Tech Support Forum - View Single Post - MS Windows XP will not load when connected to internet

cul8rman · 03-01-2007, 07:50 PM

Two separate replies due to file length.

VBG Log

[03/01/2007, 19:45:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Duane\Desktop\VirtumundoBeGone.exe" )
[03/01/2007, 19:45:56] - Detected System Information:
[03/01/2007, 19:45:56] - Windows Version: 5.1.2600, Service Pack 1
[03/01/2007, 19:45:56] - Current Username: Duane (Admin)
[03/01/2007, 19:45:56] - Windows is in NORMAL mode.
[03/01/2007, 19:45:56] - Searching for Browser Helper Objects:
[03/01/2007, 19:45:56] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[03/01/2007, 19:45:56] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[03/01/2007, 19:45:56] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/01/2007, 19:45:56] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\mnyside
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[03/01/2007, 19:45:56] - BHO 5: {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\vtstr
[03/01/2007, 19:45:56] - Found: HKLM\...\Winlogon\Notify\vtstr - This is probably Virtumundo.
[03/01/2007, 19:45:56] - Assigning {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} MSEvents Object
[03/01/2007, 19:45:56] - BHO list has been changed! Starting over...
[03/01/2007, 19:45:56] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[03/01/2007, 19:45:56] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[03/01/2007, 19:45:56] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/01/2007, 19:45:56] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\mnyside
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[03/01/2007, 19:45:56] - BHO 5: {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} (MSEvents Object)
[03/01/2007, 19:45:56] - ALERT: Found MSEvents Object!
[03/01/2007, 19:45:56] - BHO 6: {37EB498E-7800-A96A-AED9-045FF6ECB283} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\ceamvdb
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\ceamvdb, continuing.
[03/01/2007, 19:45:56] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/01/2007, 19:45:56] - BHO 8: {911427C3-6065-497F-9C72-B2562DA349C6} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\vtstq
[03/01/2007, 19:45:56] - Found: HKLM\...\Winlogon\Notify\vtstq - This is probably Virtumundo.
[03/01/2007, 19:45:56] - Assigning {911427C3-6065-497F-9C72-B2562DA349C6} MSEvents Object
[03/01/2007, 19:45:56] - BHO list has been changed! Starting over...
[03/01/2007, 19:45:56] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[03/01/2007, 19:45:56] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[03/01/2007, 19:45:56] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/01/2007, 19:45:56] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\mnyside
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[03/01/2007, 19:45:56] - BHO 5: {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} (MSEvents Object)
[03/01/2007, 19:45:56] - ALERT: Found MSEvents Object!
[03/01/2007, 19:45:56] - BHO 6: {37EB498E-7800-A96A-AED9-045FF6ECB283} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\ceamvdb
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\ceamvdb, continuing.
[03/01/2007, 19:45:56] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/01/2007, 19:45:56] - BHO 8: {911427C3-6065-497F-9C72-B2562DA349C6} (MSEvents Object)
[03/01/2007, 19:45:56] - ALERT: Found MSEvents Object!
[03/01/2007, 19:45:56] - BHO 9: {A87A5C44-882B-42BC-27A5-06511D2BA675} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\sagu292
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\sagu292, continuing.
[03/01/2007, 19:45:56] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/01/2007, 19:45:56] - BHO 11: {C3581462-AD4C-43AF-A8A7-AFEFEBA11B44} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\byxwttt
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\byxwttt, continuing.
[03/01/2007, 19:45:56] - BHO 12: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\xbiehfer
[03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\xbiehfer, continuing.
[03/01/2007, 19:45:56] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[03/01/2007, 19:45:56] - BHO 14: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:56] - No filename found. Continuing.
[03/01/2007, 19:45:56] - Finished Searching Browser Helper Objects
[03/01/2007, 19:45:56] - *** Detected MSEvents Object
[03/01/2007, 19:45:56] - Trying to remove MSEvents Object...
[03/01/2007, 19:45:57] - Terminating Process: IEXPLORE.EXE
[03/01/2007, 19:45:58] - Terminating Process: RUNDLL32.EXE
[03/01/2007, 19:45:58] - Disabling Automatic Shell Restart
[03/01/2007, 19:45:58] - Terminating Process: EXPLORER.EXE
[03/01/2007, 19:45:59] - Suspending the NT Session Manager System Service
[03/01/2007, 19:45:59] - Terminating Windows NT Logon/Logoff Manager
[03/01/2007, 19:45:59] - Re-enabling Automatic Shell Restart
[03/01/2007, 19:45:59] - File to disable: C:\WINDOWS\System32\vtstr.dll
[03/01/2007, 19:45:59] - Renaming C:\WINDOWS\System32\vtstr.dll -> C:\WINDOWS\System32\vtstr.dll.vir
[03/01/2007, 19:45:59] - File successfully renamed!
[03/01/2007, 19:45:59] - Removing HKLM\...\Browser Helper Objects\{2DD683FF-4391-4C37-AFA6-365BB9C5BBDD}
[03/01/2007, 19:45:59] - Removing HKCR\CLSID\{2DD683FF-4391-4C37-AFA6-365BB9C5BBDD}
[03/01/2007, 19:45:59] - Adding Kill Bit for ActiveX for GUID: {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD}
[03/01/2007, 19:45:59] - Deleting ATLEvents/MSEvents Registry entries
[03/01/2007, 19:45:59] - Removing HKLM\...\Winlogon\Notify\vtstr
[03/01/2007, 19:45:59] - Searching for Browser Helper Objects:
[03/01/2007, 19:45:59] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[03/01/2007, 19:45:59] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} ()
[03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[03/01/2007, 19:45:59] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/01/2007, 19:45:59] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\mnyside
[03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[03/01/2007, 19:45:59] - BHO 5: {37EB498E-7800-A96A-AED9-045FF6ECB283} ()
[03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\ceamvdb
[03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\ceamvdb, continuing.
[03/01/2007, 19:45:59] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/01/2007, 19:45:59] - BHO 7: {911427C3-6065-497F-9C72-B2562DA349C6} (MSEvents Object)
[03/01/2007, 19:45:59] - ALERT: Found MSEvents Object!
[03/01/2007, 19:45:59] - BHO 8: {A87A5C44-882B-42BC-27A5-06511D2BA675} ()
[03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\sagu292
[03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\sagu292, continuing.
[03/01/2007, 19:45:59] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/01/2007, 19:45:59] - BHO 10: {C3581462-AD4C-43AF-A8A7-AFEFEBA11B44} ()
[03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\byxwttt
[03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\byxwttt, continuing.
[03/01/2007, 19:45:59] - BHO 11: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\xbiehfer
[03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\xbiehfer, continuing.
[03/01/2007, 19:45:59] - BHO 12: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[03/01/2007, 19:45:59] - BHO 13: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:45:59] - No filename found. Continuing.
[03/01/2007, 19:45:59] - Finished Searching Browser Helper Objects
[03/01/2007, 19:45:59] - *** Detected MSEvents Object
[03/01/2007, 19:45:59] - Trying to remove MSEvents Object...
[03/01/2007, 19:46:00] - Terminating Process: IEXPLORE.EXE
[03/01/2007, 19:46:00] - Terminating Process: RUNDLL32.EXE
[03/01/2007, 19:46:00] - Disabling Automatic Shell Restart
[03/01/2007, 19:46:00] - Terminating Process: EXPLORER.EXE
[03/01/2007, 19:46:00] - Suspending the NT Session Manager System Service
[03/01/2007, 19:46:01] - Terminating Windows NT Logon/Logoff Manager
[03/01/2007, 19:46:01] - Re-enabling Automatic Shell Restart
[03/01/2007, 19:46:01] - File to disable: C:\WINDOWS\System32\vtstq.dll
[03/01/2007, 19:46:01] - Removing HKLM\...\Browser Helper Objects\{911427C3-6065-497F-9C72-B2562DA349C6}
[03/01/2007, 19:46:01] - Removing HKCR\CLSID\{911427C3-6065-497F-9C72-B2562DA349C6}
[03/01/2007, 19:46:01] - Adding Kill Bit for ActiveX for GUID: {911427C3-6065-497F-9C72-B2562DA349C6}
[03/01/2007, 19:46:01] - Deleting ATLEvents/MSEvents Registry entries
[03/01/2007, 19:46:01] - Removing HKLM\...\Winlogon\Notify\vtstq
[03/01/2007, 19:46:01] - Searching for Browser Helper Objects:
[03/01/2007, 19:46:01] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO)
[03/01/2007, 19:46:01] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} ()
[03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing.
[03/01/2007, 19:46:01] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/01/2007, 19:46:01] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\mnyside
[03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[03/01/2007, 19:46:01] - BHO 5: {37EB498E-7800-A96A-AED9-045FF6ECB283} ()
[03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\ceamvdb
[03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\ceamvdb, continuing.
[03/01/2007, 19:46:01] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/01/2007, 19:46:01] - BHO 7: {A87A5C44-882B-42BC-27A5-06511D2BA675} ()
[03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\sagu292
[03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\sagu292, continuing.
[03/01/2007, 19:46:01] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/01/2007, 19:46:01] - BHO 9: {C3581462-AD4C-43AF-A8A7-AFEFEBA11B44} ()
[03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\byxwttt
[03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\byxwttt, continuing.
[03/01/2007, 19:46:01] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} ()
[03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\xbiehfer
[03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\xbiehfer, continuing.
[03/01/2007, 19:46:01] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[03/01/2007, 19:46:01] - BHO 12: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
[03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/01/2007, 19:46:01] - No filename found. Continuing.
[03/01/2007, 19:46:01] - Finished Searching Browser Helper Objects
[03/01/2007, 19:46:01] - Finishing up...
[03/01/2007, 19:46:01] - A restart is needed.
[03/01/2007, 19:46:16] - Attempting to Restart via STOP error (Blue Screen!)

03-01-2007, 07:50 PM	#24 (permalink)
cul8rman Registered User Join Date: Aug 2006 Location: Arizona Posts: 134 OS: XP	Two separate replies due to file length. VBG Log [03/01/2007, 19:45:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Duane\Desktop\VirtumundoBeGone.exe" ) [03/01/2007, 19:45:56] - Detected System Information: [03/01/2007, 19:45:56] - Windows Version: 5.1.2600, Service Pack 1 [03/01/2007, 19:45:56] - Current Username: Duane (Admin) [03/01/2007, 19:45:56] - Windows is in NORMAL mode. [03/01/2007, 19:45:56] - Searching for Browser Helper Objects: [03/01/2007, 19:45:56] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO) [03/01/2007, 19:45:56] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\pmkjj [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing. [03/01/2007, 19:45:56] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/01/2007, 19:45:56] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\mnyside [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing. [03/01/2007, 19:45:56] - BHO 5: {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\vtstr [03/01/2007, 19:45:56] - Found: HKLM\...\Winlogon\Notify\vtstr - This is probably Virtumundo. [03/01/2007, 19:45:56] - Assigning {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} MSEvents Object [03/01/2007, 19:45:56] - BHO list has been changed! Starting over... [03/01/2007, 19:45:56] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO) [03/01/2007, 19:45:56] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\pmkjj [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing. [03/01/2007, 19:45:56] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/01/2007, 19:45:56] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\mnyside [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing. [03/01/2007, 19:45:56] - BHO 5: {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} (MSEvents Object) [03/01/2007, 19:45:56] - ALERT: Found MSEvents Object! [03/01/2007, 19:45:56] - BHO 6: {37EB498E-7800-A96A-AED9-045FF6ECB283} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\ceamvdb [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\ceamvdb, continuing. [03/01/2007, 19:45:56] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [03/01/2007, 19:45:56] - BHO 8: {911427C3-6065-497F-9C72-B2562DA349C6} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\vtstq [03/01/2007, 19:45:56] - Found: HKLM\...\Winlogon\Notify\vtstq - This is probably Virtumundo. [03/01/2007, 19:45:56] - Assigning {911427C3-6065-497F-9C72-B2562DA349C6} MSEvents Object [03/01/2007, 19:45:56] - BHO list has been changed! Starting over... [03/01/2007, 19:45:56] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO) [03/01/2007, 19:45:56] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\pmkjj [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing. [03/01/2007, 19:45:56] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/01/2007, 19:45:56] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\mnyside [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing. [03/01/2007, 19:45:56] - BHO 5: {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} (MSEvents Object) [03/01/2007, 19:45:56] - ALERT: Found MSEvents Object! [03/01/2007, 19:45:56] - BHO 6: {37EB498E-7800-A96A-AED9-045FF6ECB283} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\ceamvdb [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\ceamvdb, continuing. [03/01/2007, 19:45:56] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\SDHelper [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [03/01/2007, 19:45:56] - BHO 8: {911427C3-6065-497F-9C72-B2562DA349C6} (MSEvents Object) [03/01/2007, 19:45:56] - ALERT: Found MSEvents Object! [03/01/2007, 19:45:56] - BHO 9: {A87A5C44-882B-42BC-27A5-06511D2BA675} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\sagu292 [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\sagu292, continuing. [03/01/2007, 19:45:56] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/01/2007, 19:45:56] - BHO 11: {C3581462-AD4C-43AF-A8A7-AFEFEBA11B44} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\byxwttt [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\byxwttt, continuing. [03/01/2007, 19:45:56] - BHO 12: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - Checking for HKLM\...\Winlogon\Notify\xbiehfer [03/01/2007, 19:45:56] - Key not found: HKLM\...\Winlogon\Notify\xbiehfer, continuing. [03/01/2007, 19:45:56] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [03/01/2007, 19:45:56] - BHO 14: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} () [03/01/2007, 19:45:56] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:56] - No filename found. Continuing. [03/01/2007, 19:45:56] - Finished Searching Browser Helper Objects [03/01/2007, 19:45:56] - * Detected MSEvents Object [03/01/2007, 19:45:56] - Trying to remove MSEvents Object... [03/01/2007, 19:45:57] - Terminating Process: IEXPLORE.EXE [03/01/2007, 19:45:58] - Terminating Process: RUNDLL32.EXE [03/01/2007, 19:45:58] - Disabling Automatic Shell Restart [03/01/2007, 19:45:58] - Terminating Process: EXPLORER.EXE [03/01/2007, 19:45:59] - Suspending the NT Session Manager System Service [03/01/2007, 19:45:59] - Terminating Windows NT Logon/Logoff Manager [03/01/2007, 19:45:59] - Re-enabling Automatic Shell Restart [03/01/2007, 19:45:59] - File to disable: C:\WINDOWS\System32\vtstr.dll [03/01/2007, 19:45:59] - Renaming C:\WINDOWS\System32\vtstr.dll -> C:\WINDOWS\System32\vtstr.dll.vir [03/01/2007, 19:45:59] - File successfully renamed! [03/01/2007, 19:45:59] - Removing HKLM\...\Browser Helper Objects\{2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} [03/01/2007, 19:45:59] - Removing HKCR\CLSID\{2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} [03/01/2007, 19:45:59] - Adding Kill Bit for ActiveX for GUID: {2DD683FF-4391-4C37-AFA6-365BB9C5BBDD} [03/01/2007, 19:45:59] - Deleting ATLEvents/MSEvents Registry entries [03/01/2007, 19:45:59] - Removing HKLM\...\Winlogon\Notify\vtstr [03/01/2007, 19:45:59] - Searching for Browser Helper Objects: [03/01/2007, 19:45:59] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO) [03/01/2007, 19:45:59] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} () [03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\pmkjj [03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing. [03/01/2007, 19:45:59] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/01/2007, 19:45:59] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} () [03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\mnyside [03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing. [03/01/2007, 19:45:59] - BHO 5: {37EB498E-7800-A96A-AED9-045FF6ECB283} () [03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\ceamvdb [03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\ceamvdb, continuing. [03/01/2007, 19:45:59] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} () [03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper [03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [03/01/2007, 19:45:59] - BHO 7: {911427C3-6065-497F-9C72-B2562DA349C6} (MSEvents Object) [03/01/2007, 19:45:59] - ALERT: Found MSEvents Object! [03/01/2007, 19:45:59] - BHO 8: {A87A5C44-882B-42BC-27A5-06511D2BA675} () [03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\sagu292 [03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\sagu292, continuing. [03/01/2007, 19:45:59] - BHO 9: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/01/2007, 19:45:59] - BHO 10: {C3581462-AD4C-43AF-A8A7-AFEFEBA11B44} () [03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\byxwttt [03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\byxwttt, continuing. [03/01/2007, 19:45:59] - BHO 11: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:59] - Checking for HKLM\...\Winlogon\Notify\xbiehfer [03/01/2007, 19:45:59] - Key not found: HKLM\...\Winlogon\Notify\xbiehfer, continuing. [03/01/2007, 19:45:59] - BHO 12: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [03/01/2007, 19:45:59] - BHO 13: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} () [03/01/2007, 19:45:59] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:45:59] - No filename found. Continuing. [03/01/2007, 19:45:59] - Finished Searching Browser Helper Objects [03/01/2007, 19:45:59] - * Detected MSEvents Object [03/01/2007, 19:45:59] - Trying to remove MSEvents Object... [03/01/2007, 19:46:00] - Terminating Process: IEXPLORE.EXE [03/01/2007, 19:46:00] - Terminating Process: RUNDLL32.EXE [03/01/2007, 19:46:00] - Disabling Automatic Shell Restart [03/01/2007, 19:46:00] - Terminating Process: EXPLORER.EXE [03/01/2007, 19:46:00] - Suspending the NT Session Manager System Service [03/01/2007, 19:46:01] - Terminating Windows NT Logon/Logoff Manager [03/01/2007, 19:46:01] - Re-enabling Automatic Shell Restart [03/01/2007, 19:46:01] - File to disable: C:\WINDOWS\System32\vtstq.dll [03/01/2007, 19:46:01] - Removing HKLM\...\Browser Helper Objects\{911427C3-6065-497F-9C72-B2562DA349C6} [03/01/2007, 19:46:01] - Removing HKCR\CLSID\{911427C3-6065-497F-9C72-B2562DA349C6} [03/01/2007, 19:46:01] - Adding Kill Bit for ActiveX for GUID: {911427C3-6065-497F-9C72-B2562DA349C6} [03/01/2007, 19:46:01] - Deleting ATLEvents/MSEvents Registry entries [03/01/2007, 19:46:01] - Removing HKLM\...\Winlogon\Notify\vtstq [03/01/2007, 19:46:01] - Searching for Browser Helper Objects: [03/01/2007, 19:46:01] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (Yahoo! Companion BHO) [03/01/2007, 19:46:01] - BHO 2: {067BE456-B710-4015-84FF-E09B52ACE092} () [03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\pmkjj [03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\pmkjj, continuing. [03/01/2007, 19:46:01] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper) [03/01/2007, 19:46:01] - BHO 4: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} () [03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\mnyside [03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing. [03/01/2007, 19:46:01] - BHO 5: {37EB498E-7800-A96A-AED9-045FF6ECB283} () [03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\ceamvdb [03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\ceamvdb, continuing. [03/01/2007, 19:46:01] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} () [03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\SDHelper [03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing. [03/01/2007, 19:46:01] - BHO 7: {A87A5C44-882B-42BC-27A5-06511D2BA675} () [03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\sagu292 [03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\sagu292, continuing. [03/01/2007, 19:46:01] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) [03/01/2007, 19:46:01] - BHO 9: {C3581462-AD4C-43AF-A8A7-AFEFEBA11B44} () [03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\byxwttt [03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\byxwttt, continuing. [03/01/2007, 19:46:01] - BHO 10: {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} () [03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:46:01] - Checking for HKLM\...\Winlogon\Notify\xbiehfer [03/01/2007, 19:46:01] - Key not found: HKLM\...\Winlogon\Notify\xbiehfer, continuing. [03/01/2007, 19:46:01] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class) [03/01/2007, 19:46:01] - BHO 12: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} () [03/01/2007, 19:46:01] - WARNING: BHO has no default name. Checking for Winlogon reference. [03/01/2007, 19:46:01] - No filename found. Continuing. [03/01/2007, 19:46:01] - Finished Searching Browser Helper Objects [03/01/2007, 19:46:01] - Finishing up... [03/01/2007, 19:46:01] - A restart is needed. [03/01/2007, 19:46:16] - Attempting to Restart via STOP error (Blue Screen!)