Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ddcyw.dll = my hijackthis log, help pls

Started by c13mera77 , Jan 06 2008 11:18 AM

  • Please log in to reply

#1
c13mera77
Posted 06 January 2008 - 11:18 AM

c13mera77

    New Member

  • Member
  • Pip
  • 1 posts
I have gone through the successful removal steps in the following forum link helped by Trevuren:

LINK: http://www.geekstogo...-...42490&st=60

MY PROBLEM NOT YET SOLVED.. PLEASE HELP

My log file VBG.TXT has following contents after running that exe in safe mode:


[01/06/2008, 15:58:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
[01/06/2008, 15:58:50] - Detected System Information:
[01/06/2008, 15:58:50] - Windows Version: 5.1.2600, Service Pack 2
[01/06/2008, 15:58:50] - Current Username: Administrator (Admin)
[01/06/2008, 15:58:50] - Windows is in SAFE mode with Networking.
[01/06/2008, 15:58:50] - Searching for Browser Helper Objects:
[01/06/2008, 15:58:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/06/2008, 15:58:50] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/06/2008, 15:58:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:50] - No filename found. Continuing.
[01/06/2008, 15:58:50] - BHO 3: {C43FE97B-27B2-48AE-94F1-9A6B616EEB07} ()
[01/06/2008, 15:58:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:50] - Checking for HKLM\...\Winlogon\Notify\ddcyw
[01/06/2008, 15:58:50] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing.
[01/06/2008, 15:58:50] - BHO 4: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} ()
[01/06/2008, 15:58:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:50] - Checking for HKLM\...\Winlogon\Notify\yayvvwu
[01/06/2008, 15:58:50] - Found: HKLM\...\Winlogon\Notify\yayvvwu - This is probably Virtumundo.
[01/06/2008, 15:58:50] - Assigning {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} MSEvents Object
[01/06/2008, 15:58:50] - BHO list has been changed! Starting over...
[01/06/2008, 15:58:50] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/06/2008, 15:58:50] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/06/2008, 15:58:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:50] - No filename found. Continuing.
[01/06/2008, 15:58:51] - BHO 3: {C43FE97B-27B2-48AE-94F1-9A6B616EEB07} ()
[01/06/2008, 15:58:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:51] - Checking for HKLM\...\Winlogon\Notify\ddcyw
[01/06/2008, 15:58:51] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing.
[01/06/2008, 15:58:51] - BHO 4: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856} (MSEvents Object)
[01/06/2008, 15:58:51] - ALERT: Found MSEvents Object!
[01/06/2008, 15:58:51] - Finished Searching Browser Helper Objects
[01/06/2008, 15:58:51] - *** Detected MSEvents Object
[01/06/2008, 15:58:51] - Trying to remove MSEvents Object...
[01/06/2008, 15:58:52] - Terminating Process: IEXPLORE.EXE
[01/06/2008, 15:58:52] - Terminating Process: RUNDLL32.EXE
[01/06/2008, 15:58:53] - Disabling Automatic Shell Restart
[01/06/2008, 15:58:53] - Terminating Process: EXPLORER.EXE
[01/06/2008, 15:58:53] - Suspending the NT Session Manager System Service
[01/06/2008, 15:58:53] - Terminating Windows NT Logon/Logoff Manager
[01/06/2008, 15:58:53] - Re-enabling Automatic Shell Restart
[01/06/2008, 15:58:53] - File to disable: C:\WINDOWS\system32\yayvvwu.dll
[01/06/2008, 15:58:53] - Renaming C:\WINDOWS\system32\yayvvwu.dll -> C:\WINDOWS\system32\yayvvwu.dll.vir
[01/06/2008, 15:58:54] - File successfully renamed!
[01/06/2008, 15:58:54] - Removing HKLM\...\Browser Helper Objects\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
[01/06/2008, 15:58:54] - Removing HKCR\CLSID\{FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
[01/06/2008, 15:58:54] - Adding Kill Bit for ActiveX for GUID: {FF64059D-4D2A-4D6B-AA0F-2EE4A2FE3856}
[01/06/2008, 15:58:54] - Deleting ATLEvents/MSEvents Registry entries
[01/06/2008, 15:58:54] - Removing HKLM\...\Winlogon\Notify\yayvvwu
[01/06/2008, 15:58:54] - Searching for Browser Helper Objects:
[01/06/2008, 15:58:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/06/2008, 15:58:54] - BHO 2: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/06/2008, 15:58:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:54] - No filename found. Continuing.
[01/06/2008, 15:58:54] - BHO 3: {C43FE97B-27B2-48AE-94F1-9A6B616EEB07} ()
[01/06/2008, 15:58:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/06/2008, 15:58:55] - Checking for HKLM\...\Winlogon\Notify\ddcyw
[01/06/2008, 15:58:55] - Key not found: HKLM\...\Winlogon\Notify\ddcyw, continuing.
[01/06/2008, 15:58:55] - Finished Searching Browser Helper Objects
[01/06/2008, 15:58:55] - Finishing up...
[01/06/2008, 15:58:55] - A restart is needed.
[01/06/2008, 15:58:55] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/06/2008, 15:59:19] - Attempting to Restart via STOP error (Blue Screen!)



PLEASE HELP ME.. MY LAPTOP IS ALMOST DEAD..

Edited by c13mera77, 06 January 2008 - 12:24 PM.

  • 0

Advertisements

#2
racenutalways
Posted 11 January 2008 - 11:27 AM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hello c13mera77 and welcome to G2G, we need to start at the beginning, jumping steps will cause us to miss things, let's start with this:

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP