WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


error loading yaromido.dll

2 posters

descriptionerror loading yaromido.dll Emptyerror loading yaromido.dll29th November 2009, 10:20 pm

more_horiz
NOTICE TO OUTSIDE READERS: THIS TOPIC IS NOT TO BE FOLLOWED. THE ADVICE GIVEN IN THIS TOPIC WAS MEANT FOR THIS USER ONLY. THE END RESULT IS NOT RECOMMENDED, AND SHOULD NOT BE USED FOR NORMAL REMOVAL. THANKS FOR COOPERATING WITH GEEKPOLICE. ~DragonMaster Jay

=======

Hello There,

I believe I have some type of Malware or Trojan or what have you.

I receive an error message upon startup that said something like "error loading yaromido.dll" and then I got a ton of pop-ups and my laptop is running slower.

I am running Windows XP and my HiJack This file is listed below.

Thanks in advance for your help!!!

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:36 PM, on 11/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\JOANNA~1\LOCALS~1\Temp\jvincmp3.tmp\winlogon.scr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20091127220444.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [irpzmk] RUNDLL32.EXE C:\WINDOWS\system32\msuwuabo.dll,w
O4 - HKLM\..\Run: [ropovigeb] Rundll32.exe "c:\windows\system32\telonapi.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WePrint Server.lnk = C:\WePrint\WePrint Server.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/e/37.09/HboD-mApHAo/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\yaromido.dll c:\windows\system32\telonapi.dll,matidaha.dll
O21 - SSODL: bikuyesuy - {ed7acd54-5a02-4084-a0ba-0a6167201993} - c:\windows\system32\yaromido.dll (file missing)
O21 - SSODL: dovabajol - {d870ffbf-2e0a-4360-9d6e-f46cf119167e} - c:\windows\system32\telonapi.dll
O22 - SharedTaskScheduler: gahurihor - {ed7acd54-5a02-4084-a0ba-0a6167201993} - c:\windows\system32\yaromido.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {d870ffbf-2e0a-4360-9d6e-f46cf119167e} - c:\windows\system32\telonapi.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Seagate Sync Service - Unknown owner - C:\Program Files\Seagate\Sync\SeaSyncServices.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: WLANKEEPER - Intel®️ Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15397 bytes

Last edited by DragonMaster Jay on 11th December 2009, 2:14 pm; edited 1 time in total (Reason for editing : Notice to outside readers.)

descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll29th November 2009, 11:23 pm

more_horiz
Please download ComboFix error loading yaromido.dll Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

error loading yaromido.dll Query_RC
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
error loading yaromido.dll RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll30th November 2009, 2:18 am

more_horiz
Okay, here is the combofix log . . .

ComboFix 09-11-29.03 - Joanna Kolton 11/29/2009 19:25.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.431 [GMT -6:00]
Running from: c:\documents and settings\Joanna Kolton\desktop\commy.exe
Command switches used :: /stepdel
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\drivers\bywerue.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\ndisapi.dll
c:\windows\mouse.dll
c:\windows\system32\bubagike.dll.tmp
c:\windows\system32\drivers\bywerue.sys
c:\windows\system32\FastNetSrv.exe
c:\windows\system32\FInstall.sys
c:\windows\system32\hjgruirqgoewcp.dat
c:\windows\system32\hjgruiymotfmpo.dat
c:\windows\system32\Install.txt
c:\windows\system32\kezolape.dll.tmp
c:\windows\system32\lsm32.sys
c:\windows\system32\matidaha.dll
c:\windows\system32\riyehahi.dll.tmp
c:\windows\system32\telonapi.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\yagepodo.dll
c:\windows\system32\zavuzogo.dll
c:\windows\system32\zowavami.dll
c:\windows\Tasks\wjsbldlo.job
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSRV
-------\Legacy_FASTNETSRV
-------\Legacy_hjgruiyukrjkvp
-------\Legacy_NDISRD
-------\Legacy_ZKAPP
-------\Service_BtwSrv
-------\Service_fastnetsrv
-------\Service_hjgruiyukrjkvp
-------\Service_zkapp


((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-29 21:50 . 2009-11-29 21:50 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\thecleaner
2009-11-29 21:49 . 2009-11-29 21:53 -------- d-----w- c:\program files\The Cleaner
2009-11-29 04:23 . 2009-11-29 04:23 165880 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-29 04:05 . 2009-11-29 04:05 32768 ----a-w- c:\windows\system32\msuwuabo.dll
2009-11-29 04:04 . 2009-11-28 20:52 52736 ----a-w- c:\windows\system32\caonima1.exe
2009-11-28 23:02 . 2009-11-28 23:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-28 06:35 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-11-28 06:35 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-28 06:25 . 2008-06-10 20:04 31048 ----a-w- c:\windows\system32\drivers\point32.sys
2009-11-28 06:24 . 2009-11-28 06:25 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-11-28 06:18 . 2009-11-28 06:20 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-11-28 04:26 . 2008-04-13 19:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-11-28 04:26 . 2008-04-13 19:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-11-28 04:25 . 2008-04-13 19:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-11-28 04:25 . 2008-04-13 19:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-11-28 04:25 . 2008-04-13 19:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-11-28 04:25 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-11-28 04:25 . 2008-04-13 19:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-11-28 04:25 . 2008-04-13 19:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-11-28 04:24 . 2008-04-13 19:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-11-28 04:24 . 2008-04-13 19:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-11-28 04:24 . 2008-04-13 19:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-11-28 04:24 . 2008-04-13 19:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-11-28 04:24 . 2008-04-13 19:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-11-28 04:24 . 2008-04-13 19:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-11-28 04:24 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-28 04:24 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-28 04:23 . 2008-04-14 01:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-28 04:23 . 2008-04-14 01:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-11-28 04:21 . 2009-07-24 21:05 676720 ----a-w- c:\windows\system32\LCCoin30.dll
2009-11-28 04:21 . 2009-07-24 21:05 101232 ----a-w- c:\windows\VX3000.dll
2009-11-28 04:21 . 2009-07-24 21:05 762208 ----a-w- c:\windows\vVX3000.exe
2009-11-28 04:21 . 2009-07-24 21:05 227680 ----a-w- c:\windows\vVX3000.dll
2009-11-28 04:21 . 2009-07-24 21:05 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2009-11-28 04:21 . 2009-07-24 21:05 175456 ----a-w- c:\windows\system32\cVX3000.dll
2009-11-28 04:19 . 2009-11-28 04:20 -------- d-----w- c:\program files\Microsoft LifeCam
2009-11-28 04:11 . 2007-07-20 00:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-11-28 04:10 . 2009-11-28 04:10 -------- d-----w- c:\windows\Logs
2009-11-27 22:21 . 2004-03-24 15:12 4272 ----a-w- c:\windows\system32\drivers\bvrp_pci.sys
2009-11-13 03:09 . 2009-11-23 00:56 79488 ----a-w- c:\documents and settings\Joanna Kolton\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-03 07:34 . 2009-11-02 12:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-02 12:30 . 2009-11-02 12:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-02 12:30 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-02 12:30 . 2009-11-02 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-02 12:30 . 2009-11-02 12:30 -------- d-----w- c:\program files\Lavasoft
2009-11-01 19:09 . 2003-01-26 19:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-11-01 19:01 . 2009-11-01 19:01 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\AVS4YOU
2009-11-01 19:01 . 2009-11-01 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-11-01 18:58 . 2009-11-01 19:11 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-01 18:58 . 2008-08-13 17:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-11-01 18:58 . 2008-08-13 17:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-11-01 18:58 . 2008-08-13 17:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-11-01 18:58 . 2009-11-01 19:11 -------- d-----w- c:\program files\AVS4YOU
2009-11-01 18:58 . 2008-08-13 17:22 24576 ----a-w- c:\windows\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 03:22 . 2009-05-02 18:04 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\BitTorrent
2009-11-28 17:45 . 2008-08-15 05:11 56296 ----a-w- c:\documents and settings\Joanna Kolton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 15:02 . 2009-02-27 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-28 13:23 . 2009-02-27 05:06 -------- d-----w- c:\program files\Microsoft Works
2009-11-28 07:23 . 2008-08-18 16:38 45692 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-28 05:37 . 2008-08-30 07:04 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\Skype
2009-11-28 04:13 . 2009-02-06 04:34 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\skypePM
2009-11-27 22:21 . 2008-08-13 05:13 -------- d-----w- c:\program files\Modem Helper
2009-11-10 22:45 . 2009-10-10 05:26 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2009-11-10 22:45 . 2009-09-22 03:34 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-11-10 22:45 . 2009-09-22 03:34 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2009-11-10 22:45 . 2009-09-22 03:34 83368 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2009-11-10 22:45 . 2009-09-22 03:34 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2009-11-10 22:45 . 2009-09-22 03:34 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2009-11-10 22:45 . 2009-09-22 03:34 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-10 22:45 . 2009-09-22 03:34 385312 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-10 22:45 . 2009-09-22 03:34 312552 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2009-11-10 22:45 . 2009-09-22 03:34 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-18 04:34 . 2009-10-18 04:34 766 ----a-r- c:\documents and settings\Joanna Kolton\Application Data\Microsoft\Installer\{269710E2-2F71-4A71-A69E-516607E0B17F}\_734ed2d.exe
2009-10-18 04:34 . 2009-10-18 04:34 766 ----a-r- c:\documents and settings\Joanna Kolton\Application Data\Microsoft\Installer\{269710E2-2F71-4A71-A69E-516607E0B17F}\_683d2f33.exe
2009-10-18 04:34 . 2009-10-18 04:34 766 ----a-r- c:\documents and settings\Joanna Kolton\Application Data\Microsoft\Installer\{269710E2-2F71-4A71-A69E-516607E0B17F}\_1b55778f.exe
2009-10-18 04:33 . 2009-10-18 04:33 1916 ----a-w- c:\program files\Shortcut to PossessionsMatters3.exe.lnk
2009-10-18 04:33 . 2009-10-18 04:33 -------- d-----w- c:\program files\PossessionsMatters3
2009-10-17 06:07 . 2009-10-17 06:07 127872 ----a-w- c:\documents and settings\Joanna Kolton\Application Data\Move Networks\uninstall.exe
2009-10-17 06:07 . 2009-02-26 03:16 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\Move Networks
2009-10-17 06:07 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Joanna Kolton\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-10-12 03:56 . 2009-10-12 03:56 -------- d-----w- c:\program files\WhiskeyMilitia
2009-09-28 03:22 . 2009-09-28 03:22 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-23 12:55 . 2009-11-02 12:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 03:11 . 2009-09-08 03:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 21:20 . 2009-08-29 21:20 53248 --sha-w- c:\windows\system32\fiworize.dll
2009-08-29 21:21 . 2009-08-29 21:21 53248 --sha-w- c:\windows\system32\saginewu.dll
2009-08-29 21:20 . 2009-08-29 21:20 61440 --sha-w- c:\windows\system32\sonumiwo.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-30_00.43.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 01:49 . 2009-11-30 01:49 16384 c:\windows\Temp\Perflib_Perfdata_7a4.dat
- 2008-08-11 08:10 . 2009-11-30 00:38 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-11 08:10 . 2009-11-30 01:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-11 08:10 . 2009-11-30 00:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-11 08:10 . 2009-11-30 01:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-08-11 08:10 . 2009-11-30 01:49 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-08-11 08:10 . 2009-11-30 00:38 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-18 03:20 . 2009-11-30 01:49 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-07-18 03:20 . 2009-11-30 00:38 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-05-09 06:14 . 2009-05-09 07:14 1418120 c:\windows\system32\wdfcoinstaller01005.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0830eae-0f4e-4775-9171-58a1ec181282}]
2009-08-29 21:21 53248 --sha-w- c:\windows\system32\saginewu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-03 68856]
"ShutterflyStudio"="c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2008-05-07 2500096]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [BU]
"tcactive"="c:\program files\The Cleaner\tcap.exe" [2009-11-22 2800640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-11-14 1175832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"irpzmk"="c:\windows\system32\msuwuabo.dll" [2009-11-29 32768]
"ropovigeb"="c:\windows\system32\telonapi.dll" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"papesopamo"="zavuzogo.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [BU]

c:\documents and settings\Joanna Kolton\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
WePrint Server.lnk - c:\weprint\WePrint Server.exe [2009-6-4 2100432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-5-31 577597]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 23:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WePrint\\WePrint Server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=
"c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/2/2009 6:42 AM 64288]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/21/2009 9:34 PM 82952]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1179232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/2/2008 9:31 PM 206096]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/21/2009 9:34 PM 270968]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [9/21/2009 9:34 PM 270968]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [10/9/2009 11:27 PM 187112]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [10/9/2009 11:26 PM 141792]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/14/2008 6:33 PM 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 1:15 AM 106496]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/21/2009 9:34 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/21/2009 9:34 PM 312552]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/21/2009 9:34 PM 88480]
S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\Seagate\Sync\SeaSyncServices.exe" --> c:\program files\Seagate\Sync\SeaSyncServices.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/21/2009 9:34 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/21/2009 9:34 PM 83368]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:42]

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-11-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SharedTaskScheduler-{ed7acd54-5a02-4084-a0ba-0a6167201993} - c:\windows\system32\yaromido.dll
SharedTaskScheduler-{d870ffbf-2e0a-4360-9d6e-f46cf119167e} - c:\windows\system32\telonapi.dll
SSODL-bikuyesuy-{ed7acd54-5a02-4084-a0ba-0a6167201993} - c:\windows\system32\yaromido.dll
SSODL-dovabajol-{d870ffbf-2e0a-4360-9d6e-f46cf119167e} - c:\windows\system32\telonapi.dll
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-HijackThis - c:\docume~1\JOANNA~1\LOCALS~1\Temp\jvincmp3.tmp\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 19:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ShutterflyStudio = c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly?: /RegServer??????????????????????????es\Shutterfly\Studio\BIN\mmpartner_langres.dll?S??????????????????????????????????????????????????????????????????????????ALLUSERSPROFILE=C:\Documents and Set

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F31618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7530f28
\Driver\ACPI -> ACPI.sys @ 0xf73a3cb8
\Driver\atapi -> atapi.sys @ 0xf7317852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71afbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71bca21
SendHandler -> NDIS.sys @ 0xf719a87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-436374069-527237240-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:01,ca,cb,0c,e2,25,60,dd,00,2b,ab,39,02,7a,8b,06,51,c9,e5,c4,5b,
7e,00,f5,f5,a2,85,fd,60,d4,3f,0f,15,da,0f,d9,63,8c,1d,9c,24,af,b4,db,ba,15,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(1144)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\msuwuabo.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Apoint\Apntex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-11-29 20:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 02:14

Pre-Run: 45,162,463,232 bytes free
Post-Run: 45,124,681,728 bytes free

- - End Of File - - CD95056A8D818F4E405A69A9D93BF0D4

descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll30th November 2009, 2:55 am

more_horiz
error loading yaromido.dll Mbamicontw5 Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll30th November 2009, 3:46 am

more_horiz
Can i just start by saying that whoever created this virus is a jerk! lol

Okay, so I have encountered a problem . . .

After I install the Malware, I get an error message . . .

Unable to execute file: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

CreateProcess failes; code 2.
The system cannot find the file specified.


Okay, so I un-installed Malware and reinstalled it and I watched the File as the program was being installed, and "mbam.exe" erases itself right after installation. Did I do something wrong?

descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll30th November 2009, 4:34 am

more_horiz
Not at all.


  1. Download Win32kDiag from any of the following locations and save it to your Desktop.

  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

    • descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll30th November 2009, 4:56 am

    more_horiz
    BTW, Thanks soo much for helping me with this mess!

    Anywho, this is all that it gave me . . .

    Running from: C:\Documents and Settings\Joanna Kolton\Desktop\Win32kDiag.exe

    Log file at : C:\Documents and Settings\Joanna Kolton\Desktop\Win32kDiag.txt

    WARNING: Could not get backup privileges!

    Searching 'C:\WINDOWS'...





    Finished!

    descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll30th November 2009, 5:52 am

    more_horiz
    Re-running ComboFix to remove infections:

    1. Close any open browsers.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    3. Open notepad and copy/paste the text in the quotebox below into it:

      File::
      c:\windows\system32\msuwuabo.dll
      c:\windows\system32\caonima1.exe
      c:\windows\system32\fiworize.dll
      c:\windows\system32\saginewu.dll
      c:\windows\system32\sonumiwo.dll


      Folder::
      c:\program files\Viewpoint

      Registry::
      [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

      RegNull::
      [HKEY_USERS\S-1-5-21-436374069-527237240-682003330-1003\Software\SecuROM\License information*]
    4. Save this as CFScript.txt, in the same location as ComboFix.exe

      error loading yaromido.dll 2v3rg44

    5. Referring to the picture above, drag CFScript into ComboFix.exe
    6. When finished, it shall produce a log for you at C:\ComboFix.txt
    7. Please post the contents of the log in your next reply.

    descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll30th November 2009, 1:12 pm

    more_horiz
    ComboFix 09-11-29.03 - Joanna Kolton 11/30/2009 0:16.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.607 [GMT -6:00]
    Running from: c:\documents and settings\Joanna Kolton\Desktop\commy.exe
    Command switches used :: c:\documents and settings\Joanna Kolton\Desktop\CFscript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    FILE ::
    "c:\windows\system32\caonima1.exe"
    "c:\windows\system32\fiworize.dll"
    "c:\windows\system32\msuwuabo.dll"
    "c:\windows\system32\saginewu.dll"
    "c:\windows\system32\sonumiwo.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Viewpoint
    c:\program files\Viewpoint\Common\ViewpointService.exe
    c:\program files\Viewpoint\Common\VistaBoot.sdll
    c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
    c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
    c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
    c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
    c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETscriptInterpreter.dll
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
    c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
    c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
    c:\windows\system32\caonima1.exe
    c:\windows\system32\fiworize.dll
    c:\windows\system32\msuwuabo.dll
    c:\windows\system32\saginewu.dll
    c:\windows\system32\sonumiwo.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
    .

    2009-11-30 05:34 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-30 05:34 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-30 03:21 . 2009-11-30 03:21 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\Malwarebytes
    2009-11-30 03:01 . 2009-11-30 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-11-30 03:01 . 2009-11-30 05:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-29 21:50 . 2009-11-29 21:50 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\thecleaner
    2009-11-29 21:49 . 2009-11-30 03:36 -------- d-----w- c:\program files\The Cleaner
    2009-11-29 04:23 . 2009-11-29 04:23 165880 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-11-28 23:02 . 2009-11-28 23:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-11-28 06:35 . 2008-04-13 19:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
    2009-11-28 06:35 . 2008-04-13 19:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2009-11-28 06:25 . 2008-06-10 20:04 31048 ----a-w- c:\windows\system32\drivers\point32.sys
    2009-11-28 06:24 . 2009-11-28 06:25 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2009-11-28 06:18 . 2009-11-28 06:20 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2009-11-28 04:26 . 2008-04-13 19:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
    2009-11-28 04:26 . 2008-04-13 19:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
    2009-11-28 04:25 . 2008-04-13 19:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
    2009-11-28 04:25 . 2008-04-13 19:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
    2009-11-28 04:25 . 2008-04-13 19:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
    2009-11-28 04:25 . 2008-04-13 19:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
    2009-11-28 04:25 . 2008-04-13 19:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
    2009-11-28 04:25 . 2008-04-13 19:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
    2009-11-28 04:24 . 2008-04-13 19:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
    2009-11-28 04:24 . 2008-04-13 19:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
    2009-11-28 04:24 . 2008-04-13 19:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
    2009-11-28 04:24 . 2008-04-13 19:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
    2009-11-28 04:24 . 2008-04-13 19:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
    2009-11-28 04:24 . 2008-04-13 19:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
    2009-11-28 04:24 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2009-11-28 04:24 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
    2009-11-28 04:23 . 2008-04-14 01:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
    2009-11-28 04:23 . 2008-04-14 01:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
    2009-11-28 04:21 . 2009-07-24 21:05 676720 ----a-w- c:\windows\system32\LCCoin30.dll
    2009-11-28 04:21 . 2009-07-24 21:05 101232 ----a-w- c:\windows\VX3000.dll
    2009-11-28 04:21 . 2009-07-24 21:05 762208 ----a-w- c:\windows\vVX3000.exe
    2009-11-28 04:21 . 2009-07-24 21:05 227680 ----a-w- c:\windows\vVX3000.dll
    2009-11-28 04:21 . 2009-07-24 21:05 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
    2009-11-28 04:21 . 2009-07-24 21:05 175456 ----a-w- c:\windows\system32\cVX3000.dll
    2009-11-28 04:19 . 2009-11-28 04:20 -------- d-----w- c:\program files\Microsoft LifeCam
    2009-11-28 04:11 . 2007-07-20 00:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
    2009-11-28 04:10 . 2009-11-28 04:10 -------- d-----w- c:\windows\Logs
    2009-11-27 22:21 . 2004-03-24 15:12 4272 ----a-w- c:\windows\system32\drivers\bvrp_pci.sys
    2009-11-13 03:09 . 2009-11-23 00:56 79488 ----a-w- c:\documents and settings\Joanna Kolton\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-03 07:34 . 2009-11-02 12:42 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2009-11-02 12:30 . 2009-11-02 12:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
    2009-11-02 12:30 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
    2009-11-02 12:30 . 2009-11-02 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-11-02 12:30 . 2009-11-02 12:30 -------- d-----w- c:\program files\Lavasoft
    2009-11-01 19:09 . 2003-01-26 19:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
    2009-11-01 19:01 . 2009-11-01 19:01 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\AVS4YOU
    2009-11-01 19:01 . 2009-11-01 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
    2009-11-01 18:58 . 2009-11-01 19:11 -------- d-----w- c:\program files\Common Files\AVSMedia
    2009-11-01 18:58 . 2008-08-13 17:22 974848 ----a-w- c:\windows\system32\mfc70.dll
    2009-11-01 18:58 . 2008-08-13 17:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2009-11-01 18:58 . 2008-08-13 17:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
    2009-11-01 18:58 . 2009-11-01 19:11 -------- d-----w- c:\program files\AVS4YOU
    2009-11-01 18:58 . 2008-08-13 17:22 24576 ----a-w- c:\windows\system32\msxml3a.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-29 03:22 . 2009-05-02 18:04 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\BitTorrent
    2009-11-28 17:45 . 2008-08-15 05:11 56296 ----a-w- c:\documents and settings\Joanna Kolton\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-28 15:02 . 2009-02-27 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-11-28 13:23 . 2009-02-27 05:06 -------- d-----w- c:\program files\Microsoft Works
    2009-11-28 07:23 . 2008-08-18 16:38 45692 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-11-28 05:37 . 2008-08-30 07:04 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\Skype
    2009-11-28 04:13 . 2009-02-06 04:34 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\skypePM
    2009-11-27 22:21 . 2008-08-13 05:13 -------- d-----w- c:\program files\Modem Helper
    2009-11-10 22:45 . 2009-10-10 05:26 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2009-11-10 22:45 . 2009-09-22 03:34 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2009-11-10 22:45 . 2009-09-22 03:34 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2009-11-10 22:45 . 2009-09-22 03:34 83368 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2009-11-10 22:45 . 2009-09-22 03:34 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2009-11-10 22:45 . 2009-09-22 03:34 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2009-11-10 22:45 . 2009-09-22 03:34 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2009-11-10 22:45 . 2009-09-22 03:34 385312 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2009-11-10 22:45 . 2009-09-22 03:34 312552 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2009-11-10 22:45 . 2009-09-22 03:34 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2009-10-18 04:34 . 2009-10-18 04:34 766 ----a-r- c:\documents and settings\Joanna Kolton\Application Data\Microsoft\Installer\{269710E2-2F71-4A71-A69E-516607E0B17F}\_734ed2d.exe
    2009-10-18 04:34 . 2009-10-18 04:34 766 ----a-r- c:\documents and settings\Joanna Kolton\Application Data\Microsoft\Installer\{269710E2-2F71-4A71-A69E-516607E0B17F}\_683d2f33.exe
    2009-10-18 04:34 . 2009-10-18 04:34 766 ----a-r- c:\documents and settings\Joanna Kolton\Application Data\Microsoft\Installer\{269710E2-2F71-4A71-A69E-516607E0B17F}\_1b55778f.exe
    2009-10-18 04:33 . 2009-10-18 04:33 1916 ----a-w- c:\program files\Shortcut to PossessionsMatters3.exe.lnk
    2009-10-18 04:33 . 2009-10-18 04:33 -------- d-----w- c:\program files\PossessionsMatters3
    2009-10-17 06:07 . 2009-10-17 06:07 127872 ----a-w- c:\documents and settings\Joanna Kolton\Application Data\Move Networks\uninstall.exe
    2009-10-17 06:07 . 2009-02-26 03:16 -------- d-----w- c:\documents and settings\Joanna Kolton\Application Data\Move Networks
    2009-10-17 06:07 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Joanna Kolton\Application Data\Move Networks\plugins\npqmp071503000010.dll
    2009-10-12 03:56 . 2009-10-12 03:56 -------- d-----w- c:\program files\WhiskeyMilitia
    2009-09-28 03:22 . 2009-09-28 03:22 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
    2009-09-23 12:55 . 2009-11-02 12:42 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-08 03:11 . 2009-09-08 03:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-11-30_00.43.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-11-30 06:39 . 2009-11-30 06:39 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
    - 2008-08-11 08:10 . 2009-11-30 00:38 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-08-11 08:10 . 2009-11-30 06:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-08-11 08:10 . 2009-11-30 00:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-08-11 08:10 . 2009-11-30 06:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-08-11 08:10 . 2009-11-30 06:39 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2008-08-11 08:10 . 2009-11-30 00:38 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-07-18 03:20 . 2009-11-30 06:39 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    - 2009-07-18 03:20 . 2009-11-30 00:38 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2009-05-09 06:14 . 2009-05-09 07:14 1418120 c:\windows\system32\wdfcoinstaller01005.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-03 68856]
    "ShutterflyStudio"="c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2008-05-07 2500096]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [BU]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
    "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-02-19 438272]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-11-14 1175832]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
    "VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "ropovigeb"="c:\windows\system32\telonapi.dll" [BU]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
    "papesopamo"="zavuzogo.dll" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [BU]

    c:\documents and settings\Joanna Kolton\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
    WePrint Server.lnk - c:\weprint\WePrint Server.exe [2009-6-4 2100432]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-5-31 577597]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 23:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WePrint\\WePrint Server.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=
    "c:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
    "c:\\Program Files\\Microsoft IntelliType Pro\\itype.exe"=
    "c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
    "c:\\Program Files\\Apoint\\ApntEx.exe"=
    "c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/2/2009 6:42 AM 64288]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/21/2009 9:34 PM 82952]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1179232]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/2/2008 9:31 PM 206096]
    R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/21/2009 9:34 PM 270968]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [9/21/2009 9:34 PM 270968]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [10/9/2009 11:27 PM 187112]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [10/9/2009 11:26 PM 141792]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2/19/2008 1:15 AM 106496]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/21/2009 9:34 PM 55456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/21/2009 9:34 PM 312552]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [9/21/2009 9:34 PM 88480]
    S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\Seagate\Sync\SeaSyncServices.exe" --> c:\program files\Seagate\Sync\SeaSyncServices.exe [?]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/21/2009 9:34 PM 88480]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/21/2009 9:34 PM 83368]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:42]

    2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

    2009-11-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
    - c:\program files\Microsoft IntelliType Pro\itype.exe [2008-06-10 19:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{b0830eae-0f4e-4775-9171-58a1ec181282} - saginewu.dll
    HKLM-Run-irpzmk - c:\windows\system32\msuwuabo.dll
    AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-30 00:42
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hȋdden processes ...

    scanning hȋdden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    ShutterflyStudio = c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly?: /RegServer??????????????????????????es\Shutterfly\Studio\BIN\mmpartner_langres.dll?S??????????????????????????????????????????????????????????????????????????ALLUSERSPROFILE=C:\Documents and Set

    scanning hȋdden files ...

    scan completed successfully
    hȋdden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F33618]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7530f28
    \Driver\ACPI -> ACPI.sys @ 0xf73a3cb8
    \Driver\atapi -> atapi.sys @ 0xf7317852
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
    ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
    ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
    NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xf71afbb0
    PacketIndicateHandler -> NDIS.sys @ 0xf71bca21
    SendHandler -> NDIS.sys @ 0xf719a87b
    user & kernel MBR OK

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1076)
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Intel\Wireless\Bin\LgNotify.dll

    - - - - - - - > 'lsass.exe'(1140)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(5316)
    c:\windows\system32\WININET.dll
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Apoint\Apntex.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2009-11-30 01:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-11-30 07:01
    ComboFix2.txt 2009-11-30 02:15

    Pre-Run: 45,662,457,856 bytes free
    Post-Run: 45,615,271,936 bytes free

    - - End Of File - - CD246D4712E8BA6A56177C17367F6126

    descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll30th November 2009, 8:03 pm

    more_horiz
    Download SuperAntiSpyware

    • Load SuperAntiSpyware and click the Check for updates button.
    • Once the update is finished click the Scan your computer button.
    • Check Perform Complete Scan and then next.
    • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
    • Make sure that they all have a check next to them and press next.
    • Click finish and you will be taken back to the main interface.
    • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
    • Copy and paste the log onto the forum.

    descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll11th December 2009, 6:06 am

    more_horiz
    Hello DragonMaster Jay,

    I apologize for the long delay, but my computer died. I started it up and it went straight to a blue screen. So I just ended up re-formatting it and starting all over.

    Thanks for your help anyway!!!

    descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll11th December 2009, 2:11 pm

    more_horiz
    Thanks for letting me know.

    => SOLVED

    descriptionerror loading yaromido.dll EmptyRe: error loading yaromido.dll

    more_horiz
    privacy_tip Permissions in this forum:
    You cannot reply to topics in this forum