|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 please analyze and help remove spydawn AND winantivirus(Click here to view the original thread with full colors/images)Posted by: lsals Hi guys. I posted on here a while back because my computer had been infected with win antivirus and 'warezmonster' was very good at helping me get rid of it. I now have it again. A little red icon appears in the bottom right of the screen with a yellow '!' in the centre and also a blue and white circle appears with a white '?' in the centre. The first one is win antivirus and the second is spydawn and they both keep spawning popups and pretend to be useful programs. I followed Warezmonsters removal guide as I did the first time but it didn't get rid of them so I have ran Hijack this. Please can someone analyze my log and help me out?? thanks alot Anthony Logfile of HijackThis v1.99.1 Scan saved at 17:54:52, on 18/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {0BB12649-D5A7-C516-6E29-01A0C222C039} - C:\WINDOWS\system32\xsvebvb.dll O2 - BHO: (no name) - {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} - C:\WINDOWS\system32\jkhfe.dll (file missing) O2 - BHO: (no name) - {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} - (no file) O2 - BHO: (no name) - {613E7B70-5380-4063-A060-C147AB994C02} - (no file) O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll O2 - BHO: (no name) - {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} - C:\WINDOWS\system32\ixl.dll (file missing) O2 - BHO: (no name) - {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\snfcgjqm.dll O2 - BHO: (no name) - {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} - (no file) O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing) O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\msnetax.dll O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [url]http://download.gigabyte.com.tw/object/Dldrv.ocx[/url] O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [url]http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[/url] O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - [url]http://www.systemrequirementslab.com/sysreqlab.cab[/url] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: ddayv - C:\WINDOWS\ O20 - Winlogon Notify: ksapgh - C:\WINDOWS\SYSTEM32\ksapgh.dll O20 - Winlogon Notify: nnnkhgf - C:\WINDOWS\ O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll O20 - Winlogon Notify: vtstr - C:\WINDOWS\ O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing) O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: msieupdater (Microsoft IE Updater) - Unknown owner - C:\WINDOWS\system32\update00822631.exe O23 - Service: ieupdater2 (Microsoft IE Updater2) - Unknown owner - C:\Documents and Settings\Ant\~tmp0374.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe Posted by: Jam3s-Zer0 Yo Anthony, you have a [i]severely[/i] infected log there. Please run thru the guide linked here: [url]http://tech-forums.net/showthread.php?s=&threadid=119852[/url] Remember to run each step carefully and if you cannot do a step, carry on and posted back with the problem. Posted by: lsals Hi. thanks for your reply. lol, I thought it would be pretty bad. That guide is the guide I said I have already ran through. Is there anything else I can do to get rid? thanks Ant Posted by: Warez Monster Download This program by clicking on the link: VirtumundoBeGone.exe [94.7 KB] Run the program and follow the directions. Make sure you save all your work before! If the virus is detected it will force you to restart your computer right away. [url]http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe[/url] post results after the scan Posted by: lsals hi warez. thanks for your help again. I did a system restore and then ran that program. here is my new log. Logfile of HijackThis v1.99.1 Scan saved at 20:04:50, on 19/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trend Micro\Tmas\Tmas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.theworldsfavouritehomepage.com/test[/url] O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [url]http://download.gigabyte.com.tw/object/Dldrv.ocx[/url] O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [url]http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[/url] O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - [url]http://www.systemrequirementslab.com/sysreqlab.cab[/url] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: vtstr - C:\WINDOWS\ O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe Posted by: lsals and here's the log from vbg. thanks alot [11/05/2006, 20:40:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" ) [11/05/2006, 20:40:24] - Detected System Information: [11/05/2006, 20:40:24] - Windows Version: 5.1.2600, Service Pack 2 [11/05/2006, 20:40:24] - Current Username: Ant (Admin) [11/05/2006, 20:40:24] - Windows is in NORMAL mode. [11/05/2006, 20:40:24] - Searching for Browser Helper Objects: [11/05/2006, 20:40:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [11/05/2006, 20:40:24] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} () [11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:40:24] - Checking for HKLM\...\Winlogon\Notify\vtstr [11/05/2006, 20:40:24] - Found: HKLM\...\Winlogon\Notify\vtstr - This is probably Virtumundo. [11/05/2006, 20:40:24] - Assigning {202B0345-79EA-4A71-988A-0C87B1FEC268} MSEvents Object [11/05/2006, 20:40:24] - BHO list has been changed! Starting over... [11/05/2006, 20:40:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [11/05/2006, 20:40:24] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} (MSEvents Object) [11/05/2006, 20:40:24] - ALERT: Found MSEvents Object! [11/05/2006, 20:40:24] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} () [11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:40:24] - Checking for HKLM\...\Winlogon\Notify\aankmyf [11/05/2006, 20:40:24] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing. [11/05/2006, 20:40:24] - BHO 4: {61977312-9CD2-B371-D388-C4693FDD8EC8} () [11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:40:24] - Checking for HKLM\...\Winlogon\Notify\adglbc [11/05/2006, 20:40:24] - Key not found: HKLM\...\Winlogon\Notify\adglbc, continuing. [11/05/2006, 20:40:24] - BHO 5: {77701e16-9bfe-4b63-a5b4-7bd156758a37} () [11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:40:24] - No filename found. Continuing. [11/05/2006, 20:40:24] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [11/05/2006, 20:40:24] - BHO 7: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} () [11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:40:24] - No filename found. Continuing. [11/05/2006, 20:40:24] - BHO 8: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888) [11/05/2006, 20:40:24] - BHO 9: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} () [11/05/2006, 20:40:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:40:24] - Checking for HKLM\...\Winlogon\Notify\xlovduhs [11/05/2006, 20:40:24] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing. [11/05/2006, 20:40:24] - Finished Searching Browser Helper Objects [11/05/2006, 20:40:24] - *** Detected MSEvents Object [11/05/2006, 20:40:24] - Trying to remove MSEvents Object... [11/05/2006, 20:40:25] - Terminating Process: IEXPLORE.EXE [11/05/2006, 20:40:25] - Terminating Process: RUNDLL32.EXE [11/05/2006, 20:40:26] - Disabling Automatic Shell Restart [11/05/2006, 20:40:26] - Terminating Process: EXPLORER.EXE [11/05/2006, 20:40:26] - Suspending the NT Session Manager System Service [11/05/2006, 20:40:27] - Terminating Windows NT Logon/Logoff Manager [11/05/2006, 20:46:53] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" ) [11/05/2006, 20:46:55] - Detected System Information: [11/05/2006, 20:46:55] - Windows Version: 5.1.2600, Service Pack 2 [11/05/2006, 20:46:55] - Current Username: Ant (Admin) [11/05/2006, 20:46:55] - Windows is in NORMAL mode. [11/05/2006, 20:46:55] - Searching for Browser Helper Objects: [11/05/2006, 20:46:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [11/05/2006, 20:46:55] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} () [11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:55] - No filename found. Continuing. [11/05/2006, 20:46:55] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} () [11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:55] - Checking for HKLM\...\Winlogon\Notify\aankmyf [11/05/2006, 20:46:55] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing. [11/05/2006, 20:46:55] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} () [11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:55] - No filename found. Continuing. [11/05/2006, 20:46:55] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [11/05/2006, 20:46:55] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} () [11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:55] - No filename found. Continuing. [11/05/2006, 20:46:55] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888) [11/05/2006, 20:46:55] - BHO 8: {DD857116-8BFD-498C-9F40-FB91E52966EB} () [11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:55] - Checking for HKLM\...\Winlogon\Notify\vtstr [11/05/2006, 20:46:55] - Found: HKLM\...\Winlogon\Notify\vtstr - This is probably Virtumundo. [11/05/2006, 20:46:55] - Assigning {DD857116-8BFD-498C-9F40-FB91E52966EB} MSEvents Object [11/05/2006, 20:46:55] - BHO list has been changed! Starting over... [11/05/2006, 20:46:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [11/05/2006, 20:46:55] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} () [11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:55] - No filename found. Continuing. [11/05/2006, 20:46:55] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} () [11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:55] - Checking for HKLM\...\Winlogon\Notify\aankmyf [11/05/2006, 20:46:55] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing. [11/05/2006, 20:46:55] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} () [11/05/2006, 20:46:55] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:55] - No filename found. Continuing. [11/05/2006, 20:46:55] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [11/05/2006, 20:46:56] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} () [11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:56] - No filename found. Continuing. [11/05/2006, 20:46:56] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888) [11/05/2006, 20:46:56] - BHO 8: {DD857116-8BFD-498C-9F40-FB91E52966EB} (MSEvents Object) [11/05/2006, 20:46:56] - ALERT: Found MSEvents Object! [11/05/2006, 20:46:56] - BHO 9: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} () [11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:56] - Checking for HKLM\...\Winlogon\Notify\xlovduhs [11/05/2006, 20:46:56] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing. [11/05/2006, 20:46:56] - BHO 10: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} () [11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:56] - Checking for HKLM\...\Winlogon\Notify\wvutusp [11/05/2006, 20:46:56] - Found: HKLM\...\Winlogon\Notify\wvutusp - This is probably Virtumundo. [11/05/2006, 20:46:56] - Assigning {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} MSEvents Object [11/05/2006, 20:46:56] - BHO list has been changed! Starting over... [11/05/2006, 20:46:56] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [11/05/2006, 20:46:56] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} () [11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:56] - No filename found. Continuing. [11/05/2006, 20:46:56] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} () [11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:56] - Checking for HKLM\...\Winlogon\Notify\aankmyf [11/05/2006, 20:46:56] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing. [11/05/2006, 20:46:56] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} () [11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:56] - No filename found. Continuing. [11/05/2006, 20:46:56] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [11/05/2006, 20:46:56] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} () [11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:56] - No filename found. Continuing. [11/05/2006, 20:46:56] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888) [11/05/2006, 20:46:56] - BHO 8: {DD857116-8BFD-498C-9F40-FB91E52966EB} (MSEvents Object) [11/05/2006, 20:46:56] - ALERT: Found MSEvents Object! [11/05/2006, 20:46:56] - BHO 9: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} () [11/05/2006, 20:46:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:46:56] - Checking for HKLM\...\Winlogon\Notify\xlovduhs [11/05/2006, 20:46:56] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing. [11/05/2006, 20:46:56] - BHO 10: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} (MSEvents Object) [11/05/2006, 20:46:56] - ALERT: Found MSEvents Object! [11/05/2006, 20:46:56] - Finished Searching Browser Helper Objects [11/05/2006, 20:46:56] - *** Detected MSEvents Object [11/05/2006, 20:46:56] - Trying to remove MSEvents Object... [11/05/2006, 20:46:57] - Terminating Process: IEXPLORE.EXE [11/05/2006, 20:46:58] - Terminating Process: RUNDLL32.EXE [11/05/2006, 20:46:58] - Disabling Automatic Shell Restart [11/05/2006, 20:46:58] - Terminating Process: EXPLORER.EXE [11/05/2006, 20:46:58] - Suspending the NT Session Manager System Service [11/05/2006, 20:46:58] - Terminating Windows NT Logon/Logoff Manager [11/05/2006, 20:52:27] - Re-enabling Automatic Shell Restart [11/05/2006, 20:52:27] - File to disable: C:\WINDOWS\system32\vtstr.dll [11/05/2006, 20:52:27] - Renaming C:\WINDOWS\system32\vtstr.dll -> C:\WINDOWS\system32\vtstr.dll.vir [11/05/2006, 20:52:27] - File successfully renamed! [11/05/2006, 20:52:27] - Removing HKLM\...\Browser Helper Objects\{DD857116-8BFD-498C-9F40-FB91E52966EB} [11/05/2006, 20:52:27] - Removing HKCR\CLSID\{DD857116-8BFD-498C-9F40-FB91E52966EB} [11/05/2006, 20:52:27] - Adding Kill Bit for ActiveX for GUID: {DD857116-8BFD-498C-9F40-FB91E52966EB} [11/05/2006, 20:52:27] - Deleting ATLEvents/MSEvents Registry entries [11/05/2006, 20:52:27] - Removing HKLM\...\Winlogon\Notify\vtstr [11/05/2006, 20:52:27] - Searching for Browser Helper Objects: [11/05/2006, 20:52:27] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [11/05/2006, 20:52:27] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} () [11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:27] - No filename found. Continuing. [11/05/2006, 20:52:27] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} () [11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:27] - Checking for HKLM\...\Winlogon\Notify\aankmyf [11/05/2006, 20:52:27] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing. [11/05/2006, 20:52:27] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} () [11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:27] - No filename found. Continuing. [11/05/2006, 20:52:27] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [11/05/2006, 20:52:27] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} () [11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:27] - No filename found. Continuing. [11/05/2006, 20:52:27] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888) [11/05/2006, 20:52:27] - BHO 8: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} () [11/05/2006, 20:52:27] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:27] - Checking for HKLM\...\Winlogon\Notify\xlovduhs [11/05/2006, 20:52:27] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing. [11/05/2006, 20:52:27] - BHO 9: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} (MSEvents Object) [11/05/2006, 20:52:27] - ALERT: Found MSEvents Object! [11/05/2006, 20:52:27] - Finished Searching Browser Helper Objects [11/05/2006, 20:52:27] - *** Detected MSEvents Object [11/05/2006, 20:52:27] - Trying to remove MSEvents Object... [11/05/2006, 20:52:28] - Terminating Process: IEXPLORE.EXE [11/05/2006, 20:52:29] - Terminating Process: RUNDLL32.EXE [11/05/2006, 20:52:29] - Disabling Automatic Shell Restart [11/05/2006, 20:52:29] - Terminating Process: EXPLORER.EXE [11/05/2006, 20:52:29] - Suspending the NT Session Manager System Service [11/05/2006, 20:52:29] - Terminating Windows NT Logon/Logoff Manager [11/05/2006, 20:52:29] - Re-enabling Automatic Shell Restart [11/05/2006, 20:52:29] - File to disable: C:\WINDOWS\system32\wvutusp.dll [11/05/2006, 20:52:29] - Renaming C:\WINDOWS\system32\wvutusp.dll -> C:\WINDOWS\system32\wvutusp.dll.vir [11/05/2006, 20:52:29] - File successfully renamed! [11/05/2006, 20:52:29] - Removing HKLM\...\Browser Helper Objects\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} [11/05/2006, 20:52:29] - Removing HKCR\CLSID\{F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} [11/05/2006, 20:52:29] - Adding Kill Bit for ActiveX for GUID: {F7999166-FDE6-49DA-9AFC-1F6A79E9D1F2} [11/05/2006, 20:52:29] - Deleting ATLEvents/MSEvents Registry entries [11/05/2006, 20:52:29] - Removing HKLM\...\Winlogon\Notify\wvutusp [11/05/2006, 20:52:29] - Searching for Browser Helper Objects: [11/05/2006, 20:52:29] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [11/05/2006, 20:52:29] - BHO 2: {202B0345-79EA-4A71-988A-0C87B1FEC268} () [11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:29] - No filename found. Continuing. [11/05/2006, 20:52:29] - BHO 3: {5EAA13F8-5513-D8DE-6B93-042F2DE1EE1E} () [11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:29] - Checking for HKLM\...\Winlogon\Notify\aankmyf [11/05/2006, 20:52:29] - Key not found: HKLM\...\Winlogon\Notify\aankmyf, continuing. [11/05/2006, 20:52:29] - BHO 4: {77701e16-9bfe-4b63-a5b4-7bd156758a37} () [11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:29] - No filename found. Continuing. [11/05/2006, 20:52:29] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [11/05/2006, 20:52:29] - BHO 6: {9ED62D17-E2D3-4183-81F0-4FD0E978B194} () [11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:29] - No filename found. Continuing. [11/05/2006, 20:52:29] - BHO 7: {C004DEC2-2623-438e-9CA2-C9043AB28508} (ToolBar888) [11/05/2006, 20:52:29] - BHO 8: {F18F04B0-9CF1-4b93-B004-77A288BEE28B} () [11/05/2006, 20:52:29] - WARNING: BHO has no default name. Checking for Winlogon reference. [11/05/2006, 20:52:29] - Checking for HKLM\...\Winlogon\Notify\xlovduhs [11/05/2006, 20:52:29] - Key not found: HKLM\...\Winlogon\Notify\xlovduhs, continuing. [11/05/2006, 20:52:29] - Finished Searching Browser Helper Objects [11/05/2006, 20:52:29] - Finishing up... [11/05/2006, 20:52:29] - A restart is needed. [11/05/2006, 20:52:55] - Attempting to Restart via STOP error (Blue Screen!) [02/17/2007, 13:46:36] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" ) [02/17/2007, 13:46:40] - Detected System Information: [02/17/2007, 13:46:40] - Windows Version: 5.1.2600, Service Pack 2 [02/17/2007, 13:46:40] - Current Username: Ant (Admin) [02/17/2007, 13:46:40] - Windows is in NORMAL mode. [02/17/2007, 13:46:40] - Searching for Browser Helper Objects: [02/17/2007, 13:46:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/17/2007, 13:46:40] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/17/2007, 13:46:40] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/17/2007, 13:46:40] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - No filename found. Continuing. [02/17/2007, 13:46:40] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\nnnkhgf [02/17/2007, 13:46:40] - Found: HKLM\...\Winlogon\Notify\nnnkhgf - This is probably Virtumundo. [02/17/2007, 13:46:40] - Assigning {613E7B70-5380-4063-A060-C147AB994C02} MSEvents Object [02/17/2007, 13:46:40] - BHO list has been changed! Starting over... [02/17/2007, 13:46:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/17/2007, 13:46:40] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/17/2007, 13:46:40] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/17/2007, 13:46:40] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - No filename found. Continuing. [02/17/2007, 13:46:40] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} (MSEvents Object) [02/17/2007, 13:46:40] - ALERT: Found MSEvents Object! [02/17/2007, 13:46:40] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\isadd [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/17/2007, 13:46:40] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\ixl [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing. [02/17/2007, 13:46:40] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - No filename found. Continuing. [02/17/2007, 13:46:40] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/17/2007, 13:46:40] - BHO 10: {CFD92842-4212-438D-957F-955DF13E78EE} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\ddayv [02/17/2007, 13:46:40] - Found: HKLM\...\Winlogon\Notify\ddayv - This is probably Virtumundo. [02/17/2007, 13:46:40] - Assigning {CFD92842-4212-438D-957F-955DF13E78EE} MSEvents Object [02/17/2007, 13:46:40] - BHO list has been changed! Starting over... [02/17/2007, 13:46:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/17/2007, 13:46:40] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/17/2007, 13:46:40] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/17/2007, 13:46:40] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - No filename found. Continuing. [02/17/2007, 13:46:40] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} (MSEvents Object) [02/17/2007, 13:46:40] - ALERT: Found MSEvents Object! [02/17/2007, 13:46:40] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\isadd [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/17/2007, 13:46:40] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\ixl [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing. [02/17/2007, 13:46:40] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - No filename found. Continuing. [02/17/2007, 13:46:40] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/17/2007, 13:46:40] - BHO 10: {CFD92842-4212-438D-957F-955DF13E78EE} (MSEvents Object) [02/17/2007, 13:46:40] - ALERT: Found MSEvents Object! [02/17/2007, 13:46:40] - BHO 11: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm [02/17/2007, 13:46:40] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing. [02/17/2007, 13:46:40] - BHO 12: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} () [02/17/2007, 13:46:40] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:46:40] - No filename found. Continuing. [02/17/2007, 13:46:40] - Finished Searching Browser Helper Objects [02/17/2007, 13:46:40] - *** Detected MSEvents Object [02/17/2007, 13:46:40] - Trying to remove MSEvents Object... [02/17/2007, 13:46:41] - Terminating Process: IEXPLORE.EXE [02/17/2007, 13:46:42] - Terminating Process: RUNDLL32.EXE [02/17/2007, 13:46:42] - Disabling Automatic Shell Restart [02/17/2007, 13:46:42] - Terminating Process: EXPLORER.EXE [02/17/2007, 13:46:42] - Suspending the NT Session Manager System Service [02/17/2007, 13:46:43] - Terminating Windows NT Logon/Logoff Manager [02/17/2007, 13:52:11] - Re-enabling Automatic Shell Restart [02/17/2007, 13:52:11] - File to disable: C:\WINDOWS\system32\nnnkhgf.dll [02/17/2007, 13:52:11] - Renaming C:\WINDOWS\system32\nnnkhgf.dll -> C:\WINDOWS\system32\nnnkhgf.dll.vir [02/17/2007, 13:52:11] - File successfully renamed! [02/17/2007, 13:52:11] - Removing HKLM\...\Browser Helper Objects\{613E7B70-5380-4063-A060-C147AB994C02} [02/17/2007, 13:52:11] - Removing HKCR\CLSID\{613E7B70-5380-4063-A060-C147AB994C02} [02/17/2007, 13:52:11] - Adding Kill Bit for ActiveX for GUID: {613E7B70-5380-4063-A060-C147AB994C02} [02/17/2007, 13:52:11] - Deleting ATLEvents/MSEvents Registry entries [02/17/2007, 13:52:11] - Removing HKLM\...\Winlogon\Notify\nnnkhgf [02/17/2007, 13:52:11] - Searching for Browser Helper Objects: [02/17/2007, 13:52:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/17/2007, 13:52:11] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/17/2007, 13:52:11] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/17/2007, 13:52:11] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:11] - No filename found. Continuing. [02/17/2007, 13:52:11] - BHO 5: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\isadd [02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/17/2007, 13:52:11] - BHO 6: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} () [02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\ixl [02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing. [02/17/2007, 13:52:11] - BHO 7: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} () [02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:11] - No filename found. Continuing. [02/17/2007, 13:52:11] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/17/2007, 13:52:11] - BHO 9: {CFD92842-4212-438D-957F-955DF13E78EE} (MSEvents Object) [02/17/2007, 13:52:11] - ALERT: Found MSEvents Object! [02/17/2007, 13:52:11] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:11] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm [02/17/2007, 13:52:11] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing. [02/17/2007, 13:52:11] - BHO 11: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} () [02/17/2007, 13:52:11] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:11] - No filename found. Continuing. [02/17/2007, 13:52:11] - Finished Searching Browser Helper Objects [02/17/2007, 13:52:11] - *** Detected MSEvents Object [02/17/2007, 13:52:11] - Trying to remove MSEvents Object... [02/17/2007, 13:52:12] - Terminating Process: IEXPLORE.EXE [02/17/2007, 13:52:12] - Terminating Process: RUNDLL32.EXE [02/17/2007, 13:52:12] - Disabling Automatic Shell Restart [02/17/2007, 13:52:12] - Terminating Process: EXPLORER.EXE [02/17/2007, 13:52:12] - Suspending the NT Session Manager System Service [02/17/2007, 13:52:13] - Terminating Windows NT Logon/Logoff Manager [02/17/2007, 13:52:13] - Re-enabling Automatic Shell Restart [02/17/2007, 13:52:13] - File to disable: C:\WINDOWS\system32\ddayv.dll [02/17/2007, 13:52:13] - Renaming C:\WINDOWS\system32\ddayv.dll -> C:\WINDOWS\system32\ddayv.dll.vir [02/17/2007, 13:52:13] - File successfully renamed! [02/17/2007, 13:52:13] - Removing HKLM\...\Browser Helper Objects\{CFD92842-4212-438D-957F-955DF13E78EE} [02/17/2007, 13:52:13] - Removing HKCR\CLSID\{CFD92842-4212-438D-957F-955DF13E78EE} [02/17/2007, 13:52:13] - Adding Kill Bit for ActiveX for GUID: {CFD92842-4212-438D-957F-955DF13E78EE} [02/17/2007, 13:52:13] - Deleting ATLEvents/MSEvents Registry entries [02/17/2007, 13:52:13] - Removing HKLM\...\Winlogon\Notify\ddayv [02/17/2007, 13:52:13] - Searching for Browser Helper Objects: [02/17/2007, 13:52:13] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/17/2007, 13:52:13] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/17/2007, 13:52:13] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/17/2007, 13:52:13] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:13] - No filename found. Continuing. [02/17/2007, 13:52:13] - BHO 5: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\isadd [02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/17/2007, 13:52:13] - BHO 6: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} () [02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\ixl [02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing. [02/17/2007, 13:52:13] - BHO 7: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} () [02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:13] - No filename found. Continuing. [02/17/2007, 13:52:13] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/17/2007, 13:52:13] - BHO 9: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:13] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm [02/17/2007, 13:52:13] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing. [02/17/2007, 13:52:13] - BHO 10: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} () [02/17/2007, 13:52:13] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 13:52:13] - No filename found. Continuing. [02/17/2007, 13:52:13] - Finished Searching Browser Helper Objects [02/17/2007, 13:52:13] - Finishing up... [02/17/2007, 13:52:13] - A restart is needed. [02/17/2007, 14:54:49] - Attempting to Restart via STOP error (Blue Screen!) [02/17/2007, 15:52:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" ) [02/17/2007, 15:52:33] - Detected System Information: [02/17/2007, 15:52:33] - Windows Version: 5.1.2600, Service Pack 2 [02/17/2007, 15:52:33] - Current Username: Administrator (Admin) [02/17/2007, 15:52:33] - Windows is in SAFE mode with Networking. [02/17/2007, 15:52:33] - Searching for Browser Helper Objects: [02/17/2007, 15:52:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/17/2007, 15:52:33] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 15:52:33] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/17/2007, 15:52:33] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/17/2007, 15:52:33] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 15:52:33] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/17/2007, 15:52:33] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/17/2007, 15:52:33] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 15:52:33] - No filename found. Continuing. [02/17/2007, 15:52:33] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} () [02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 15:52:33] - No filename found. Continuing. [02/17/2007, 15:52:33] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 15:52:33] - Checking for HKLM\...\Winlogon\Notify\isadd [02/17/2007, 15:52:33] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/17/2007, 15:52:33] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} () [02/17/2007, 15:52:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 15:52:33] - Checking for HKLM\...\Winlogon\Notify\ixl [02/17/2007, 15:52:33] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing. [02/17/2007, 15:52:34] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} () [02/17/2007, 15:52:34] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 15:52:34] - No filename found. Continuing. [02/17/2007, 15:52:34] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/17/2007, 15:52:34] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [02/17/2007, 15:52:34] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 15:52:34] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm [02/17/2007, 15:52:34] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing. [02/17/2007, 15:52:34] - BHO 11: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} () [02/17/2007, 15:52:34] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 15:52:34] - No filename found. Continuing. [02/17/2007, 15:52:34] - Finished Searching Browser Helper Objects [02/17/2007, 15:52:34] - Finishing up... [02/17/2007, 15:52:34] - Nothing found! Exiting... [02/17/2007, 21:33:03] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" ) [02/17/2007, 21:33:04] - Detected System Information: [02/17/2007, 21:33:04] - Windows Version: 5.1.2600, Service Pack 2 [02/17/2007, 21:33:04] - Current Username: Administrator (Admin) [02/17/2007, 21:33:04] - Windows is in SAFE mode with Networking. [02/17/2007, 21:33:04] - Searching for Browser Helper Objects: [02/17/2007, 21:33:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/17/2007, 21:33:04] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/17/2007, 21:33:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 21:33:04] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/17/2007, 21:33:04] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/17/2007, 21:33:04] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 21:33:05] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/17/2007, 21:33:05] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/17/2007, 21:33:05] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 21:33:05] - No filename found. Continuing. [02/17/2007, 21:33:05] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} () [02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 21:33:05] - No filename found. Continuing. [02/17/2007, 21:33:05] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 21:33:05] - Checking for HKLM\...\Winlogon\Notify\isadd [02/17/2007, 21:33:05] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/17/2007, 21:33:05] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} () [02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 21:33:05] - Checking for HKLM\...\Winlogon\Notify\ixl [02/17/2007, 21:33:05] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing. [02/17/2007, 21:33:05] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} () [02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 21:33:05] - No filename found. Continuing. [02/17/2007, 21:33:05] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/17/2007, 21:33:05] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 21:33:05] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm [02/17/2007, 21:33:05] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing. [02/17/2007, 21:33:05] - BHO 11: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} () [02/17/2007, 21:33:05] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/17/2007, 21:33:05] - No filename found. Continuing. [02/17/2007, 21:33:05] - Finished Searching Browser Helper Objects [02/17/2007, 21:33:05] - Finishing up... [02/17/2007, 21:33:05] - Nothing found! Exiting... [02/18/2007, 15:33:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" ) [02/18/2007, 15:33:19] - Detected System Information: [02/18/2007, 15:33:19] - Windows Version: 5.1.2600, Service Pack 2 [02/18/2007, 15:33:19] - Current Username: Administrator (Admin) [02/18/2007, 15:33:19] - Windows is in SAFE mode with Networking. [02/18/2007, 15:33:19] - Searching for Browser Helper Objects: [02/18/2007, 15:33:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/18/2007, 15:33:19] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/18/2007, 15:33:19] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:19] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/18/2007, 15:33:19] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/18/2007, 15:33:20] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:20] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/18/2007, 15:33:20] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/18/2007, 15:33:20] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:20] - No filename found. Continuing. [02/18/2007, 15:33:20] - BHO 5: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} () [02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:20] - Checking for HKLM\...\Winlogon\Notify\urqnkkh [02/18/2007, 15:33:20] - Found: HKLM\...\Winlogon\Notify\urqnkkh - This is probably Virtumundo. [02/18/2007, 15:33:20] - Assigning {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} MSEvents Object [02/18/2007, 15:33:20] - BHO list has been changed! Starting over... [02/18/2007, 15:33:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/18/2007, 15:33:20] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:20] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/18/2007, 15:33:20] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/18/2007, 15:33:20] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:20] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/18/2007, 15:33:20] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/18/2007, 15:33:20] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/18/2007, 15:33:20] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:21] - No filename found. Continuing. [02/18/2007, 15:33:21] - BHO 5: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} (MSEvents Object) [02/18/2007, 15:33:21] - ALERT: Found MSEvents Object! [02/18/2007, 15:33:21] - BHO 6: {613E7B70-5380-4063-A060-C147AB994C02} () [02/18/2007, 15:33:21] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:21] - No filename found. Continuing. [02/18/2007, 15:33:21] - BHO 7: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/18/2007, 15:33:21] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:21] - Checking for HKLM\...\Winlogon\Notify\isadd [02/18/2007, 15:33:21] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/18/2007, 15:33:21] - BHO 8: {6BA9D445-B6D6-45C5-A854-C22B271911AA} () [02/18/2007, 15:33:21] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:21] - Checking for HKLM\...\Winlogon\Notify\ssqrr [02/18/2007, 15:33:21] - Found: HKLM\...\Winlogon\Notify\ssqrr - This is probably Virtumundo. [02/18/2007, 15:33:21] - Assigning {6BA9D445-B6D6-45C5-A854-C22B271911AA} MSEvents Object [02/18/2007, 15:33:22] - BHO list has been changed! Starting over... [02/18/2007, 15:33:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/18/2007, 15:33:22] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:22] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/18/2007, 15:33:22] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/18/2007, 15:33:22] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:22] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/18/2007, 15:33:22] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/18/2007, 15:33:22] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:22] - No filename found. Continuing. [02/18/2007, 15:33:22] - BHO 5: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} (MSEvents Object) [02/18/2007, 15:33:22] - ALERT: Found MSEvents Object! [02/18/2007, 15:33:22] - BHO 6: {613E7B70-5380-4063-A060-C147AB994C02} () [02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:22] - No filename found. Continuing. [02/18/2007, 15:33:22] - BHO 7: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/18/2007, 15:33:22] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:22] - Checking for HKLM\...\Winlogon\Notify\isadd [02/18/2007, 15:33:22] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/18/2007, 15:33:22] - BHO 8: {6BA9D445-B6D6-45C5-A854-C22B271911AA} (MSEvents Object) [02/18/2007, 15:33:22] - ALERT: Found MSEvents Object! [02/18/2007, 15:33:23] - BHO 9: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} () [02/18/2007, 15:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:23] - Checking for HKLM\...\Winlogon\Notify\ixl [02/18/2007, 15:33:23] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing. [02/18/2007, 15:33:23] - BHO 10: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} () [02/18/2007, 15:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:23] - No filename found. Continuing. [02/18/2007, 15:33:23] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/18/2007, 15:33:23] - BHO 12: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [02/18/2007, 15:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:23] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm [02/18/2007, 15:33:23] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing. [02/18/2007, 15:33:23] - BHO 13: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} () [02/18/2007, 15:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:33:23] - No filename found. Continuing. [02/18/2007, 15:33:23] - Finished Searching Browser Helper Objects [02/18/2007, 15:33:23] - *** Detected MSEvents Object [02/18/2007, 15:33:23] - Trying to remove MSEvents Object... [02/18/2007, 15:33:25] - Terminating Process: IEXPLORE.EXE [02/18/2007, 15:33:26] - Terminating Process: RUNDLL32.EXE [02/18/2007, 15:33:26] - Disabling Automatic Shell Restart [02/18/2007, 15:33:26] - Terminating Process: EXPLORER.EXE [02/18/2007, 15:33:27] - Suspending the NT Session Manager System Service [02/18/2007, 15:33:27] - Terminating Windows NT Logon/Logoff Manager [02/18/2007, 15:38:55] - Re-enabling Automatic Shell Restart [02/18/2007, 15:38:55] - File to disable: C:\WINDOWS\system32\urqnkkh.dll [02/18/2007, 15:38:55] - Renaming C:\WINDOWS\system32\urqnkkh.dll -> C:\WINDOWS\system32\urqnkkh.dll.vir [02/18/2007, 15:38:55] - File successfully renamed! [02/18/2007, 15:38:55] - Removing HKLM\...\Browser Helper Objects\{58FF7395-B48F-41CB-A20C-2FFA2A049EB2} [02/18/2007, 15:38:55] - Removing HKCR\CLSID\{58FF7395-B48F-41CB-A20C-2FFA2A049EB2} [02/18/2007, 15:38:55] - Adding Kill Bit for ActiveX for GUID: {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} [02/18/2007, 15:38:55] - Deleting ATLEvents/MSEvents Registry entries [02/18/2007, 15:38:55] - Removing HKLM\...\Winlogon\Notify\urqnkkh [02/18/2007, 15:38:55] - Searching for Browser Helper Objects: [02/18/2007, 15:38:55] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/18/2007, 15:38:56] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/18/2007, 15:38:56] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/18/2007, 15:38:56] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:56] - No filename found. Continuing. [02/18/2007, 15:38:56] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} () [02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:56] - No filename found. Continuing. [02/18/2007, 15:38:56] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\isadd [02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/18/2007, 15:38:56] - BHO 7: {6BA9D445-B6D6-45C5-A854-C22B271911AA} (MSEvents Object) [02/18/2007, 15:38:56] - ALERT: Found MSEvents Object! [02/18/2007, 15:38:56] - BHO 8: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} () [02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\ixl [02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing. [02/18/2007, 15:38:56] - BHO 9: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} () [02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:56] - No filename found. Continuing. [02/18/2007, 15:38:56] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/18/2007, 15:38:56] - BHO 11: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:56] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm [02/18/2007, 15:38:56] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing. [02/18/2007, 15:38:56] - BHO 12: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} () [02/18/2007, 15:38:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:56] - No filename found. Continuing. [02/18/2007, 15:38:56] - Finished Searching Browser Helper Objects [02/18/2007, 15:38:56] - *** Detected MSEvents Object [02/18/2007, 15:38:56] - Trying to remove MSEvents Object... [02/18/2007, 15:38:57] - Terminating Process: IEXPLORE.EXE [02/18/2007, 15:38:57] - Terminating Process: RUNDLL32.EXE [02/18/2007, 15:38:57] - Disabling Automatic Shell Restart [02/18/2007, 15:38:57] - Terminating Process: EXPLORER.EXE [02/18/2007, 15:38:57] - Suspending the NT Session Manager System Service [02/18/2007, 15:38:57] - Terminating Windows NT Logon/Logoff Manager [02/18/2007, 15:38:58] - Re-enabling Automatic Shell Restart [02/18/2007, 15:38:58] - File to disable: C:\WINDOWS\system32\ssqrr.dll [02/18/2007, 15:38:58] - Renaming C:\WINDOWS\system32\ssqrr.dll -> C:\WINDOWS\system32\ssqrr.dll.vir [02/18/2007, 15:38:58] - File successfully renamed! [02/18/2007, 15:38:58] - Removing HKLM\...\Browser Helper Objects\{6BA9D445-B6D6-45C5-A854-C22B271911AA} [02/18/2007, 15:38:58] - Removing HKCR\CLSID\{6BA9D445-B6D6-45C5-A854-C22B271911AA} [02/18/2007, 15:38:58] - Adding Kill Bit for ActiveX for GUID: {6BA9D445-B6D6-45C5-A854-C22B271911AA} [02/18/2007, 15:38:58] - Deleting ATLEvents/MSEvents Registry entries [02/18/2007, 15:38:58] - Removing HKLM\...\Winlogon\Notify\ssqrr [02/18/2007, 15:38:58] - Searching for Browser Helper Objects: [02/18/2007, 15:38:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/18/2007, 15:38:58] - BHO 2: {0BB12649-D5A7-C516-6E29-01A0C222C039} () [02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:58] - Checking for HKLM\...\Winlogon\Notify\xsvebvb [02/18/2007, 15:38:58] - Key not found: HKLM\...\Winlogon\Notify\xsvebvb, continuing. [02/18/2007, 15:38:58] - BHO 3: {2A04CAB7-6759-4FAA-AD5E-820EFD2FA5F9} () [02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:58] - Checking for HKLM\...\Winlogon\Notify\jkhfe [02/18/2007, 15:38:58] - Key not found: HKLM\...\Winlogon\Notify\jkhfe, continuing. [02/18/2007, 15:38:58] - BHO 4: {2CE36516-16DA-4CB4-84A7-72CF9BEA721F} () [02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:58] - No filename found. Continuing. [02/18/2007, 15:38:58] - BHO 5: {613E7B70-5380-4063-A060-C147AB994C02} () [02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:58] - No filename found. Continuing. [02/18/2007, 15:38:58] - BHO 6: {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} () [02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:58] - Checking for HKLM\...\Winlogon\Notify\isadd [02/18/2007, 15:38:58] - Key not found: HKLM\...\Winlogon\Notify\isadd, continuing. [02/18/2007, 15:38:58] - BHO 7: {8668B413-5AD6-2C7B-8E3D-5F9090A338CE} () [02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:58] - Checking for HKLM\...\Winlogon\Notify\ixl [02/18/2007, 15:38:58] - Key not found: HKLM\...\Winlogon\Notify\ixl, continuing. [02/18/2007, 15:38:58] - BHO 8: {873EEB42-52D2-7D2C-DD3D-5F9090A338C4} () [02/18/2007, 15:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:58] - No filename found. Continuing. [02/18/2007, 15:38:58] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/18/2007, 15:38:58] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [02/18/2007, 15:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:59] - Checking for HKLM\...\Winlogon\Notify\snfcgjqm [02/18/2007, 15:38:59] - Key not found: HKLM\...\Winlogon\Notify\snfcgjqm, continuing. [02/18/2007, 15:38:59] - BHO 11: {EEA3185F-C1C1-4F1B-8604-9C2397CBA94D} () [02/18/2007, 15:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/18/2007, 15:38:59] - No filename found. Continuing. [02/18/2007, 15:38:59] - Finished Searching Browser Helper Objects [02/18/2007, 15:38:59] - Finishing up... [02/18/2007, 15:38:59] - A restart is needed. [02/18/2007, 15:39:04] - Attempting to Restart via STOP error (Blue Screen!) [02/19/2007, 20:03:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" ) [02/19/2007, 20:03:53] - Detected System Information: [02/19/2007, 20:03:53] - Windows Version: 5.1.2600, Service Pack 2 [02/19/2007, 20:03:53] - Current Username: Ant (Admin) [02/19/2007, 20:03:53] - Windows is in NORMAL mode. [02/19/2007, 20:03:53] - Searching for Browser Helper Objects: [02/19/2007, 20:03:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/19/2007, 20:03:53] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/19/2007, 20:03:53] - Finished Searching Browser Helper Objects [02/19/2007, 20:03:53] - Finishing up... [02/19/2007, 20:03:53] - Nothing found! Exiting... [02/19/2007, 20:04:18] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" ) [02/19/2007, 20:04:20] - Detected System Information: [02/19/2007, 20:04:20] - Windows Version: 5.1.2600, Service Pack 2 [02/19/2007, 20:04:20] - Current Username: Ant (Admin) [02/19/2007, 20:04:20] - Windows is in NORMAL mode. [02/19/2007, 20:04:20] - Searching for Browser Helper Objects: [02/19/2007, 20:04:20] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/19/2007, 20:04:20] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/19/2007, 20:04:20] - Finished Searching Browser Helper Objects [02/19/2007, 20:04:20] - Finishing up... [02/19/2007, 20:04:20] - Nothing found! Exiting... [02/19/2007, 20:10:14] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ant\My Documents\programs\antivirus\VirtumundoBeGone.exe" ) [02/19/2007, 20:10:22] - Detected System Information: [02/19/2007, 20:10:22] - Windows Version: 5.1.2600, Service Pack 2 [02/19/2007, 20:10:22] - Current Username: Ant (Admin) [02/19/2007, 20:10:22] - Windows is in NORMAL mode. [02/19/2007, 20:10:22] - Searching for Browser Helper Objects: [02/19/2007, 20:10:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/19/2007, 20:10:22] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/19/2007, 20:10:22] - Finished Searching Browser Helper Objects [02/19/2007, 20:10:22] - Finishing up... [02/19/2007, 20:10:22] - Nothing found! Exiting... Posted by: Warez Monster remove these entries O20 - Winlogon Notify: vtstr - C:\WINDOWS\ O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\SYSTEM32\winrkq32.dll are you still having problems? Posted by: lsals Hi warez. Thanks agin for your reply. I'm at work right now but I'll remove those as soon as I get home. The little icons in the bottom right seem to have gone but I still get loads of popups that eventually crash Internet explorer, thanks Ant Posted by: Warez Monster ok, after you remove those post a new log Posted by: lsals Hi. Here's my new log. I was still getting random popups from somewhere as I was trying to post this. Logfile of HijackThis v1.99.1 Scan saved at 22:09:14, on 20/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.theworldsfavouritehomepage.com/test[/url] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [url]http://download.gigabyte.com.tw/object/Dldrv.ocx[/url] O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [url]http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[/url] O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - [url]http://www.systemrequirementslab.com/sysreqlab.cab[/url] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe Posted by: Warez Monster remove these and post a new log O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) wait for a few to see if you still get popups, then post a new log Posted by: lsals Hio. thanks for your reply. I am still getting a few popups and when I click a link that opens a new window the window is really small. Here's my new log. thanks Logfile of HijackThis v1.99.1 Scan saved at 08:27:46, on 21/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.theworldsfavouritehomepage.com/test[/url] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [url]http://download.gigabyte.com.tw/object/Dldrv.ocx[/url] O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [url]http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[/url] O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - [url]http://www.systemrequirementslab.com/sysreqlab.cab[/url] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe Posted by: Warez Monster what is the name of the new window? Posted by: lsals Hi. The small window when loading has a long address with some weird letters and strings in it. It also always has the word click in the address too though. When it loads the name reverts back to the name of the webpage e.g. ebay.co.uk. The most common popup is called 'yourdebts' or 'winantivirus pro 2007' or some sort of variant of those. It is getting worse so here is another log. thanks Logfile of HijackThis v1.99.1 Scan saved at 21:51:55, on 22/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\v6.exe C:\WINDOWS\svchost.exe C:\Program Files\Common Files\{7CA7A66E-0BC5-1033-0617-05110105002c}\Update.exe C:\Program Files\?racle\n?pdb.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.theworldsfavouritehomepage.com/test[/url] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Erau] "C:\WINDOWS\system32\CURITY~1\services.exe" -vt yazb O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [url]http://download.gigabyte.com.tw/object/Dldrv.ocx[/url] O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [url]http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[/url] O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - [url]http://www.systemrequirementslab.com/sysreqlab.cab[/url] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe Posted by: lsals hi again. I just got 6 popups but they were command prompt boxes. AT the bar at the bottom of the screen they were called NTVDM.exe and when maximised the name of the files at the top was either C:\windows\system32\DL5EB7~1.exe or C:\windows\system32\DLH9JK~2.exe thanks for any help on this Posted by: Warez Monster ok, that helps :) run this program [url]http://downloads.subratam.org/Fixwareout.exe[/url] Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items(if there): R3 - URLSearchHook: (no name) - {FB0D1C59-F3EF-DF6E-CD13-FBBADC341290} - C:\WINDOWS\system32\obnil.dll O2 - BHO: (no name) - {FB0D1C59-F3EF-DF6E-CD13-FBBADC341290} - C:\WINDOWS\system32\obnil.dll O4 - HKLM\..\Run: [msag] avpmondll.exe O4 - HKLM\..\Run: [slamm] zxc.exe O4 - HKLM\..\Run: [dflnl.exe] C:\WINDOWS\system32\dflnl.exe O4 - HKCU\..\Run: [LDM] \Program\ O4 - HKCU\..\Run: [Ypns] C:\WINDOWS\system32\n?pdb.exe O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe" O4 - HKCU\..\Run: [sbin] ftbar.exe O4 - HKCU\..\Run: [JAguAr] keybdll.exe O4 - HKCU\..\Run: [ATLIEHELPER] MNTP.exe O4 - HKCU\..\Run: [Rbue] "C:\Program Files\ubab\aha.exe" -vt mtx O17 - HKLM\System\CCS\Services\Tcpip\..\{15435D2D-61B6-4A2D-BC9C-FA9A914B5BDB}: NameServer = 85.255.116.139,85.255.112.229 O17 - HKLM\System\CS1\Services\Tcpip\..\{15435D2D-61B6-4A2D-BC9C-FA9A914B5BDB}: NameServer = 85.255.116.139,85.255.112.229 O17 - HKLM\System\CS2\Services\Tcpip\..\{15435D2D-61B6-4A2D-BC9C-FA9A914B5BDB}: NameServer = 85.255.116.139,85.255.112.229 If you see a new item that wasnt in your last log in your O4 lines in hijackthis, starting with dm... for example: O4 - HKLM\..\Run: [dm***.exe] C:\WINDOWS\system32\dm***.exe (the *** stand for random letters) or starting with hg***.exe for example: O4 - HKLM\..\Run: [hg***.exe] C:\Windows\System32\hg***.exe or starting with cs***.exe for example: O4 - HKLM\..\Run: [cscyd.exe] cscyd.exe Check it as well. If your not sure, leave it and only check the ones I asked you to check ================================================== ========= Click Fix Checked. Close HijackThis, and click OK to proceed. Finally, please post the contents of report.txt (it should open), along with a new HijackThis log. Posted by: lsals Hi. I ran the program and it said fix finished and printed a log but hijack this didnt seem to run. I also couldn't get my internet working afterwards so I did a system restore and ran another hijack this log to see if anything had changed. I couldn't find any of the files you told me to delete though. thanks Logfile of HijackThis v1.99.1 Scan saved at 10:29:54, on 24/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.theworldsfavouritehomepage.com/test[/url] O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - [url]http://download.gigabyte.com.tw/object/Dldrv.ocx[/url] O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - [url]http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab[/url] O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - [url]http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab[/url] O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - [url]http://www3.ca.com/securityadvisor/virusinfo/webscan.cab[/url] O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - [url]http://www.systemrequirementslab.com/sysreqlab.cab[/url] O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing) O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe Posted by: Warez Monster the log looks 100% better, are you still having any issues? Posted by: lsals Hi. Yes I am still getting popups. Mostly one called yourdebts or something similar, system doctor and win antivirus. Sometimes a dialog box comes up saying there have been errors found on my system. When I click cancel the window I was viewing changes to a fake protection site with an XP blocked bar at the top trying to get you to download something. THe window also switches to half the size so I have to maximise the window and click back to get to the page I was viewing. Posted by: lsals broadcaster.com always popups as well. thanks Posted by: Warez Monster VirtumundoBeGone.exe should have removed that for you. Boot into safemode and run the tool again vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |