Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.dll problems


  • This topic is locked This topic is locked
16 replies to this topic

#1 appage21

appage21

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 03 March 2009 - 04:31 AM

I can't get that dds program to run on my computer...here is a regular hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:07 AM, on 3/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\3M\PSNotes\psn.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\PROGRA~1\3M\PSNotes\PSNGive.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://umass.edu/umhome/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {c91c9f6f-95ab-4266-91da-a717ce4d91cf} - C:\WINDOWS\system32\dopatuge.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [MaxtorOneTouch] "C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [98db2883] rundll32.exe "C:\WINDOWS\system32\tebuzefu.dll",b
O4 - HKLM\..\Run: [CPM9be81b1f] Rundll32.exe "c:\windows\system32\siwiyage.dll",a
O4 - HKLM\..\Run: [zorewubovo] Rundll32.exe "C:\WINDOWS\system32\siyefade.dll",s
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [zorewubovo] Rundll32.exe "C:\WINDOWS\system32\siyefade.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes\psn.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Andy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Andy\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...74/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093798515500
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.dotphoto.com/XUpload.ocx
O20 - AppInit_DLLs: c:\windows\system32\siwiyage.dll,C:\WINDOWS\system32\jayidove.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\siwiyage.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\siwiyage.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - about:home
O24 - Desktop Component 1: (no name) - http://images5.fotki.com/v89/photos/4/4385....jpg?1094247128

--
End of file - 10930 bytes

BC AdBot (Login to Remove)

 


#2 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:57 PM

Posted 12 March 2009 - 08:55 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma. Appologies for taking so long in getting to you and your problem.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Are you having any other problems with your computer? The better description the better I can help you.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#3 appage21

appage21
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 12 March 2009 - 10:26 PM

still gettin warnings about yabypo.dll


Malwarebytes' Anti-Malware 1.34
Database version: 1842
Windows 5.1.2600 Service Pack 2

3/12/2009 10:20:57 PM
mbam-log-2009-03-12 (22-20-57).txt

Scan type: Quick Scan
Objects scanned: 78670
Time elapsed: 12 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\ketedoti.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\jayidove.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\dopatuge.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\siyefade.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\diwunawo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c91c9f6f-95ab-4266-91da-a717ce4d91cf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c91c9f6f-95ab-4266-91da-a717ce4d91cf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c91c9f6f-95ab-4266-91da-a717ce4d91cf} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6f7d-442c-93e3-4a4827c2e4c8} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorDoctor (Rogue.ErrorDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\98db2883 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zorewubovo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jayidove.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jayidove.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jayidove.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\SoftwareDoctor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\diwunawo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\owanuwid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ketedoti.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\itodetek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\siyefade.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\dopatuge.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\jayidove.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\~.exe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\$7F0350EF.t$m (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe.BAK (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor\ignore.lst (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2005-11-21_17-55-05.reg (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2005-11-21_18-01-20.reg (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cmd.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ping.com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

Edited by appage21, 12 March 2009 - 10:29 PM.


#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:57 PM

Posted 12 March 2009 - 10:39 PM

Please reboot if you didn't and run a full scan of Malwarebytes' Anti-Malware. Also can you tell me what is warning you about yabypo.dll?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 appage21

appage21
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 12 March 2009 - 10:44 PM

winpatrol is warning me..i did a full scan and a reboot...i'll do another one though

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:57 PM

Posted 12 March 2009 - 10:48 PM

go to the options tab in Winpatrol and click the spreadsheet report. Save it to your desktop, and then attach it to your next reply.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 appage21

appage21
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 12 March 2009 - 10:59 PM

Log created by WinPatrol PLUS version 12.2.2007.0:12.2.2007.0
Scan saved at 10:57:57 PM on 3/12/2009
Type SubType Title Filename Company First Detected Path Description Version
HKLM Run AVG7_CC avgcc.exe /STARTUP 11/9/2007 0:53 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
HKLM Run MaxtorOneTouch OneTouch.exe Maxtor Corporation 11/9/2007 0:53 C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe Maxtor OneTouch Detection 4 0 1 0
HKLM Run mxomssmenu maxmenumgr.exe Maxtor Corp. 11/9/2007 0:53 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe MSS & OneTouch™ MFC Application 1 0 1 12
HKLM Run NeroFilterCheck NeroCheck.exe Nero AG 11/9/2007 0:53 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe NeroCheck 1 0 0 5
HKLM Run SpySweeper SpySweeperUI.exe /startintray 11/9/2007 0:53 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
HKLM Run Adobe Reader Speed Launcher Reader_sl.exe Adobe Systems Incorporated 11/9/2007 0:53 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe Adobe Acrobat SpeedLauncher 8.0.0.0
HKLM Run QuickTime Task QTTask.exe -atboottime 11/9/2007 0:53 C:\Program Files\QuickTime\QTTask.exe -atboottime
HKLM Run WinPatrol PLUS WinPatrol.exe BillP Studios 11/9/2007 0:53 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe WinPatrol System Monitor 12.2.2007.0
HKLM Run RoxWatchTray RoxWatchTray9.exe Sonic Solutions 11/22/2008 14:32 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe RoxMMTrayApp Module 9.4.1.2
HKCU Run PeerGuardian pg2.exe Methlabs 11/9/2007 0:53 C:\Program Files\PeerGuardian2\pg2.exe PeerGuardian 2 2 0 6 4
HKCU Run Vidalia vidalia.exe 11/28/2008 22:25 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
Startup Folder Digital Line Detection DLG.exe BVRP Software 11/9/2007 0:53 C:\Program Files\Digital Line Detect\DLG.exe Digital Line Detection 1 0 0 1
Startup Folder Post-it® Software Notes psn.exe 3M 11/9/2007 0:53 C:\Program Files\3M\PSNotes\psn.exe Post-it® Software Notes: System 3 0 2 2069
Startup Folder Privoxy privoxy.exe The Privoxy team - www.privoxy.org 11/28/2008 22:25 C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe Privoxy 3.0.6
Active Tasks Windows NT Session Manager smss.exe Microsoft Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\smss.exe Windows NT Session Manager 5.1.2600.2180
Active Tasks Windows NT Logon Application winlogon.exe Microsoft Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\winlogon.exe Windows NT Logon Application 5.1.2600.2180
Active Tasks Services and Controller app services.exe Microsoft Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\services.exe Services and Controller app 5.1.2600.2180
Active Tasks LSA Shell (Export Version) lsass.exe Microsoft Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\lsass.exe LSA Shell (Export Version) 5.1.2600.2180
Active Tasks Generic Host Process for Win32 Services svchost.exe Microsoft Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\svchost.exe Generic Host Process for Win32 Services 5.1.2600.2180
Active Tasks Spooler SubSystem App spoolsv.exe Microsoft Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\spoolsv.exe Spooler SubSystem App 5.1.2600.2696
Active Tasks Apple Mobile Device Service APPLEMOBILEDEVICESERVICE.EXE Apple Inc. 11/9/2007 0:53 C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\bin\APPLEMOBILEDEVICESERVICE.EXE Apple Mobile Device Service 1 14 0 0
Active Tasks AVG Alert Manager avgamsvr.exe GRISOFT s.r.o. 11/9/2007 0:53 C:\Program Files\Grisoft\AVG Free\avgamsvr.exe AVG Alert Manager 7.5.0.496
Active Tasks AVG Update Service avgupsvc.exe GRISOFT s.r.o. 11/9/2007 0:53 C:\Program Files\Grisoft\AVG Free\avgupsvc.exe AVG Update Service 7.5.0.420
Active Tasks Cepstral License Server CEPSTRALLICSRV.EXE Cepstral LLC 2/20/2009 3:50 C:\PROGRAM FILES\Cepstral\bin\CEPSTRALLICSRV.EXE Cepstral License Server 4 2 0 0
Active Tasks Content Index service cisvc.exe Microsoft Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\cisvc.exe Content Index service 5.1.2600.2180
Active Tasks ewido control EWIDOCTRL.EXE ewido networks 11/9/2007 0:53 C:\PROGRAM FILES\EWIDO ANTI-MALWARE\EWIDOCTRL.EXE ewido control 3 0 0 1
Active Tasks Java™ Quick Starter Service jqs.exe Sun Microsystems Inc. 11/22/2008 18:46 C:\PROGRAM FILES\Java\jre6\bin\jqs.exe Java™ Quick Starter Service 6.0.100.33
Active Tasks MaxBackServiceInt Module MAXBACKSERVICEINT.EXE 11/9/2007 0:53 C:\PROGRAM FILES\Maxtor\MAXTOR BACKUP\MAXBACKSERVICEINT.EXE MaxBackServiceInt Module 1 0 0 3
Active Tasks SyncServices SYNCSERVICES.EXE 11/9/2007 0:53 C:\PROGRAM FILES\Maxtor\OneTouch\Utils\SYNCSERVICES.EXE SyncServices 1 0 0 1
Active Tasks NVIDIA Driver Helper Service Version 42.38 nvsvc32.exe NVIDIA Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\nvsvc32.exe NVIDIA Driver Helper Service Version 42.38 6.13.10.4238
Active Tasks Spy Sweeper Engine SPYSWEEPER.EXE Webroot Software Inc. 11/9/2007 0:53 C:\PROGRAM FILES\Webroot\SPY SWEEPER\SPYSWEEPER.EXE Spy Sweeper Engine 3 2
Active Tasks WLService WLSERVICE.EXE GEMTEKS 11/18/2008 22:49 C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI WIRELESS NETWORK MONITOR\WLSERVICE.EXE WLService 1 0 0 4
Active Tasks WMP54Gv4 WMP54Gv4.exe Linksys 11/18/2008 22:51 C:\PROGRAM FILES\LINKSYS WIRELESS-G PCI WIRELESS NETWORK MONITOR\WMP54Gv4.exe 4.3
Active Tasks Windows Explorer explorer.exe Microsoft Corporation 11/9/2007 0:53 C:\WINDOWS\explorer.exe Windows Explorer 6.00.2900.2180
Active Tasks AVG Control Center avgcc.exe GRISOFT s.r.o. 11/9/2007 0:53 C:\Program Files\Grisoft\AVG Free\avgcc.exe AVG Control Center 7.5.0.554
Active Tasks Maxtor OneTouch Detection OneTouch.exe Maxtor Corporation 11/9/2007 0:53 C:\PROGRAM FILES\Maxtor\OneTouch\Utils\OneTouch.exe Maxtor OneTouch Detection 4 0 1 0
Active Tasks MSS & OneTouch™ MFC Application MAXMENUMGR.EXE Maxtor Corp. 11/9/2007 0:53 C:\PROGRAM FILES\Maxtor\ONETOUCH STATUS\MAXMENUMGR.EXE MSS & OneTouch™ MFC Application 1 0 1 12
Active Tasks Spy Sweeper Client Executable SPYSWEEPERUI.EXE Webroot Software Inc. 11/9/2007 0:53 C:\PROGRAM FILES\Webroot\SPY SWEEPER\SPYSWEEPERUI.EXE Spy Sweeper Client Executable 5 2
Active Tasks WinPatrol PLUS WINPATROL.EXE BillP Studios 11/9/2007 0:53 C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE WinPatrol System Monitor 12.2.2007.0
Active Tasks PeerGuardian 2 pg2.exe Methlabs 11/11/2007 0:55 C:\PROGRAM FILES\PEERGUARDIAN2\pg2.exe PeerGuardian 2 2 0 6 4
Active Tasks vidalia vidalia.exe 11/28/2008 22:32 C:\PROGRAM FILES\VIDALIA BUNDLE\Vidalia\vidalia.exe
Active Tasks Post-it® Software Notes: System psn.exe 3M 11/9/2007 0:53 C:\PROGRAM FILES\3M\PSNotes\psn.exe Post-it® Software Notes: System 3 0 2 2069
Active Tasks Privoxy privoxy.exe The Privoxy team - www.privoxy.org 11/28/2008 22:32 C:\PROGRAM FILES\VIDALIA BUNDLE\Privoxy\privoxy.exe Privoxy 3.0.6
Active Tasks Post-it® Software Notes: GiveNote PSNGive.exe 3M 11/9/2007 0:53 C:\Program Files\3M\PSNotes\PSNGive.exe Post-it® Software Notes: GiveNote 3 0 2 2069
Active Tasks ssu ssu.exe 11/9/2007 0:53 C:\PROGRAM FILES\Webroot\SPY SWEEPER\ssu.exe
Active Tasks tor tor.exe 11/28/2008 22:32 C:\PROGRAM FILES\VIDALIA BUNDLE\Tor\tor.exe
Active Tasks Indexing Service filter daemon CIDAEMON.EXE Microsoft Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\CIDAEMON.EXE Indexing Service filter daemon 5.1.2600.0
Active Tasks WinPatrol PLUS WINPATROLEX.EXE BillP Studios 11/9/2007 0:55 C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE WinPatrol Explorer 12.2.2007.0
IE Helpers BHO Adobe PDF Reader Link Helper AcroIEHelper.dll Adobe Systems Incorporated 11/9/2007 0:53 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Adobe PDF Helper for Internet Explorer 8.0.0.2006102200
IE Helpers BHO FGCatchUrl jccatch.dll www.flashget.com 11/13/2007 0:46 C:\Program Files\FlashGet\jccatch.dll Flashget CatchUrl Module 1 8 4 1007
IE Helpers BHO yabypo yabypo.dll C:\WINDOWS\SYSTEM32\yabypo.dll
IE Helpers BHO JQSIEStartDetectorImpl Class jqs_plugin.dll Sun Microsystems Inc. 11/22/2008 18:44 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll Java™ Quick Starter binary 6.0.100.33
IE Helpers BHO FlashGet GetFlash Class getflash.dll www.flashget.com 11/13/2007 0:46 C:\Program Files\FlashGet\getflash.dll Flashget GetFlash Module 1 8 4 1003
IE Helpers Toolbar &Radio msdxm.ocx 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\msdxm.ocx
Services Stopped Adobe LM Service Adobelmsvc.exe 11/9/2007 0:53 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
Services Running Apple Mobile Device AppleMobileDeviceService.exe Apple Inc. 11/9/2007 0:53 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe Apple Mobile Device Service 1 14 0 0
Services Running AVG7 Alert Manager Server avgamsvr.exe GRISOFT s.r.o. 11/9/2007 0:53 C:\Program Files\Grisoft\AVG Free\avgamsvr.exe AVG Alert Manager 7.5.0.496
Services Running AVG7 Update Service avgupsvc.exe GRISOFT s.r.o. 11/9/2007 0:53 C:\Program Files\Grisoft\AVG Free\avgupsvc.exe AVG Update Service 7.5.0.420
Services Running Cepstral License Server CepstralLicSrv.exe Cepstral LLC 2/20/2009 3:57 C:\Program Files\Cepstral\bin\CepstralLicSrv.exe Cepstral License Server 4 2 0 0
Services Stopped Logical Disk Manager dmserver.dll 11/9/2007 0:53 C:\WINDOWS\System32\dmserver.dll
Services Running ewido security suite control ewidoctrl.exe ewido networks 11/9/2007 0:53 C:\Program Files\ewido anti-malware\ewidoctrl.exe ewido control 3 0 0 1
Services Stopped InstallDriver Table Manager IDriverT.exe Macrovision Corporation C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe IDriverT Module 10.5
Services Stopped iPod Service iPodService.exe Apple Inc. 11/9/2007 0:53 C:\Program Files\iPod\bin\iPodService.exe iPodService Module 7.4.3.1
Services Running Java Quick Starter jqs.conf 11/22/2008 18:56 C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
Services Running MaxBackServiceInt MaxBackServiceInt.exe 11/9/2007 0:53 C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe MaxBackServiceInt Module 1 0 0 3
Services Stopped NBService NBService.exe Nero AG 11/9/2007 0:53 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe Nero BackItUp 2 2 9 0
Services Stopped Intel NCS NetService NetSvc.exe Intel® Corporation 11/9/2007 0:53 C:\Program Files\Intel\NCS\Sync\NetSvc.exe NetSvc Module 1.2.26.0
Services Running MaxSyncService SyncServices.exe 11/9/2007 0:53 C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe SyncServices 1 0 0 1
Services Running NVIDIA Driver Helper Service nvsvc32.exe NVIDIA Corporation 11/9/2007 0:53 C:\WINDOWS\SYSTEM32\nvsvc32.exe NVIDIA Driver Helper Service Version 42.38 6.13.10.4238
Services Stopped Roxio UPnP Renderer 9 RoxioUPnPRenderer9.exe Sonic Solutions 11/22/2008 14:52 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe Roxio LiveShare Service 9.0.0.93
Services Stopped Roxio Upnp Server 9 RoxioUpnpService9.exe Sonic Solutions 11/22/2008 14:52 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe RoxioUpnpService9 Module 9.4.0.89
Services Stopped LiveShare P2P Server 9 RoxLiveShare9.exe Sonic Solutions 11/22/2008 14:52 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe Roxio LiveShare Service 9.4.1.2
Services Stopped RoxMediaDB9 RoxMediaDB9.exe Sonic Solutions 11/22/2008 14:52 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe RoxMediaDB9 Module
Services Stopped Roxio Hard Drive Watcher 9 RoxWatch9.exe Sonic Solutions 11/22/2008 14:52 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe RoxSniffer9 Module 9.4.1.2
Services Running Webroot Spy Sweeper Engine SpySweeper.exe Webroot Software Inc. 11/9/2007 0:53 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Spy Sweeper Engine 3 2
Services Stopped WMP54Gv4SVC WLService.exe WMP54Gv4.exe 11/18/2008 22:59 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe

#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:57 PM

Posted 12 March 2009 - 11:53 PM

go to Virustotal and submit the file C:\WINDOWS\SYSTEM32\yabypo.dll for scanning, and then let me know the results.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 appage21

appage21
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 12 March 2009 - 11:59 PM

Additional information
File size: 142336 bytes
MD5...: 6cce8b61f565b925cd1074ca09040742
SHA1..: 8396f931c2e6ab304fbe3d1db9eef80e4c73b756
SHA256: 97daf98a0e44296ee6f9edbba559c55685910ee7433f54ea1c02970fdc891f5b
SHA512: 86361ee8578bab29757405ab2ae1c108acdaee5277025c135101be9ae773835f
f7e9e7bf17399f77262cb531339719f4464a1dfdce6b23f53bef9827b61d87f8
ssdeep: 3072:lzJ6lGCNHeokZQB3+kgTmxApdr2BUDM3huO0s99QqJ0/V:eEo2wg6AGBUDA
YsLQys
PEiD..: -
TrID..: File type identification
Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1228
timedatestamp.....: 0x46a6df04 (Wed Jul 25 05:26:28 2007)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6844 0x6a00 7.84 adf727fef09ddd6b834dcf781570b4c4
.data 0x8000 0x10970 0x10a00 7.99 f2b841bc96eaf762bb8f8bf1f67a2d23
.rdata 0x19000 0x9ffb 0xa000 8.00 72fa7fb2a5c4149154a1412568c1cf1d
BSS 0x23000 0x729 0x800 0.00 c99a74c555371a433d121f551d6c6398
.rsrc 0x24000 0x600 0x600 2.63 8a34bb39a34da9adb7b9464643b8df1f
.reloc 0x25000 0x16ed1 0x600 7.70 407db69d08f08a0da4dc8fcd1de1cc63

( 2 imports )
> kernel32.dll: CopyFileA, CreateFileA, FindFirstFileA, FindResourceA, FreeEnvironmentStringsW, FreeLibrary, GetCurrentThreadId, GetFileAttributesA, GetFileTime, GetFullPathNameA, GlobalAlloc, HeapAlloc, HeapCreate, InterlockedIncrement, MapViewOfFile, SetHandleCount, Sleep, lstrcpyA
> user32.dll: CallNextHookEx, CharUpperA, ClientToScreen, DispatchMessageA, EmptyClipboard, EnableWindow, GetKeyState, GetSubMenu, OffsetRect, OpenClipboard, SendMessageA, SetActiveWindow, SetDlgItemTextA, SetPropA, SetWindowLongA, SetWindowTextA, UnhookWindowsHookEx

#10 appage21

appage21
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 13 March 2009 - 12:02 AM

ooops, heres the first part

a-squared 4.0.0.101 2009.03.13 -
AhnLab-V3 5.0.0.2 2009.03.12 -
AntiVir 7.9.0.109 2009.03.12 TR/Vundo.Gen
Authentium 5.1.0.4 2009.03.12 -
Avast 4.8.1335.0 2009.03.12 -
AVG 8.0.0.237 2009.03.12 -
BitDefender 7.2 2009.03.13 Gen:Trojan.Heur.Vundo.80EC130303
CAT-QuickHeal 10.00 2009.03.12 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1051 2009.03.12 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 Suspicious File
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.12 W32/Virtumonde.AO2.gen!Eldorado
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 -
GData 19 2009.03.13 Gen:Trojan.Heur.Vundo.80EC130303
Ikarus T3.1.1.45.0 2009.03.13 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5551 2009.03.12 Vundo.gen.aj
McAfee+Artemis 5551 2009.03.12 Vundo.gen.aj
Microsoft 1.4405 2009.03.12 Trojan:Win32/Vundo.gen!H
NOD32 3933 2009.03.13 -
Norman 6.00.06 2009.03.12 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.12 -
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 -
Rising 21.20.40.00 2009.03.13 Trojan.Win32.VUNDO.cpu
SecureWeb-Gateway 6.7.6 2009.03.13 Trojan.Vundo.Gen
Sophos 4.39.0 2009.03.13 Troj/Virtum-Gen
Sunbelt 3.2.1858.2 2009.03.13 Virtumonde
Symantec 1.4.4.12 2009.03.13 -
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 -
ViRobot 2009.3.12.1647 2009.03.12 -
VirusBuster 4.5.11.0 2009.03.12 -

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:57 PM

Posted 13 March 2009 - 12:06 AM

See if you can just delete the file.If you can, after you delete it empty your recycle bin.

Edited by Hoov, 13 March 2009 - 12:06 AM.

Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#12 appage21

appage21
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 13 March 2009 - 12:08 AM

access denied

#13 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:57 PM

Posted 13 March 2009 - 07:47 AM

Open hijackthis and click the button for Misc tools. Then click the button Delete a File on Reboot. Browse to C:\WINDOWS\SYSTEM32\yabypo.dll and then click open. You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now, otherwise click on the No button to reboot later.

After the computer has rebooted, check to see if the file is gone. If it is gone, update Malwarebytes' Anti-Malware and then run a full scan. Also are you still having the original problem? If you are has it changed at all?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#14 appage21

appage21
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 13 March 2009 - 03:42 PM

all appears to be better...thank you kindly, i appreciate it

#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:08:57 PM

Posted 13 March 2009 - 07:05 PM

We still have a few things to do. Can you run DDS now? I don't need the log, but I just want to make sure you can run it now if needed.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users