Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Vundo virus on a System32 file


  • Please log in to reply

#1
Problem Child

Problem Child

    New Member

  • Member
  • Pip
  • 2 posts
Hello, first I must say what you guys are doing is great. Also, I really hope I posted this in the right place, and if I haven't, my mistake. I'm quite new to this whole thing.

Anyway, let me get right to it. My anti-virus (Symnatec Anti-Virus) keeps detecting a "Trojan.Vundo" virus on a file named "C:WINDOWS\system32\ddaya.dll". And the pop up I get always reads "Clean failed:Delete failed: Access denied" though I have administrative settings on my account. I was smart enough to read and follow all the steps you guys provided with deleting the malaware by running various programs such as Ad-aware, but after rebooting I still seem to have the virus. My computer isn't horrificly effected by it, it just runs incredibly slow now, perhaps slower than dial up though I have a cable modem. Anyway, I suppose I'm suppose to paste what the HiJackThis program thing did, so here goes:

Logfile of HijackThis v1.99.1
Scan saved at 11:04:01 PM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Johathan\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.2
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddaya.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098580751125
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/c...tallerProj1.cab
O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)





And also heres the report from the ewildo scan in case you might need it





---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:45:42 PM, 10/17/2005
+ Report-Checksum: B546ED63

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{258A3625-183B-4477-AEE2-EA54DF6D878D}\TypeLib\\ -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5178 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5183 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5308 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5353 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5556 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5610 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5890 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5895 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5903 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5921 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5982 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5988 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6008 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6183 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6251 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6255 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6258 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6365 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6585 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6669 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5574 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5577 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_6685 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_5787 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_5808 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_5820 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_5826 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_5828 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_6069 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3\Seqn_6299 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5517 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5840 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5955 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6376 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2\Seqn_5535 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2\Seqn_5553 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2\Seqn_6540 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_5913 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5248 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5271 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5285 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_6047 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_6200 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_6421 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5276 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5299 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5313 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5490 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5610 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5790 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5817 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5895 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5921 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6221 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6236 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6251 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6253 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6272 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6365 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6526 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6585 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6609 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5178 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5183 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5308 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5353 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5556 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5610 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5890 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5895 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5921 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5988 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6008 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6183 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6251 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6255 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6258 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6365 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6526 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6585 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6669 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5574 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5577 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5693 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6685 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5787 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5808 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5820 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5826 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5828 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6069 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6299 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5735 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5792 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5882 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5930 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6573 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6599 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6831 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5532 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6738 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6739 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6176 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6292 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_6123 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_6186 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_6385 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-682003330-1177238915-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Awilda\Cookies\awilda@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Johathan\Cookies\johathan@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Johathan\Cookies\johathan@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Johathan\Cookies\johathan@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup


::Report End

Well, that's all I'm suppose to do I think. I really appreciate the help, and I don't want to sound like I'm bribing you guys or anything but I'm more than willing to send some cash to whoever it is that helps me. (I was glad to see you have that option in another post/reply I saw in your web page) Thanks again, and keep up the great work. This is a really nice gift to the entire online world, a blessing in my case since some computer store was going to charge me $300 to fix this lol. Sorry for the poor grammar there, and I'll wait with much patience till you guys reply. Take care now, and thanks again.
  • 0

Advertisements


#2
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Hi Problem Child, Welcome to GTG !! :tazz:

Sorry for the delay in reviewing your post !!

I am working on your log. As soon as a MR Staff Member reviews my fix, I will post it for you.
Thank you for being patient.
  • 0

#3
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
You may wish to print out a copy of these instructions to follow while you complete this procedure

I need you to download some programs to aide in our fix :Do Not Run Them Yet

Please make sure you are logged into an Administrator account !!

Download VundoFix.exe to your desktop.

Download and install CCleaner

Download and unzip BFU.zip
Run the program and click the Web button to the right of the Dialog box at top
Copy and Paste this URL into the address bar of the Download script window:

http://metallica.geekstogo.com/p2pnetwork.bfu

Execute the script by clicking the Execute button.

Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.

Reboot to Safe mode
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning.
It should look like this

VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....


At this point press enter one time.
Next you will see:

Please Type in the filepath as instructed by the forum staff
and then press enter:


At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\ddaya.dll

Press Enter to continue with the fix.
Next you will see:

Please type in the second filepath as instructed by the forum
staff then press enter:


At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\ayadd.*

Press Enter to continue with the fix.
The fix will run then HijackThis will open, if it does not open automatically please open it manually.
In HiJackThis, please place a check next to the following items :(if present)

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ddaya.dll

O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe

O20 - Winlogon Notify: ddaya - C:\WINDOWS\system32\ddaya.dll


Click Fix Checked

Close HijackThis and reboot to Normal mode

Open CCleaner
NOTE:DO NOT USE THE ISSUES TAB!!!!
Options, Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours" (for cleaning malware files!)

Options, Settings: Check "Run CCleaner when system starts" (optional)
Options, Settings: Check "Add 'Run Cleaner' option to Recycle Bin context menu" (optional)

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp\
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet\Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
Hit OK
In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders
Then click on Run Cleaner.
Put check in box to not show message again.
It will automatically clean.
Close out CCleaner.

Run Panda's ActiveScan and perform a full system scan.
Once you are on the Panda site click the "Scan your PC" button
A new window will open...click the big "Check Now" button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
Click on "Local Disks" to start the scan

Reboot and post the ActiveScan results, along with a new HiJackThis log and the vundofix.txt here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP