Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 



Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page something called yapiniti.dll
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 03-02-2009, 10:25 PM   #1 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 6
OS: Windows XP


something called yapiniti.dll
OK something called
yapiniti.dll is bugging my SpyCatcher
its a thing that keeps popping up if I turn off spycatcher
I know its already stopped
but the spycatcher is slowing down my CPU when its stopping it
it opens every second
Spy catcher directed me to C:/Windows/System32/yapiniti.dll
but when I checked the file wasnt there I tried deleting it with a CMD window I tried opening it with CMD and it worked I dont know but its like a ghost malware I know little about these things so help!


Ne wayz here are my logs and stuff


DDS (Ver_09-02-01.01) - FAT32x86
Run by Joshua at 20:33:42.26 on 02/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.768.226 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\system32\svchost.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\WINDOWS\system32\taskmagr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Joshua\Desktop\dds.scr
C:\Program Files\iTunes\iTunes.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.ez-tracks.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm860MFCA&fl=0&ptb=OyeO7ohJ.SI6f7ydDBuGDg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.defaulthomepage.info
mStart Page = hxxp://home.ez-tracks.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {53934df1-8469-4b78-bb3e-9c757e07de20} - c:\windows\system32\pihemova.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {b43c0f8d-92ca-155b-dda4-f8491db567d6}: {6d765bd1-948f-4add-b551-ac29d8f0c34b} - c:\windows\system32\xxiepd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Skype Control Class: {9018f6a8-2495-45df-9f16-c738f8f3c8ff} - c:\windows\system32\SkypeComm.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~2\MEGAUP~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Little Fighter 2 Toolbar Helper: {ae90c38c-97cf-4696-b290-c7973dc9675e} - c:\program files\little fighter 2 toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6253\SiteAdv.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~2\MEGAUP~1.DLL
TB: Little Fighter 2 Toolbar: {c3cd744d-2fae-4640-8297-16b5da423104} - c:\program files\little fighter 2 toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {74CC49F7-EB32-4A08-B204-948962A6E3DB} - No File
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - c:\windows\system32\BROWSEUI.DLL
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [322b12a7] rundll32.exe "c:\windows\system32\zajeyema.dll",b
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SystemTray] SysTray.Exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [ClientGW]
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [SpyCatcher Reminder] c:\program files\spycatcher\SpyCatcher.exe reminder
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [Flashget] c:\program files\flashget\FlashGet.exe /min
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [yujilibobe] Rundll32.exe "c:\windows\system32\fihijazo.dll",s
mRun: [322b12a7] rundll32.exe "c:\windows\system32\zajeyema.dll",b
mRun: [CPM3118213b] Rundll32.exe "c:\windows\system32\dogejuhu.dll",a
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\joshua\startm~1\programs\startup\schedu~1.lnk - c:\program files\spycatcher\Scheduler daemon.exe
StartupFolder: c:\documents and settings\joshua\start menu\programs\startup\DesktopComic.exe
StartupFolder: c:\docume~1\joshua\startm~1\programs\startup\autoba~1.lnk - c:\program files\memeo\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\joshua\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office12\GROOVE.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spycat~1.lnk - c:\program files\spycatcher\Protector.exe
uPolicies-explorer: EditLevel = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm860MFCA
IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\megaupload\mega manager\mm_file.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\system\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Win32 Classes
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} - hxxp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - hxxp://down.hangame.com/dist/activex/HanGamePlugin19.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6253\SiteAdv.dll
Notify: Fly - smart.dll
AppInit_DLLs: secuload.dll,c:\progra~1\google\google~3\goec62~1.dll,c:\windows\system32\rlai.dll,c:\windows\system32\rlai.dll,c:\progra~1\google\google~1\goec62~1.dll,c:\windows\system32\yapiniti.dll,c:\windows\system32\dogejuhu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\dogejuhu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\dogejuhu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\windows\system32\yapiniti.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joshua\applic~1\mozilla\firefox\profiles\sv0ouu29.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\joshua\application data\mozilla\firefox\profiles\sv0ouu29.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\progra~1\mozill~1\plugins\np_gp.dll
FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R0 FILELOCK;FILELOCK;c:\windows\system32\drivers\FLockXP.sys [2007-7-20 25930]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2009-3-2 25784]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-8-23 33824]
R2 CSIScanner;CSIScanner;c:\program files\prevxcsi\prevxcsi.exe [2009-3-2 878648]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-10-15 237784]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM V1.01 (Envy24HT-S Eval. Only);c:\windows\system32\drivers\Envy24HF.sys [2006-9-2 561144]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2008-1-16 29184]
S2 gupdate1c99a0511ff297e;Google Update Service (gupdate1c99a0511ff297e);c:\program files\google\update\GoogleUpdate.exe [2009-2-28 133104]
S3 CEDRIVER53;CEDRIVER53;c:\program files\cheat engine\dbk32.sys [2008-10-13 35840]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-1-6 33752]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-2 30192]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-3-17 40832]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 XDva032;XDva032;\??\c:\windows\system32\xdva032.sys --> c:\windows\system32\XDva032.sys [?]

=============== Created Last 30 ================

2009-03-02 18:50 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\~0
2009-03-02 18:50 <DIR> --d----- c:\program files\Lavasoft
2009-03-02 17:10 25,784 a------- c:\windows\system32\drivers\pxark.sys
2009-03-02 17:10 <DIR> --d----- c:\program files\PrevxCSI
2009-03-02 17:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-03-02 16:35 <DIR> --d----- c:\docume~1\joshua\applic~1\PE Explorer
2009-03-02 16:35 <DIR> --d----- c:\program files\PE Explorer
2009-03-01 22:57 1,694,220 ---sh--- c:\windows\system32\ameyejaz.ini
2009-03-01 22:57 144,896 a--sh--- c:\windows\system32\zhhpss.dll
2009-03-01 22:57 110,080 a--sh--- c:\windows\system32\dogejuhu.dll
2009-03-01 22:56 144,896 a--sh--- c:\windows\system32\fidetiga.dll
2009-03-01 22:56 103,936 a--sh--- c:\windows\system32\zajeyema.dll
2009-03-01 10:57 1,694,220 ---sh--- c:\windows\system32\ugifufak.ini
2009-03-01 10:57 143,360 a--sh--- c:\windows\system32\iatmbw.dll
2009-03-01 10:57 143,360 a--sh--- c:\windows\system32\nejopoyi.dll
2009-03-01 10:57 110,080 a--sh--- c:\windows\system32\wadejino.dll
2009-03-01 09:46 87,608 a------- c:\docume~1\joshua\applic~1\inst.exe
2009-03-01 09:46 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-01 09:46 47,360 a------- c:\docume~1\joshua\applic~1\pcouffin.sys
2009-03-01 09:46 102,439 a------- c:\windows\system32\sipr3260.dll
2009-03-01 09:46 217,127 a------- c:\windows\system32\drv43260.dll
2009-03-01 09:46 208,935 a------- c:\windows\system32\drv33260.dll
2009-03-01 09:46 176,165 a------- c:\windows\system32\drv23260.dll
2009-03-01 09:46 65,602 a------- c:\windows\system32\cook3260.dll
2009-03-01 09:46 1,184,984 a------- c:\windows\system32\wvc1dmod.dll
2009-03-01 09:46 626,688 a------- c:\windows\system32\vp7vfw.dll
2009-03-01 09:45 <DIR> --d----- c:\program files\VSO
2009-02-28 22:57 1,694,207 ---sh--- c:\windows\system32\uyadehil.ini
2009-02-28 22:57 143,360 a--sh--- c:\windows\system32\xxiepd.dll
2009-02-28 22:57 109,568 a--sh--- c:\windows\system32\munovolu.dll
2009-02-28 22:56 103,936 -------- c:\windows\system32\lihedayu.dll
2009-02-28 22:56 143,360 a--sh--- c:\windows\system32\rakubuse.dll
2009-02-28 22:51 70,656 a--sh--- c:\windows\system32\yapiniti.dll
2009-02-28 22:51 70,656 a--sh--- c:\windows\system32\pihemova.dll
2009-02-28 22:51 70,656 a--sh--- c:\windows\system32\fihijazo.dll
2009-02-28 22:51 6,456 a---h--- c:\windows\system32\fulesemu
2009-02-28 18:38 <DIR> --d----- c:\program files\common files\xing shared
2009-02-28 18:37 348,160 a------- c:\windows\system32\pnup0.dll
2009-02-28 16:10 <DIR> --d----- c:\program files\Little Fighter 2.5 - v2.0
2009-02-24 17:11 <DIR> --d----- c:\program files\BrineSoft
2009-02-23 17:29 232,846 a------- c:\windows\Little_Fighter_2_Toolbar_Uninstaller_5890.exe
2009-02-23 17:29 <DIR> --d----- c:\program files\Little Fighter 2 Toolbar
2009-02-23 17:28 <DIR> --d----- c:\program files\LittleFighter2
2009-02-21 08:11 <DIR> --d----- c:\program files\Bots
2009-02-20 22:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-02-17 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Megaupload
2009-02-17 23:17 <DIR> --d----- c:\docume~1\joshua\applic~1\EmailNotifier
2009-02-13 23:07 <DIR> --d----- c:\program files\Pando Networks
2009-02-09 09:47 <DIR> --d----- c:\program files\Password Recovery for MSN
2009-02-09 05:40 <DIR> --d----- c:\program files\DemonicSoftware

==================== Find3M ====================

2009-03-02 19:30 25,930 a------- c:\windows\system32\drivers\FLockXP.sys
2009-03-02 15:37 98,304 a------- c:\windows\DUMP596a.tmp
2009-02-22 17:16 15,124 a------- c:\docume~1\joshua\applic~1\wklnhst.dat
2009-02-21 11:02 82,856 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-19 01:10 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 01:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 21:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 21:23 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 03:57 333,184 a------- c:\windows\system32\dllcache\srv.sys
2008-09-29 09:50 0 a------- c:\documents and settings\joshua\jagex_runescape_preferences.dat
2008-04-03 18:09 61,800 a------- c:\docume~1\joshua\applic~1\GDIPFONTCACHEV1.DAT
2008-01-01 17:17 2,379,862 a------- c:\program files\No_limit_Winmugen_patch.zip
2006-09-02 10:29 271 ---sh--- c:\program files\desktop.ini
2004-08-04 12:00 94,784 ---sh--- c:\windows\twain.dll
2004-08-04 12:00 50,688 ---sh--- c:\windows\twain_32.dll
2008-03-25 18:29 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-03-25 18:29 56 ---shr-- c:\windows\system32\1B63C507BD.sys
2008-07-09 09:46 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070920080710\index.dat
2004-08-04 12:00 60,416 a--sh--- c:\windows\bricopacks\sysfiles\80_msimn.exe

============= FINISH: 20:42:51.53 ===============

more info:

if I shut down SpyCatcher it spams my internet with virus infected ads
Attached Files
File Type: zip Attach.zip.zip (6.9 KB, 1 views)
xXshraakXx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-04-2009, 06:53 PM   #2 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 12,134
OS: XP Home, Pro SP3; Win 7


Re: something called yapiniti.dll
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2009, 12:20 AM   #3 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 6
OS: Windows XP


Re: something called yapiniti.dll
cool thank you

I'll scan tmrw today I have to get to sleep
xXshraakXx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2009, 05:18 PM   #4 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 6
OS: Windows XP


Re: something called yapiniti.dll
Aight heres the Combofix txt


ComboFix 09-03-04.01 - Joshua 2009-03-04 23:27:56.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.768.228 [GMT -8:00]
Running from: c:\documents and settings\Joshua\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\Joshua\Application Data\inst.exe
c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
c:\windows\search_res.txt
c:\windows\system32\ameyejaz.ini
c:\windows\system32\anotorin.ini
c:\windows\system32\balomane.dll
c:\windows\system32\disk.dll
c:\windows\system32\dogejuhu.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dugiwise.dll
c:\windows\system32\duwibiho.dll
c:\windows\system32\ekkyvv.dll
c:\windows\system32\evodamim.ini
c:\windows\system32\fidetiga.dll
c:\windows\system32\fihijazo.dll
c:\windows\system32\hizapego.dll
c:\windows\system32\iatmbw.dll
c:\windows\system32\ICON.ico
c:\windows\system32\kiyajeru.dll
c:\windows\system32\ldpackage.dll
c:\windows\system32\lihedayu.dll
c:\windows\system32\luqcdh.dll
c:\windows\system32\mimadove.dll
c:\windows\system32\model.dat
c:\windows\system32\munovolu.dll
c:\windows\system32\nejopoyi.dll
c:\windows\system32\nirotona.dll
c:\windows\system32\niwaluyu.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pihemova.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\rakubuse.dll
c:\windows\system32\rlxf.dll
c:\windows\system32\silc_dll.dll
c:\windows\system32\SkypeComm.dll
c:\windows\system32\taskmagr.exe
c:\windows\system32\tpxofs.dll
c:\windows\system32\ugifufak.ini
c:\windows\system32\uyadehil.ini
c:\windows\system32\uyulawin.ini
c:\windows\system32\vafedewe.dll
c:\windows\system32\wadejino.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wmdmpmsvc.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\xxiepd.dll
c:\windows\system32\zhhpss.dll
c:\windows\Web\default.htt

Infected copy of c:\windows\system32\spoolsv.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\spoolsv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_OREANS32
-------\Service_NPF
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-04 20:58 . 2009-03-04 20:58 <DIR> d-------- c:\documents and settings\Joshua\Application Data\Synthesia
2009-03-04 20:57 . 2009-03-04 20:57 <DIR> d-------- c:\windows\LastGood.Tmp
2009-03-04 20:56 . 2009-03-04 20:56 <DIR> d-------- c:\program files\Synthesia
2009-03-03 16:44 . 2009-03-03 16:44 <DIR> d-------- c:\program files\Resource Tuner
2009-03-03 16:44 . 2009-03-03 16:44 <DIR> d-------- c:\documents and settings\Joshua\Application Data\Resource Tuner
2009-03-02 20:50 . 2009-03-02 21:02 250 --a------ c:\windows\gmer.ini
2009-03-02 18:50 . 2009-03-02 18:50 <DIR> d-------- c:\program files\Lavasoft
2009-03-02 18:50 . 2009-03-02 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-02 18:50 . 2009-03-02 18:50 <DIR> d--h----- c:\documents and settings\All Users\Application Data\~0
2009-03-02 17:10 . 2009-03-02 17:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-03-02 16:35 . 2009-03-02 16:35 <DIR> d-------- c:\program files\PE Explorer
2009-03-02 16:35 . 2009-03-02 16:35 <DIR> d-------- c:\documents and settings\Joshua\Application Data\PE Explorer
2009-03-01 09:46 . 2009-03-01 09:46 <DIR> d-------- c:\documents and settings\Joshua\Application Data\Vso
2009-03-01 09:46 . 2006-05-20 16:16 1,184,984 --a------ c:\windows\SYSTEM32\wvc1dmod.dll
2009-03-01 09:46 . 2006-05-11 19:21 626,688 --a------ c:\windows\SYSTEM32\vp7vfw.dll
2009-03-01 09:46 . 2006-09-29 12:24 217,127 --a------ c:\windows\SYSTEM32\drv43260.dll
2009-03-01 09:46 . 2006-09-29 12:25 208,935 --a------ c:\windows\SYSTEM32\drv33260.dll
2009-03-01 09:46 . 2006-09-29 12:26 176,165 --a------ c:\windows\SYSTEM32\drv23260.dll
2009-03-01 09:46 . 2002-12-10 02:20 102,439 --a------ c:\windows\SYSTEM32\sipr3260.dll
2009-03-01 09:46 . 2007-03-18 20:37 65,602 --a------ c:\windows\SYSTEM32\cook3260.dll
2009-03-01 09:46 . 2009-03-01 09:46 47,360 --a------ c:\windows\SYSTEM32\DRIVERS\pcouffin.sys
2009-03-01 09:46 . 2009-03-01 09:46 47,360 --a------ c:\documents and settings\Joshua\Application Data\pcouffin.sys
2009-03-01 09:45 . 2009-03-01 09:45 <DIR> d-------- c:\program files\VSO
2009-02-28 22:51 . 2009-02-28 22:51 70,656 --ah----- c:\windows\SYSTEM32\yapiniti.dll.(1).bak
2009-02-28 22:51 . 2009-03-03 16:52 68,608 --a------ c:\windows\SYSTEM32\pwn3d.pwnd
2009-02-28 22:51 . 2009-03-04 23:29 6,456 --ah----- c:\windows\SYSTEM32\fulesemu
2009-02-28 18:38 . 2009-02-28 18:38 <DIR> d-------- c:\program files\Common Files\xing shared
2009-02-28 18:37 . 2009-02-28 18:37 348,160 --a------ c:\windows\SYSTEM32\pnup0.dll
2009-02-28 16:26 . 2009-02-28 16:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-02-28 16:10 . 2009-02-28 16:10 <DIR> d-------- c:\program files\Little Fighter 2.5 - v2.0
2009-02-24 17:11 . 2009-02-24 17:11 <DIR> d-------- c:\program files\BrineSoft
2009-02-23 17:29 . 2009-02-23 17:29 <DIR> d-------- c:\program files\Little Fighter 2 Toolbar
2009-02-23 17:29 . 2009-02-23 17:29 232,846 --a------ c:\windows\Little_Fighter_2_Toolbar_Uninstaller_5890.exe
2009-02-23 17:28 . 2009-02-23 17:28 <DIR> d-------- c:\program files\LittleFighter2
2009-02-21 08:11 . 2009-02-21 08:11 <DIR> d-------- c:\program files\Bots
2009-02-20 22:28 . 2009-02-20 22:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2009-02-19 03:57 . 2009-02-19 03:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\EmailNotifier
2009-02-18 01:03 . 2009-02-18 01:03 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\EmailNotifier
2009-02-17 23:17 . 2009-02-17 23:17 <DIR> d-------- c:\documents and settings\Joshua\Application Data\EmailNotifier
2009-02-17 23:17 . 2009-02-17 23:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Megaupload
2009-02-13 23:07 . 2009-02-13 23:07 <DIR> d-------- c:\program files\Pando Networks
2009-02-09 09:47 . 2009-02-09 09:47 <DIR> d-------- c:\program files\Password Recovery for MSN
2009-02-09 05:40 . 2009-02-09 05:40 <DIR> d-------- c:\program files\DemonicSoftware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 07:31 25,930 ----a-w c:\windows\system32\drivers\FLockXP.sys
2009-03-02 23:37 98,304 ----a-w c:\windows\DUMP596a.tmp
2009-02-23 01:16 15,124 ----a-w c:\documents and settings\Joshua\Application Data\wklnhst.dat
2009-01-25 20:59 --------- d-----w c:\program files\CCleaner
2009-01-20 02:49 --------- d-----w c:\program files\Utherverse Digital Inc
2009-01-20 02:49 --------- d-----w c:\documents and settings\All Users\Application Data\{F61B5A0B-822D-4173-BFD0-A948FC431FEB}
2009-01-16 03:50 --------- d-----w c:\documents and settings\Joshua\Application Data\KompoZer
2009-01-09 02:48 --------- d-----w c:\program files\ezt
2009-01-07 02:05 --------- d-----w c:\program files\NOS
2009-01-07 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-09-29 17:50 0 ----a-w c:\documents and settings\Joshua\jagex_runescape_preferences.dat
2008-04-04 02:09 61,800 ----a-w c:\documents and settings\Joshua\Application Data\GDIPFONTCACHEV1.DAT
2008-01-02 01:17 2,379,862 ----a-w c:\program files\No_limit_Winmugen_patch.zip
2006-09-02 18:29 271 --sh--w c:\program files\desktop.ini
2009-02-26 00:05 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2004-08-04 20:00 94,784 --sh--w c:\windows\twain.dll
2004-08-04 20:00 50,688 --sh--w c:\windows\twain_32.dll
2008-03-26 02:29 848 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-03-26 02:29 56 --sh--r c:\windows\SYSTEM32\1B63C507BD.sys
2008-07-09 17:46 32,768 --sha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070920080710\index.dat
2004-08-04 20:00 60,416 --sha-w c:\windows\BricoPacks\SysFiles\80_msimn.exe
.

------- Sigcheck -------

2007-06-13 03:23 975360 9784e0719124e4a23989aef9e7ca02d6 c:\windows\explorer.exe
2007-06-13 04:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 03:23 975360 9784e0719124e4a23989aef9e7ca02d6 c:\windows\SYSTEM32\dllcache\explorer.exe
2008-04-13 17:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 12:44 1947080 --a------ c:\progra~1\MEGAUP~2\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~2\MEGAUP~1.DLL" [2008-08-04 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 5728112]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-15 931248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-24 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"SpyCatcher Reminder"="c:\program files\SpyCatcher\SpyCatcher.exe" [2007-07-09 103864]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-25 30192]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Joshua\Start Menu\Programs\Startup\
Scheduler.lnk - c:\program files\SpyCatcher\Scheduler daemon.exe [2007-09-23 86133]
DesktopComic.exe [2006-04-13 1056291]
AutoBackup Launcher.lnk - c:\program files\Memeo\AutoBackup\MemeoLauncher.exe [2007-02-08 211992]
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2007-08-29 340856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SpyCatcher Protector.lnk - c:\program files\SpyCatcher\Protector.exe [2007-09-23 91576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"vidc.avrn"= AvidAVICodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2004-03-24 03:41 1294446 c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 11:50 155648 c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"NvCplDaemon"=RUNDLL32.EXE c:\windows\SYSTEM32\NVCPL.DLL,NvStartup
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE c:\windows\SYSTEM32\NVMCTRAY.DLL,NvTaskbarInit
"EnvyHFCPL"=c:\program files\Envy24\EnMixCPL.exe
"AVG7_CC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
"AVG7_EMC"=c:\progra~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
"AVG7_AMSVR"=c:\progra~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\System32\\dlcgcoms.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\dlcgpswx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bots\\BOTS.DAT"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Seagate\\SystemTray\\StxMenuMgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"58918:TCP"= 58918:TCP:Pando Media Booster
"58918:UDP"= 58918:UDP:Pando Media Booster

R0 FILELOCK;FILELOCK;c:\windows\SYSTEM32\DRIVERS\FLockXP.sys [2007-07-20 25930]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SYSTEM32\WebUpdateSvc4.exe [2007-10-15 237784]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM V1.01 (Envy24HT-S Eval. Only);c:\windows\SYSTEM32\DRIVERS\Envy24HF.sys [2006-09-02 561144]
R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\SYSTEM32\DRIVERS\libusb0.sys [2008-01-16 29184]
S2 gupdate1c99a0511ff297e;Google Update Service (gupdate1c99a0511ff297e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 133104]
S3 CEDRIVER53;CEDRIVER53;c:\program files\Cheat Engine\dbk32.sys [2008-10-13 35840]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-06 33752]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-11-02 30192]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [2008-03-17 40832]
S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys --> c:\windows\system32\XDva032.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WMIAPSRV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{55E24AD2-DA5C-C1E2-12D1-A32D214AA1BC}]
c:\windows\mshyet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder

2009-03-05 c:\windows\Tasks\PCHealth Scheduler for Data Collection.job
- c:\windows\PCHEALTH\SUPPORT\PCHSCHD.EXE []

2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-05 c:\windows\Tasks\User_Feed_Synchronization-{7B4CF7CE-253B-430D-B7D9-4E8CE7C38A4D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

2009-03-05 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 16:31]

2009-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-28 16:26]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
BHO-{53934df1-8469-4b78-bb3e-9c757e07de20} - c:\windows\system32\pihemova.dll
BHO-{6d765bd1-948f-4add-b551-ac29d8f0c34b} - c:\windows\system32\xxiepd.dll
BHO-{AE90C38C-97CF-4696-B290-C7973DC9675E} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
Toolbar-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-322b12a7 - c:\windows\system32\niwaluyu.dll
HKCU-Run-yujilibobe - c:\windows\system32\fihijazo.dll
HKLM-Run-ClientGW - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.ez-tracks.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm860MFCA&fl=0&ptb=OyeO7ohJ.SI6f7ydDBuGDg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
mStart Page = hxxp://home.ez-tracks.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm860MFCA
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Win32 Classes
DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} - hxxp://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} - hxxp://down.hangame.com/dist/activex/HanGamePlugin19.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Joshua\Application Data\Mozilla\Firefox\Profiles\sv0ouu29.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Joshua\Application Data\Mozilla\Firefox\Profiles\sv0ouu29.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 23:33:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-308236825-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*<%§*T%]
@Class="Shell"

[HKEY_USERS\S-1-5-21-839522115-308236825-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*<%§*T%\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{670ac596-1ca2-4b97-ac4b-db1790a0c0f0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000f2
"Therad"=dword:0000000f
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,be,36,c3,70,74,d0,90,f2,7b,bc,6d,1e,ba,55,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):03,d0,98,eb,8a,cb,80,e1,52,d8,ea,5b,28,46,da,62,a1,11,a2,9f,08,
53,f5,db,21,47,fc,ef,b0,56,7b,36,c0,ff,19,be,50,1e,a2,4e,00,00,00,00,00,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AHEAD\INCD\INCDSRV.EXE
c:\program files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\MEMEO\AUTOBACKUP\MEMEOSERVICE.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
c:\windows\SYSTEM32\LIBUSBD-NT.EXE
c:\nexon\MABINOGI\NPKCMSVC.EXE
c:\program files\SITEADVISOR\6253\SASERVICE.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\DLCGCOMS.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2009-03-04 23:40:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-05 07:40:54

Pre-Run: 6,319,767,552 bytes free
Post-Run: 6,494,322,688 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout =30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=0 Default=0 Failed=2 LastKnownGood=3 Sets=,2,3,4
412 --- E O F --- 2009-02-25 11:00:45
xXshraakXx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2009, 06:09 PM   #5 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 12,134
OS: XP Home, Pro SP3; Win 7


Re: something called yapiniti.dll
Hello xXshraakXx.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

I see you have FlashGet installed on your system. We recommend uninstalling it via Add or Remove Programs in your Control Panel.

Please read here and here

------------------------------------------------------

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/351996-something-called-yapiniti-dll.html#post2006888

Collect::
c:\windows\SYSTEM32\yapiniti.dll.(1).bak
c:\windows\SYSTEM32\fulesemu

RegNull::
[HKEY_USERS\S-1-5-21-839522115-308236825-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*<%§*T%]
[HKEY_USERS\S-1-5-21-839522115-308236825-725345543-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*<%§*T%\OpenWithList]

File::
c:\windows\Tasks\PCHealth Scheduler for Data Collection.job
c:\windows\Tasks\Ad-Aware Update (Weekly).job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{670ac596-1ca2-4b97-ac4b-db1790a0c0f0}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm860MFCA&fl=0&ptb=OyeO7ohJ.SI6f7ydDBuGDg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm860MFCA

FixCSet::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000

DirLook::
c:\documents and settings\All Users\Application Data\~0
c:\program files\Bots

FileLook::
c:\windows\SYSTEM32\pwn3d.pwnd

FCopy::
c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe | c:\windows\explorer.exe
c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe | c:\windows\SYSTEM32\dllcache\explorer.exe

Driver::
XDva032
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
Last edited by chemist; 03-05-2009 at 06:15 PM.
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2009, 08:26 PM   #6 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 6
OS: Windows XP


Re: something called yapiniti.dll
what files are these going to collect
xXshraakXx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2009, 08:30 PM   #7 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 12,134
OS: XP Home, Pro SP3; Win 7


Re: something called yapiniti.dll
Did you mention something about yapiniti.dll?
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2009, 08:55 PM   #8 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 6
OS: Windows XP


Re: something called yapiniti.dll
yeah

ok I'll start scanning
xXshraakXx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-09-2009, 06:47 AM   #9 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 12,134
OS: XP Home, Pro SP3; Win 7


Re: something called yapiniti.dll
Still with us? Any trouble with those last instructions?
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-13-2009, 08:48 AM   #10 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 12,134
OS: XP Home, Pro SP3; Win 7


Re: something called yapiniti.dll
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:18 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2010, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85