Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ddcyw.dll = my hijackthis log, help pls


  • Please log in to reply

#1
c13mera77

c13mera77

    New Member

  • Member
  • Pip
  • 1 posts
I have gone through the successful removal steps in the following forum link helped by Trevuren:

LINK: http://www.geekstogo...-...42490&st=60

MY PROBLEM NOT YET SOLVED.. PLEASE HELP


My log file VBG.TXT has following contents after running that exe in safe mode:


[01/06/2008, 15:58:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
[01/06/2008, 15:58:50] - Detected System Information:
[01/06/2008, 15:58:50] - Windows Version: 5.1.2600, Service Pack 2
[01/06/2008, 15:58:50] - Current Username: Administrator (Admin)
[01/06/2008, 15:58:50] - Windows is in SAFE mode with Networking.
[01/06/2008, 15:58:50] - Searching for Browser Helper Objects:
[01/06/2008, 15:58:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/06/2008, 15:58:50] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/06/2008, 15:58:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:50] - No filename found. Continuing.
[01/06/2008, 15:58:50] - BHO 3: {C43FE97B-27B2-48AE-94F1-9A6B616EEB07} ()
[01/06/2008, 15:58:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:50] - Checking for HKLM\...\Winlogon\Notify\ddcyw
[01/06/2008, 15:58:50] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing.
[01/06/2008, 15:58:50] - BHO 4: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} ()
[01/06/2008, 15:58:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:50] - Checking for HKLM\...\Winlogon\Notify\yayvvwu
[01/06/2008, 15:58:50] - Found: HKLM\...\Winlogon\Notify\yayvvwu - This is probably Virtumundo.
[01/06/2008, 15:58:50] - Assigning {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} MSEvents Object
[01/06/2008, 15:58:50] - BHO list has been changed! Starting over...
[01/06/2008, 15:58:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/06/2008, 15:58:50] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/06/2008, 15:58:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:50] - No filename found. Continuing.
[01/06/2008, 15:58:51] - BHO 3: {C43FE97B-27B2-48AE-94F1-9A6B616EEB07} ()
[01/06/2008, 15:58:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:51] - Checking for HKLM\...\Winlogon\Notify\ddcyw
[01/06/2008, 15:58:51] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing.
[01/06/2008, 15:58:51] - BHO 4: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} (MSEvents Object)
[01/06/2008, 15:58:51] - ALERT: Found MSEvents Object!
[01/06/2008, 15:58:51] - Finished Searching Browser Helper Objects
[01/06/2008, 15:58:51] - *** Detected MSEvents Object
[01/06/2008, 15:58:51] - Trying to remove MSEvents Object...
[01/06/2008, 15:58:52] - Terminating Process: IEXPLORE.EXE
[01/06/2008, 15:58:52] - Terminating Process: RUNDLL32.EXE
[01/06/2008, 15:58:53] - Disabling Automatic Shell Restart
[01/06/2008, 15:58:53] - Terminating Process: EXPLORER.EXE
[01/06/2008, 15:58:53] - Suspending the NT Session Manager System Service
[01/06/2008, 15:58:53] - Terminating Windows NT Logon/Logoff Manager
[01/06/2008, 15:58:53] - Re-enabling Automatic Shell Restart
[01/06/2008, 15:58:53] - File to disable: C:\WINDOWS\system32\yayvvwu.dll
[01/06/2008, 15:58:53] - Renaming C:\WINDOWS\system32\yayvvwu.dll -> C:\WINDOWS\system32\yayvvwu.dll.vir
[01/06/2008, 15:58:54] - File successfully renamed!
[01/06/2008, 15:58:54] - Removing HKLM\...\Browser Helper Objects\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
[01/06/2008, 15:58:54] - Removing HKCR\CLSID\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
[01/06/2008, 15:58:54] - Adding Kill Bit for ActiveX for GUID: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
[01/06/2008, 15:58:54] - Deleting ATLEvents/MSEvents Registry entries
[01/06/2008, 15:58:54] - Removing HKLM\...\Winlogon\Notify\yayvvwu
[01/06/2008, 15:58:54] - Searching for Browser Helper Objects:
[01/06/2008, 15:58:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/06/2008, 15:58:54] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/06/2008, 15:58:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:54] - No filename found. Continuing.
[01/06/2008, 15:58:54] - BHO 3: {C43FE97B-27B2-48AE-94F1-9A6B616EEB07} ()
[01/06/2008, 15:58:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:55] - Checking for HKLM\...\Winlogon\Notify\ddcyw
[01/06/2008, 15:58:55] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing.
[01/06/2008, 15:58:55] - Finished Searching Browser Helper Objects
[01/06/2008, 15:58:55] - Finishing up...
[01/06/2008, 15:58:55] - A restart is needed.
[01/06/2008, 15:58:55] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/06/2008, 15:59:19] - Attempting to Restart via STOP error (Blue Screen!)



PLEASE HELP ME.. MY LAPTOP IS ALMOST DEAD..

Edited by c13mera77, 06 January 2008 - 12:24 PM.

  • 0

Advertisements


#2
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,668 posts
Hello c13mera77 and welcome to G2G, we need to start at the beginning, jumping steps will cause us to miss things, let's start with this:

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP