|
[08/27/2007, 0:03:41] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\LAURENT\Bureau\VirtumundoBeGone.exe" ) [08/27/2007, 0:03:51] - Detected System Information: [08/27/2007, 0:03:51] - Windows Version: 5.1.2600, Service Pack 2 [08/27/2007, 0:03:51] - Current Username: LAURENT (Admin) [08/27/2007, 0:03:51] - Windows is in NORMAL mode. [08/27/2007, 0:03:51] - Searching for Browser Helper Objects: [08/27/2007, 0:03:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [08/27/2007, 0:03:51] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [08/27/2007, 0:03:51] - BHO 3: {1c81604c-b3cc-49ea-8538-e294e9b129e8} () [08/27/2007, 0:03:51] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/27/2007, 0:03:51] - Checking for HKLM\...\Winlogon\Notify\matlpq [08/27/2007, 0:03:51] - Found: HKLM\...\Winlogon\Notify\matlpq - This is probably Virtumundo. [08/27/2007, 0:03:51] - Assigning {1c81604c-b3cc-49ea-8538-e294e9b129e8} MSEvents Object [08/27/2007, 0:03:51] - BHO list has been changed! Starting over... [08/27/2007, 0:03:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [08/27/2007, 0:03:51] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [08/27/2007, 0:03:51] - BHO 3: {1c81604c-b3cc-49ea-8538-e294e9b129e8} (MSEvents Object) [08/27/2007, 0:03:51] - ALERT: Found MSEvents Object! [08/27/2007, 0:03:51] - BHO 4: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class) [08/27/2007, 0:03:51] - BHO 5: {67468DC2-4300-54B0-4DCD-F0459EF0FC59} () [08/27/2007, 0:03:51] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/27/2007, 0:03:51] - No filename found. Continuing. [08/27/2007, 0:03:51] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/27/2007, 0:03:51] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [08/27/2007, 0:03:51] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/27/2007, 0:03:51] - No filename found. Continuing. [08/27/2007, 0:03:51] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [08/27/2007, 0:03:51] - BHO 9: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST) [08/27/2007, 0:03:51] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO) [08/27/2007, 0:03:51] - BHO 11: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class) [08/27/2007, 0:03:51] - Finished Searching Browser Helper Objects [08/27/2007, 0:03:51] - *** Detected MSEvents Object [08/27/2007, 0:03:51] - Trying to remove MSEvents Object... [08/27/2007, 0:03:52] - Terminating Process: IEXPLORE.EXE [08/27/2007, 0:03:53] - Terminating Process: RUNDLL32.EXE [08/27/2007, 0:03:53] - Disabling Automatic Shell Restart [08/27/2007, 0:03:53] - Terminating Process: EXPLORER.EXE [08/27/2007, 0:03:54] - Suspending the NT Session Manager System Service [08/27/2007, 0:03:54] - Terminating Windows NT Logon/Logoff Manager [08/27/2007, 0:08:55] - Re-enabling Automatic Shell Restart [08/27/2007, 0:08:55] - File to disable: C:\WINDOWS\system32\matlpq.dll [08/27/2007, 0:08:55] - Renaming C:\WINDOWS\system32\matlpq.dll -> C:\WINDOWS\system32\matlpq.dll.vir [08/27/2007, 0:08:56] - File successfully renamed! [08/27/2007, 0:08:56] - Removing HKLM\...\Browser Helper Objects\{1c81604c-b3cc-49ea-8538-e294e9b129e8} [08/27/2007, 0:08:56] - Removing HKCR\CLSID\{1c81604c-b3cc-49ea-8538-e294e9b129e8} [08/27/2007, 0:08:56] - Adding Kill Bit for ActiveX for GUID: {1c81604c-b3cc-49ea-8538-e294e9b129e8} [08/27/2007, 0:08:56] - Deleting ATLEvents/MSEvents Registry entries [08/27/2007, 0:08:56] - Removing HKLM\...\Winlogon\Notify\matlpq [08/27/2007, 0:08:56] - Searching for Browser Helper Objects: [08/27/2007, 0:08:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [08/27/2007, 0:08:56] - BHO 2: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class) [08/27/2007, 0:08:56] - BHO 3: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class) [08/27/2007, 0:08:56] - BHO 4: {67468DC2-4300-54B0-4DCD-F0459EF0FC59} () [08/27/2007, 0:08:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/27/2007, 0:08:56] - No filename found. Continuing. [08/27/2007, 0:08:56] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class) [08/27/2007, 0:08:56] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} () [08/27/2007, 0:08:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [08/27/2007, 0:08:56] - No filename found. Continuing. [08/27/2007, 0:08:56] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [08/27/2007, 0:08:56] - BHO 8: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST) [08/27/2007, 0:08:56] - BHO 9: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO) [08/27/2007, 0:08:56] - BHO 10: {BDF3E430-B101-42AD-A544-FADC6B084872} (CNavExtBho Class) [08/27/2007, 0:08:56] - Finished Searching Browser Helper Objects [08/27/2007, 0:08:56] - Finishing up... [08/27/2007, 0:08:56] - A restart is needed. [08/27/2007, 0:09:39] - Attempting to Restart via STOP error (Blue Screen!) |