40] - Trying to remove MSEvents Object...
[02/17/2007, 13:46:41] - Terminating Process: IEXPLORE.EXE
[02/17/2007, 13:46:42] - Terminating Process: RUNDLL32.EXE
[02/17/2007, 13:46:42] - Disabling Automatic Shell Restart
[02/17/2007, 13:46:42] - Terminating Process: EXPLORER.EXE
[02/17/2007, 13:46:42] - Suspending the NT Session Manager System Service
[02/17/2007, 13:46:43] - Terminating Windows NT Logon/Logoff Manager
[02/17/2007, 13:52:11] - Re-enabling Automatic Shell Restart
[02/17/2007, 13:52:11] - File to disable: C:\WINDOWS\system32\nnnkhgf.dll
[02/17/2007, 13:52:11] - Renaming C:\WINDOWS\system32\nnnkhgf.dll -> C:\WINDOWS\system32\nnnkhgf.dll.vir
[02/17/2007, 13:52:11] - File successfully renamed!
[02/17/2007, 13:52:11] - Removing HKLM\...\Browser Helper Objects\{613E7B70-5380-4063-A060-C147AB994C02}
[02/17/2007, 13:52:11] - Removing HKCR\CLSID\{613E7B70-5380-4063-A060-C147AB994C02}
[02/17/2007, 13:52:11] - Adding Kill Bit for ActiveX for GUID: {613E7B70-5380-4063-A060-C147AB994C02}
[02/17/2007, 13:52:11] - Deleting ATLEvents/MSEvents Registry entries
[02/17/2007, 13:52:11] - Removing HKLM\...\Winlogon\Notify\nnnkhgf
[02/17/2007, 13:52:11] - Searching for Browser Helper Objects:
[02/17/2007, 13:52:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/17/2007, 13:52:11] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/17/2007, 13:52:11] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/17/2007, 13:52:11] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:11] - No filename found. Continuing.
[02/17/2007, 13:52:11] - BHO 5: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/17/2007, 13:52:11] - BHO 6: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} ()
[02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\ixl
[02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing.
[02/17/2007, 13:52:11] - BHO 7: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} ()
[02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:11] - No filename found. Continuing.
[02/17/2007, 13:52:11] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/17/2007, 13:52:11] - BHO 9: {CFD92842-4212-438D-957F-955DF13E78EE} (MSEvents Object)
[02/17/2007, 13:52:11] - ALERT: Found MSEvents Object!
[02/17/2007, 13:52:11] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm
[02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing.
[02/17/2007, 13:52:11] - BHO 11: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} ()
[02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:11] - No filename found. Continuing.
[02/17/2007, 13:52:11] - Finished Searching Browser Helper Objects
[02/17/2007, 13:52:11] - *** Detected MSEvents Object
[02/17/2007, 13:52:11] - Trying to remove MSEvents Object...
[02/17/2007, 13:52:12] - Terminating Process: IEXPLORE.EXE
[02/17/2007, 13:52:12] - Terminating Process: RUNDLL32.EXE
[02/17/2007, 13:52:12] - Disabling Automatic Shell Restart
[02/17/2007, 13:52:12] - Terminating Process: EXPLORER.EXE
[02/17/2007, 13:52:12] - Suspending the NT Session Manager System Service
[02/17/2007, 13:52:13] - Terminating Windows NT Logon/Logoff Manager
[02/17/2007, 13:52:13] - Re-enabling Automatic Shell Restart
[02/17/2007, 13:52:13] - File to disable: C:\WINDOWS\system32\ddayv.dll
[02/17/2007, 13:52:13] - Renaming C:\WINDOWS\system32\ddayv.dll -> C:\WINDOWS\system32\ddayv.dll.vir
[02/17/2007, 13:52:13] - File successfully renamed!
[02/17/2007, 13:52:13] - Removing HKLM\...\Browser Helper Objects\{CFD92842-4212-438D-957F-955DF13E78EE}
[02/17/2007, 13:52:13] - Removing HKCR\CLSID\{CFD92842-4212-438D-957F-955DF13E78EE}
[02/17/2007, 13:52:13] - Adding Kill Bit for ActiveX for GUID: {CFD92842-4212-438D-957F-955DF13E78EE}
[02/17/2007, 13:52:13] - Deleting ATLEvents/MSEvents Registry entries
[02/17/2007, 13:52:13] - Removing HKLM\...\Winlogon\Notify\ddayv
[02/17/2007, 13:52:13] - Searching for Browser Helper Objects:
[02/17/2007, 13:52:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/17/2007, 13:52:13] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/17/2007, 13:52:13] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/17/2007, 13:52:13] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:13] - No filename found. Continuing.
[02/17/2007, 13:52:13] - BHO 5: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/17/2007, 13:52:13] - BHO 6: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} ()
[02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\ixl
[02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing.
[02/17/2007, 13:52:13] - BHO 7: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} ()
[02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:13] - No filename found. Continuing.
[02/17/2007, 13:52:13] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/17/2007, 13:52:13] - BHO 9: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm
[02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing.
[02/17/2007, 13:52:13] - BHO 10: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} ()
[02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 13:52:13] - No filename found. Continuing.
[02/17/2007, 13:52:13] - Finished Searching Browser Helper Objects
[02/17/2007, 13:52:13] - Finishing up...
[02/17/2007, 13:52:13] - A restart is needed.
[02/17/2007, 14:54:49] - Attempting to Restart via STOP error (Blue Screen!)

[02/17/2007, 15:52:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" )
[02/17/2007, 15:52:33] - Detected System Information:
[02/17/2007, 15:52:33] - Windows Version: 5.1.2600, Service Pack 2
[02/17/2007, 15:52:33] - Current Username: Administrator (Admin)
[02/17/2007, 15:52:33] - Windows is in SAFE mode with Networking.
[02/17/2007, 15:52:33] - Searching for Browser Helper Objects:
[02/17/2007, 15:52:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/17/2007, 15:52:33] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 15:52:33] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/17/2007, 15:52:33] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/17/2007, 15:52:33] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 15:52:33] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/17/2007, 15:52:33] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/17/2007, 15:52:33] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 15:52:33] - No filename found. Continuing.
[02/17/2007, 15:52:33] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} ()
[02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 15:52:33] - No filename found. Continuing.
[02/17/2007, 15:52:33] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 15:52:33] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/17/2007, 15:52:33] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/17/2007, 15:52:33] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} ()
[02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 15:52:33] - Checking for HKLM\...\Winlogon\Notify\ixl
[02/17/2007, 15:52:33] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing.
[02/17/2007, 15:52:34] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} ()
[02/17/2007, 15:52:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 15:52:34] - No filename found. Continuing.
[02/17/2007, 15:52:34] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/17/2007, 15:52:34] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/17/2007, 15:52:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 15:52:34] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm
[02/17/2007, 15:52:34] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing.
[02/17/2007, 15:52:34] - BHO 11: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} ()
[02/17/2007, 15:52:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 15:52:34] - No filename found. Continuing.
[02/17/2007, 15:52:34] - Finished Searching Browser Helper Objects
[02/17/2007, 15:52:34] - Finishing up...
[02/17/2007, 15:52:34] - Nothing found! Exiting...

[02/17/2007, 21:33:03] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" )
[02/17/2007, 21:33:04] - Detected System Information:
[02/17/2007, 21:33:04] - Windows Version: 5.1.2600, Service Pack 2
[02/17/2007, 21:33:04] - Current Username: Administrator (Admin)
[02/17/2007, 21:33:04] - Windows is in SAFE mode with Networking.
[02/17/2007, 21:33:04] - Searching for Browser Helper Objects:
[02/17/2007, 21:33:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/17/2007, 21:33:04] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/17/2007, 21:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 21:33:04] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/17/2007, 21:33:04] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/17/2007, 21:33:04] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 21:33:05] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/17/2007, 21:33:05] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/17/2007, 21:33:05] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 21:33:05] - No filename found. Continuing.
[02/17/2007, 21:33:05] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} ()
[02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 21:33:05] - No filename found. Continuing.
[02/17/2007, 21:33:05] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 21:33:05] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/17/2007, 21:33:05] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/17/2007, 21:33:05] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} ()
[02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 21:33:05] - Checking for HKLM\...\Winlogon\Notify\ixl
[02/17/2007, 21:33:05] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing.
[02/17/2007, 21:33:05] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} ()
[02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 21:33:05] - No filename found. Continuing.
[02/17/2007, 21:33:05] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/17/2007, 21:33:05] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 21:33:05] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm
[02/17/2007, 21:33:05] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing.
[02/17/2007, 21:33:05] - BHO 11: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} ()
[02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2007, 21:33:05] - No filename found. Continuing.
[02/17/2007, 21:33:05] - Finished Searching Browser Helper Objects
[02/17/2007, 21:33:05] - Finishing up...
[02/17/2007, 21:33:05] - Nothing found! Exiting...

[02/18/2007, 15:33:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" )
[02/18/2007, 15:33:19] - Detected System Information:
[02/18/2007, 15:33:19] - Windows Version: 5.1.2600, Service Pack 2
[02/18/2007, 15:33:19] - Current Username: Administrator (Admin)
[02/18/2007, 15:33:19] - Windows is in SAFE mode with Networking.
[02/18/2007, 15:33:19] - Searching for Browser Helper Objects:
[02/18/2007, 15:33:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/18/2007, 15:33:19] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/18/2007, 15:33:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:19] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/18/2007, 15:33:19] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/18/2007, 15:33:20] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:20] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/18/2007, 15:33:20] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/18/2007, 15:33:20] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:20] - No filename found. Continuing.
[02/18/2007, 15:33:20] - BHO 5: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} ()
[02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:20] - Checking for HKLM\...\Winlogon\Notify\urqnkkh
[02/18/2007, 15:33:20] - Found: HKLM\...\Winlogon\Notify\urqnkkh - This is probably Virtumundo.
[02/18/2007, 15:33:20] - Assigning {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} MSEvents Object
[02/18/2007, 15:33:20] - BHO list has been changed! Starting over...
[02/18/2007, 15:33:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/18/2007, 15:33:20] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:20] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/18/2007, 15:33:20] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/18/2007, 15:33:20] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:20] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/18/2007, 15:33:20] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/18/2007, 15:33:20] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:21] - No filename found. Continuing.
[02/18/2007, 15:33:21] - BHO 5: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} (MSEvents Object)
[02/18/2007, 15:33:21] - ALERT: Found MSEvents Object!
[02/18/2007, 15:33:21] - BHO 6: {613E7B70-5380-4063-A060-C147AB994C02} ()
[02/18/2007, 15:33:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:21] - No filename found. Continuing.
[02/18/2007, 15:33:21] - BHO 7: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/18/2007, 15:33:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:21] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/18/2007, 15:33:21] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/18/2007, 15:33:21] - BHO 8: {6BA9D445-B6D6-45C5-A854-C22B271911AA} ()
[02/18/2007, 15:33:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:21] - Checking for HKLM\...\Winlogon\Notify\ssqrr
[02/18/2007, 15:33:21] - Found: HKLM\...\Winlogon\Notify\ssqrr - This is probably Virtumundo.
[02/18/2007, 15:33:21] - Assigning {6BA9D445-B6D6-45C5-A854-C22B271911AA} MSEvents Object
[02/18/2007, 15:33:22] - BHO list has been changed! Starting over...
[02/18/2007, 15:33:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/18/2007, 15:33:22] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:22] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/18/2007, 15:33:22] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/18/2007, 15:33:22] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:22] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/18/2007, 15:33:22] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/18/2007, 15:33:22] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:22] - No filename found. Continuing.
[02/18/2007, 15:33:22] - BHO 5: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} (MSEvents Object)
[02/18/2007, 15:33:22] - ALERT: Found MSEvents Object!
[02/18/2007, 15:33:22] - BHO 6: {613E7B70-5380-4063-A060-C147AB994C02} ()
[02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:22] - No filename found. Continuing.
[02/18/2007, 15:33:22] - BHO 7: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:22] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/18/2007, 15:33:22] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/18/2007, 15:33:22] - BHO 8: {6BA9D445-B6D6-45C5-A854-C22B271911AA} (MSEvents Object)
[02/18/2007, 15:33:22] - ALERT: Found MSEvents Object!
[02/18/2007, 15:33:23] - BHO 9: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} ()
[02/18/2007, 15:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:23] - Checking for HKLM\...\Winlogon\Notify\ixl
[02/18/2007, 15:33:23] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing.
[02/18/2007, 15:33:23] - BHO 10: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} ()
[02/18/2007, 15:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:23] - No filename found. Continuing.
[02/18/2007, 15:33:23] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/18/2007, 15:33:23] - BHO 12: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/18/2007, 15:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:23] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm
[02/18/2007, 15:33:23] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing.
[02/18/2007, 15:33:23] - BHO 13: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} ()
[02/18/2007, 15:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:33:23] - No filename found. Continuing.
[02/18/2007, 15:33:23] - Finished Searching Browser Helper Objects
[02/18/2007, 15:33:23] - *** Detected MSEvents Object
[02/18/2007, 15:33:23] - Trying to remove MSEvents Object...
[02/18/2007, 15:33:25] - Terminating Process: IEXPLORE.EXE
[02/18/2007, 15:33:26] - Terminating Process: RUNDLL32.EXE
[02/18/2007, 15:33:26] - Disabling Automatic Shell Restart
[02/18/2007, 15:33:26] - Terminating Process: EXPLORER.EXE
[02/18/2007, 15:33:27] - Suspending the NT Session Manager System Service
[02/18/2007, 15:33:27] - Terminating Windows NT Logon/Logoff Manager
[02/18/2007, 15:38:55] - Re-enabling Automatic Shell Restart
[02/18/2007, 15:38:55] - File to disable: C:\WINDOWS\system32\urqnkkh.dll
[02/18/2007, 15:38:55] - Renaming C:\WINDOWS\system32\urqnkkh.dll -> C:\WINDOWS\system32\urqnkkh.dll.vir
[02/18/2007, 15:38:55] - File successfully renamed!
[02/18/2007, 15:38:55] - Removing HKLM\...\Browser Helper Objects\{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}
[02/18/2007, 15:38:55] - Removing HKCR\CLSID\{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}
[02/18/2007, 15:38:55] - Adding Kill Bit for ActiveX for GUID: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2}
[02/18/2007, 15:38:55] - Deleting ATLEvents/MSEvents Registry entries
[02/18/2007, 15:38:55] - Removing HKLM\...\Winlogon\Notify\urqnkkh
[02/18/2007, 15:38:55] - Searching for Browser Helper Objects:
[02/18/2007, 15:38:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/18/2007, 15:38:56] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/18/2007, 15:38:56] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/18/2007, 15:38:56] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:56] - No filename found. Continuing.
[02/18/2007, 15:38:56] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} ()
[02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:56] - No filename found. Continuing.
[02/18/2007, 15:38:56] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/18/2007, 15:38:56] - BHO 7: {6BA9D445-B6D6-45C5-A854-C22B271911AA} (MSEvents Object)
[02/18/2007, 15:38:56] - ALERT: Found MSEvents Object!
[02/18/2007, 15:38:56] - BHO 8: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} ()
[02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\ixl
[02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing.
[02/18/2007, 15:38:56] - BHO 9: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} ()
[02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:56] - No filename found. Continuing.
[02/18/2007, 15:38:56] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/18/2007, 15:38:56] - BHO 11: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm
[02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing.
[02/18/2007, 15:38:56] - BHO 12: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} ()
[02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:56] - No filename found. Continuing.
[02/18/2007, 15:38:56] - Finished Searching Browser Helper Objects
[02/18/2007, 15:38:56] - *** Detected MSEvents Object
[02/18/2007, 15:38:56] - Trying to remove MSEvents Object...
[02/18/2007, 15:38:57] - Terminating Process: IEXPLORE.EXE
[02/18/2007, 15:38:57] - Terminating Process: RUNDLL32.EXE
[02/18/2007, 15:38:57] - Disabling Automatic Shell Restart
[02/18/2007, 15:38:57] - Terminating Process: EXPLORER.EXE
[02/18/2007, 15:38:57] - Suspending the NT Session Manager System Service
[02/18/2007, 15:38:57] - Terminating Windows NT Logon/Logoff Manager
[02/18/2007, 15:38:58] - Re-enabling Automatic Shell Restart
[02/18/2007, 15:38:58] - File to disable: C:\WINDOWS\system32\ssqrr.dll
[02/18/2007, 15:38:58] - Renaming C:\WINDOWS\system32\ssqrr.dll -> C:\WINDOWS\system32\ssqrr.dll.vir
[02/18/2007, 15:38:58] - File successfully renamed!
[02/18/2007, 15:38:58] - Removing HKLM\...\Browser Helper Objects\{6BA9D445-B6D6-45C5-A854-C22B271911AA}
[02/18/2007, 15:38:58] - Removing HKCR\CLSID\{6BA9D445-B6D6-45C5-A854-C22B271911AA}
[02/18/2007, 15:38:58] - Adding Kill Bit for ActiveX for GUID: {6BA9D445-B6D6-45C5-A854-C22B271911AA}
[02/18/2007, 15:38:58] - Deleting ATLEvents/MSEvents Registry entries
[02/18/2007, 15:38:58] - Removing HKLM\...\Winlogon\Notify\ssqrr
[02/18/2007, 15:38:58] - Searching for Browser Helper Objects:
[02/18/2007, 15:38:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/18/2007, 15:38:58] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} ()
[02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:58] - Checking for HKLM\...\Winlogon\Notify\xsvebvb
[02/18/2007, 15:38:58] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing.
[02/18/2007, 15:38:58] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} ()
[02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:58] - Checking for HKLM\...\Winlogon\Notify\jkhfe
[02/18/2007, 15:38:58] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing.
[02/18/2007, 15:38:58] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} ()
[02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:58] - No filename found. Continuing.
[02/18/2007, 15:38:58] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} ()
[02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:58] - No filename found. Continuing.
[02/18/2007, 15:38:58] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} ()
[02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:58] - Checking for HKLM\...\Winlogon\Notify\isadd
[02/18/2007, 15:38:58] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing.
[02/18/2007, 15:38:58] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} ()
[02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:58] - Checking for HKLM\...\Winlogon\Notify\ixl
[02/18/2007, 15:38:58] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing.
[02/18/2007, 15:38:58] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} ()
[02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:58] - No filename found. Continuing.
[02/18/2007, 15:38:58] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/18/2007, 15:38:58] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[02/18/2007, 15:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:59] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm
[02/18/2007, 15:38:59] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing.
[02/18/2007, 15:38:59] - BHO 11: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} ()
[02/18/2007, 15:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/18/2007, 15:38:59] - No filename found. Continuing.
[02/18/2007, 15:38:59] - Finished Searching Browser Helper Objects
[02/18/2007, 15:38:59] - Finishing up...
[02/18/2007, 15:38:59] - A restart is needed.
[02/18/2007, 15:39:04] - Attempting to Restart via STOP error (Blue Screen!)

[02/19/2007, 20:03:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" )
[02/19/2007, 20:03:53] - Detected System Information:
[02/19/2007, 20:03:53] - Windows Version: 5.1.2600, Service Pack 2
[02/19/2007, 20:03:53] - Current Username: Ant (Admin)
[02/19/2007, 20:03:53] - Windows is in NORMAL mode.
[02/19/2007, 20:03:53] - Searching for Browser Helper Objects:
[02/19/2007, 20:03:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/19/2007, 20:03:53] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/19/2007, 20:03:53] - Finished Searching Browser Helper Objects
[02/19/2007, 20:03:53] - Finishing up...
[02/19/2007, 20:03:53] - Nothing found! Exiting...

[02/19/2007, 20:04:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" )
[02/19/2007, 20:04:20] - Detected System Information:
[02/19/2007, 20:04:20] - Windows Version: 5.1.2600, Service Pack 2
[02/19/2007, 20:04:20] - Current Username: Ant (Admin)
[02/19/2007, 20:04:20] - Windows is in NORMAL mode.
[02/19/2007, 20:04:20] - Searching for Browser Helper Objects:
[02/19/2007, 20:04:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/19/2007, 20:04:20] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/19/2007, 20:04:20] - Finished Searching Browser Helper Objects
[02/19/2007, 20:04:20] - Finishing up...
[02/19/2007, 20:04:20] - Nothing found! Exiting...

[02/19/2007, 20:10:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" )
[02/19/2007, 20:10:22] - Detected System Information:
[02/19/2007, 20:10:22] - Windows Version: 5.1.2600, Service Pack 2
[02/19/2007, 20:10:22] - Current Username: Ant (Admin)
[02/19/2007, 20:10:22] - Windows is in NORMAL mode.
[02/19/2007, 20:10:22] - Searching for Browser Helper Objects:
[02/19/2007, 20:10:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/19/2007, 20:10:22] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/19/2007, 20:10:22] - Finished Searching Browser Helper Objects
[02/19/2007, 20:10:22] - Finishing up...
[02/19/2007, 20:10:22] - Nothing found! Exiting...

Osiris · Feb 19, 2007

remove these entries

O20 - Winlogon Notify: vtstr - C:\WINDOWS\

O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll

are you still having problems?

lsals · Feb 20, 2007

re

Hi warez. Thanks agin for your reply. I'm at work right now but I'll remove those as soon as I get home. The little icons in the bottom right seem to have gone but I still get loads of popups that eventually crash Internet explorer,

thanks

Ant

Osiris · Feb 20, 2007

ok, after you remove those post a new log

lsals · Feb 20, 2007

re

Hi. Here's my new log. I was still getting random popups from somewhere as I was trying to post this.

Logfile of HijackThis v1.99.1
Scan saved at 22:09:14, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theworldsfavouritehomepage.com/test
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

please analyze and help remove spydawn AND winantivirus

lsals

Baseband Member

Jam3s-Zer0

Daemon Poster

lsals

Baseband Member

Osiris

Golden Master

lsals

Baseband Member

lsals

Baseband Member

Osiris

Golden Master

lsals

Baseband Member

Osiris

Golden Master

lsals

Baseband Member

Similar threads