Inactive What is winyaw32.rom error?

Status
Not open for further replies.

datofarid

Posts: 26   +1
error to ....... winyaw32.rom ROM file.

hello i've been receiving this kind of message everytime i turn my laptop on.
it started like 4 days ago.
i tried to searched but couldnt find anything related to this except for winyaw32.dll which known as a threat.
 
Please read the directions given here and when done, post the requested logs.
Please do not attach the logs unless requested, or they are to large to paste.

==

We should be able to sort it out for you.
 
MBAM log.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16/8/2010 1:13:42 AM
mbam-log-2010-08-16 (01-13-42).txt

Scan type: Quick scan
Objects scanned: 119418
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssmsgs (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yahoo messengger (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
 

Attachments

  • dds.zip
    9.8 KB · Views: 0
Please do not attach as a zip file. Just the txt format please. I have no desire to unzip a file on my pc from an infected pc :).
 
And the Gmer log as requested please.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.
Back