Startup Error Loading Yaniicjd.dll

Hi,


I'm very new to the Forum having had problems with Norton 360, AVG and now I have BD. Which I must say is performing very sweetly compared to the others.


I had some Vundo infections which were eventually removed by BD. The final four manually removed was thanks to Cris's very precise instructions in "How to".


For an absolutely clean system I need some advice regarding two POP UP's i get on startup.


1. Error loading C:\WINDOWS\System32\yaniicjd.dll


2. Error loading C:\WINDOWS\System32\unbxenmo.dll


BTW, I have XP.


I have used Cris's other advice and tried to remove via System Configuration Utility - Startup and unchecked these items, but, on Restart I get another pop up that saus that I must Open with Normal Startup. Which puts the checks back in. I have tried to do the same via Safe Mode and the same occurs.


Searches for these two (yaniicjd and unbxenmo) anywhere, comes up with blanks.


I need your help to solve this problem and get me on the road to being a very new and happy BD User.


Thanks


John

Comments

  • alexcrist
    alexcrist
    edited May 2008

    Hello John,


    Please post a ComboFix and a HijackThis log (pleas make the Combofix log first, and the HJT log second).


    Cris.

  • Hello John,


    Please post a ComboFix and a HijackThis log (pleas make the Combofix log first, and the HJT log second).


    Cris.


    Hi Cris,


    thanks for your prompt response. This will be my first shot at using Combofix and HJT. So please bear with me. I did not mention that BD has identified 138 other items which looked like they were Quarantined. So I thought they were not significant. However BD sasy they are still active. And, with a bit of luck, These downloads will ID them.


    Cheers,


    John

  • alexcrist
    alexcrist
    edited May 2008

    Oh, one more thing (I hope it's not too late): ComboFix will try to automatically remove the infections it detects. For this reason, it might be a very good idea to disable BitDefender (and any other protection) before runnoing it, so nothing will interfere in the cleaning process. :)


    If you already ran ComboFix (with or without disabling BD), just post the log it already created. We'll see what needs to be done next.


    Cris.

  • Oh, one more thing (I hope it's not too late): ComboFix will try to automatically remove the infections it detects. For this reason, it might be a very good idea to disable BitDefender (and any other protection) before runnoing it, so nothing will interfere in the cleaning process. :)


    If you already ran ComboFix (with or without disabling BD), just post the log it already created. We'll see what needs to be done next.


    Cris.


    Hi Cris,


    I downloaded Combofix and did a normal scan and when this was completed I wondered how to send that to you. As I was looking for toher options I noticed that there was a diagnostic scan tool. So I have done that and I now attache it for you. I hope you can open it and I hope I have done the right thing.


    I could not download the scan file so i changed the extension to .txt. Please change back to .scan to open.


    I trust this is correct and thanks for your help.


    Thnks


    john

    /applications/core/interface/file/attachment.php?id=1979" data-fileid="1979" rel="">3c753c7a_d3cc.txt

  • Hi Cris,


    I downloaded Combofix and did a normal scan and when this was completed I wondered how to send that to you. As I was looking for toher options I noticed that there was a diagnostic scan tool. So I have done that and I now attache it for you. I hope you can open it and I hope I have done the right thing.


    I could not download the scan file so i changed the extension to .txt. Please change back to .scan to open.


    I trust this is correct and thanks for your help.


    Thnks


    john


    Hi Again Cris,


    I did not realis that the HJT file would be created so quickly. Anyway, here it is:


    Lok forward to your advice and assistance.


    John

    /applications/core/interface/file/attachment.php?id=1980" data-fileid="1980" rel="">hijackthis.log

  • Hi Cris,


    I downloaded Combofix and did a normal scan and when this was completed I wondered how to send that to you. As I was looking for toher options I noticed that there was a diagnostic scan tool. So I have done that and I now attache it for you. I hope you can open it and I hope I have done the right thing.


    I could not download the scan file so i changed the extension to .txt. Please change back to .scan to open.


    I trust this is correct and thanks for your help.


    Thnks


    john


    I have no idea what tool you used to make the attached file, but the ComboFix log is a TXT file, located in C:\combofix.txt


    That is the file I need. Please find it, and attach it (don't run Combofix again, just try to find this file).


    I'll take a look at the HJT log.


    Cris.

  • I have no idea what tool you used to make the attached file, but the ComboFix log is a TXT file, located in C:\combofix.txt


    That is the file I need. Please find it, and attach it (don't run Combofix again, just try to find this file).


    I'll take a look at the HJT log.


    Cris.


    HI Cris,


    I used Combofix - STOPZilla and firstly I did a spyware scan and it advised me that I have 105 items of spyware.It listed all these items. Is this the file that you need?? I could not find any way to copy orforward this file.


    I then found a Diagnostic Scan under TOOLS and I did this scan. That is what is attached. Unfortunately, I could not open this scan or paste it to the forum as it was a .SCAN file. So I changed the file name extension to >txt and that permitted me to attacahe to the post. I presumed that you may have some software to be able to read it by converting it back to a .SCAN file.


    I will continue to look for a .txt file in Combofix.


    Should I have registered in Combofix to access this file???


    John

  • HI Cris,


    I used Combofix - STOPZilla and firstly I did a spyware scan and it advised me that I have 105 items of spyware.It listed all these items. Is this the file that you need?? I could not find any way to copy orforward this file.


    I then found a Diagnostic Scan under TOOLS and I did this scan. That is what is attached. Unfortunately, I could not open this scan or paste it to the forum as it was a .SCAN file. So I changed the file name extension to >txt and that permitted me to attacahe to the post. I presumed that you may have some software to be able to read it by converting it back to a .SCAN file.


    I will continue to look for a .txt file in Combofix.


    Should I have registered in Combofix to access this file???


    John


    Cris,


    I did a RUN - Search for combofix and got only the help files which were user guides on the net.


    I then noticed that there is an EVENT log in the TOOLs menu which I could save and it saved as a TXT file and I have attached this file in case that is what you are looking for. I have no idea where else to look.


    Did you find anything on HJT???


    I also manaaged to delete the 138 files that BD could not delete. I foundall these files in a file called RECYCLER and the deleted all right.


    After this last night I did a deep scan with BD and it came up with an ALL Clear advice.


    But I still have the Startup POP Ups.


    Cheers,


    John

  • alexcrist
    alexcrist
    edited May 2008

    Combofix - STOPZilla?


    Hmm.. I really think you used the wrong tool. Combofix (which is found here: http://www.bleepingcomputer.com/combofix/h...o-use-combofix) does everything automatically, and only displays a log file at the end. I also posted the link in Post #2.


    The direct link to the tool is: http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    Please run this tool, and post the log. While running the tool, please don't do anything at your computer. In the scanning process, the network connection will be blocked (and restored at the end), and also your desktop might disappear (it's normal). Please stand by your computer to see any warnings that might show up.


    In the HijackThis log I noticed a few bad files. But because of the nature of the infection, it cannot be cleaned by HijackThis. However, ComboFix does a very good job. Please run ComboFix, post the log, and also post a new HJT log (after the ComboFix scan).


    Cris.

  • Combofix - STOPZilla?


    Hmm.. I really think you used the wrong tool. Combofix (which is found here: http://www.bleepingcomputer.com/combofix/h...o-use-combofix) does everything automatically, and only displays a log file at the end. I also posted the link in Post #2.


    The direct link to the tool is: http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    Please run this tool, and post the log. While running the tool, please don't do anything at your computer. In the scanning process, the network connection will be blocked (and restored at the end), and also your desktop might disappear (it's normal). Please stand by your computer to see any warnings that might show up.


    In the HijackThis log I noticed a few bad files. But because of the nature of the infection, it cannot be cleaned by HijackThis. However, ComboFix does a very good job. Please run ComboFix, post the log, and also post a new HJT log (after the ComboFix scan).


    Cris.


    Stopzilla is on the bleepiingcomputer site and that is what I used initially.


    Bleeping computer is advising that I need to install the Windows recovery console before scanning with Combofix. Your instructions imply that I only need to scan.


    Do I just scan without the Windows recovery console?


    Sorry about the 20 questions, but this is my first traumatic episode wtih viruses.


    John

  • Hi Cris, Here is the Combofix file:


    I will send the HJT file shortly.


    John


    Cris,


    I recently started to get another startup screen that is slowing the startup down a helluva lot.


    Just before the windows logo I get a blue screen that says: Please wait...........


    and the time I wait depends on the number of ........


    Thanks for your help,


    John

  • Hello,


    Fix these two lines with HijackThis:


    O4 - HKLM\..\Run: [BM6bef8e98] "Rundll32.exe" "C: \WINDOWS\system32\unbxenmo.dll",s
    O4 - HKLM\..\Run: [68dcbd04] "rundll32.exe" "C:\W INDOWS\system32\yaniicjd.dll",b


    Select them and press FIX selected.


    After that, post a new HJT log.


    Cris.

  • Hello,


    Fix these two lines with HijackThis:


    O4 - HKLM\..\Run: [BM6bef8e98] "Rundll32.exe" "C: \WINDOWS\system32\unbxenmo.dll",s
    O4 - HKLM\..\Run: [68dcbd04] "rundll32.exe" "C:\W INDOWS\system32\yaniicjd.dll",b


    Select them and press FIX selected.


    After that, post a new HJT log.


    Cris.


    Hi Cris,


    Apologies for the delay, I had an eye operation yesterday.


    Two days ago I had a e-chat session with Dell as my machine is a Dimension 3000. By manually controlling my computer, they helped me to get rid of the two pop ups and the blue screen with the message of "Please wait..........."


    So it would appear that my troubles are over.


    However, I would like to make absolutely sure so I can restart with a clean slate and BD.


    I did NOT try to remove those two lines with HJT today. Instead I ran a new log and found that they have already been deleted ( I guess by the Dell guy).


    Would you please study the attached HJT file to see if there are any other lingering or hidden Items that could cause me grief at a later date? This is something I would really appreciate and means huge peace of mind to me.


    In the meantime, thanks for all your assistance and suggestions. They made me think laterally and help me to know what to look for in the future. You have spent time and effort on me and that is truly appreciated.


    Look forward to your kind advice on the attached file.


    Cheers,


    John

    /applications/core/interface/file/attachment.php?id=2015" data-fileid="2015" rel="">hijackthis2.txt

  • Hi Cris,


    Apologies for the delay, I had an eye operation yesterday.


    Two days ago I had a e-chat session with Dell as my machine is a Dimension 3000. By manually controlling my computer, they helped me to get rid of the two pop ups and the blue screen with the message of "Please wait..........."


    So it would appear that my troubles are over.


    However, I would like to make absolutely sure so I can restart with a clean slate and BD.


    Cheers,


    John


    Hi Chris,


    Looks like I am still in the shyte. As I was going to shutdown for the night, BD came up with a red flag in Security. I looked into this and in the security Current Issues the Real Time Protection P2p had been replaced by the heading STEALTH and this showed disabled and Fix in red. I looked everywhere and could not find any reference to Stealth. So I restarted.


    I now have the blue screen with Please wait.... only now the dots have filled the first line and have started on the second line. The BD is back to normal and the Stealth header has disappeared.


    the good news is that the two pop ups have disappeared. Looks like they may be cured, but the blue screen is still present. AND somehow the virus has intervered with BD's sceurity screen.


    Any ideas, suggestions?


    I have downloaded the latest HJT file.


    Thannks and regards,


    John

    /applications/core/interface/file/attachment.php?id=2016" data-fileid="2016" rel="">hijackthis3.txt

  • alexcrist
    alexcrist
    edited May 2008

    Hi John,


    Both files are clean. However, there is a left-over from a (probably) previous Symantec installation which you should fix:


    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)


    Also, you should find a Removal Tool to completely remove other Symantec traces. Take a look here: http://forum.bitdefender.com/index.php?showtopic=1379


    Also, the blue screen was noticed by other users also, and seems to be a bug in the latest BitDefender version (11.0.16). However, the screen is very rare, and shouldn't take more than a couple of seconds (at most). Personally, I've seen that screen just a very few times, after a forced reboot (not on normal reboots). I've already reported this possible issue, but haven't got a response back.


    If that screen delays the boot too much, try to contact LiveAssistance.


    Cris.

  • Hi John,


    Both files are clean. However, there is a left-over from a (probably) previous Symantec installation which you should fix:


    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)


    Also, you should find a Removal Tool to completely remove other Symantec traces. Take a look here: http://forum.bitdefender.com/index.php?showtopic=1379


    url].


    Cris.


    Thanks again Cris.


    I'll attack these issues and hope they get resolved. I did download the symantec uninstall tool which is supposed to clear aLL symantec stuff, but it just doesnot.


    Anyway I am getting very fast logons and logoffs now and am very happy.


    Cheers and thanks again


    John

  • You're welcome John. :)


    May I ask you something? If the Dell support told anything interesting about the computer that should optimize it, please tell me what it was (in a PM), because I also have a Dell laptop and I can't contact their chat (it seems they won't "talk" with customers outside US, or something like that :huh: ). Thanks. :)


    Cris.

  • You're welcome John. :)


    May I ask you something? If the Dell support told anything interesting about the computer that should optimize it, please tell me what it was (in a PM), because I also have a Dell laptop and I can't contact their chat (it seems they won't "talk" with customers outside US, or something like that :huh: ). Thanks. :)


    Cris.


    Hi Cris,


    I typed out a long message to "CRIS" in Messenger hoping that would get to you as a PM, but I could not find it after I hit the Send button. So I presume that you have not received it.


    Other than that I have no experience in PMing. Maybe you can help there and I will be happy to detail my experience with Dell. Their support is in India, and I am calling from the UK.


    John

  • Yes, I received it. Thank you. :)


    However, I cannot give you a response, due to lack of time. This week, I have some exams to pass. I'll reply as soon as I can (maybe next Saturday).


    Cris.

  • Yes, I received it. Thank you. :)


    However, I cannot give you a response, due to lack of time. This week, I have some exams to pass. I'll reply as soon as I can (maybe next Saturday).


    Cris.


    Good luck in your exams.


    I know you guys help us out here for no reward other than the good you do and it is most appreciated by all of us out here who desperately need your assistance.


    So thanks and good luck.


    John

  • Good luck in your exams.


    I know you guys help us out here for no reward other than the good you do and it is most appreciated by all of us out here who desperately need your assistance.


    So thanks and good luck.


    John


    Hi Cris,


    I have somae more good news. (I hope it does not get bad later)


    Yesterday i uninstalled BD and reinstalled it. and since then i have restarted about 5 times and each time there is no sign of the blue screen with "Please wait........" I hope that is the last I have seen of that problem. The PC logs on and off very quickly and everything seems to workng well. so there is no need for me to contact the BD Chat line.


    Thanks a Million.


    John