Jump to content

martian71

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi i am having serious issues with my PC i have rum numerous spyware removal tools and antivirus scans but each time my PC is restarted the same issues return, each time they have a differnt name in the registry like nolmjdrv - rundll32.exe "fcyyww.dll". I have also attached the latest mbam full scan log too. also mbam will not run unless i rename the exe to firefox or mbam.com, many thanks DDS log DDS (Ver_10-03-17.01) - NTFSx86 Run by Mike Heywood at 12:07:57.96 on 19/07/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2494.1786 [GMT 1:00] AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Spy Emergency *enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.com C:\Documents and Settings\Mike Heywood\Desktop\Defogger.exe C:\Documents and Settings\Mike Heywood\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyServer = http=127.0.0.1:5555 uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [nnolmjdrv] rundll32.exe "fcyyww.dll",s mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Motive SmartBridge] c:\progra~1\bthome~1\help\smartb~1\BTHelpNotifier.exe mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe" mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe" mRun: [nwiz] nwiz.exe /installquiet mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui mRun: [ssqpoosys] rundll32.exe "fcbbxv.dll",DllRegisterServer mRun: [ljihgddrv] rundll32.exe "fcyyww.dll",s dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [yaxvsssys] rundll32.exe "fcbbxv.dll",DllRegisterServer dRun: [ssrolkdrv] rundll32.exe "fcyyww.dll",s StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\btbroa~1.lnk - c:\program files\bt home hub\help\bin\matcli.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe mPolicies-system: EnableLUA = 0 (0x0) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244654203531 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 fcbbxv.dll ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-7-15 28552] R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-19 165456] R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-19 17744] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936] R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2009-11-12 220128] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-19 40384] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-18 20952] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-7-18 38224] S1 SASDIFSV;SASDIFSV;k:\repair\repair\virus removal\superantispyware\sasdifsv.sys [2010-7-14 8944] S1 SASKUTIL;SASKUTIL;k:\repair\repair\virus removal\superantispyware\SASKUTIL.SYS [2010-7-14 55024] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-18 304464] S2 MSWU-2214daa4;MSWU-2214daa4;c:\windows\system32\2214daa4.exe --> c:\windows\system32\2214daa4.exe [?] S2 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?] S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2009-11-12 32736] S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?] S3 SASENUM;SASENUM;k:\repair\repair\virus removal\superantispyware\SASENUM.SYS [2010-7-14 7408] =============== Created Last 30 ================ 2010-07-19 09:53:15 0 ----a-w- c:\documents and settings\mike heywood\defogger_reenable 2010-07-19 06:50:52 38848 ----a-w- c:\windows\avastSS.scr 2010-07-19 06:50:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software 2010-07-18 22:00:03 0 d-----w- c:\docume~1\mikehe~1\applic~1\ESET 2010-07-18 21:52:38 116 ----a-w- c:\windows\system32\SpywareCease.lie 2010-07-18 21:52:00 42 ----a-w- c:\windows\system32\scud.udf 2010-07-18 21:38:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-18 21:38:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-18 21:14:10 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2010-07-18 21:13:57 0 d-----w- c:\program files\NVIDIA Corporation 2010-07-18 21:04:35 0 d--h--w- c:\windows\$hf_mig$ 2010-07-18 18:59:30 0 d-----w- c:\program files\ESET 2010-07-18 17:47:14 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-07-18 17:47:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-07-18 16:23:43 0 d-----w- C:\Linksys Driver 2010-07-15 10:34:17 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-07-15 10:34:08 0 d-----w- c:\program files\Panda Security 2010-07-15 09:45:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-15 09:18:55 25600 ----a-w- c:\windows\system32\WS2Fix.exe 2010-07-15 09:18:54 79360 ----a-w- c:\windows\system32\swxcacls.exe 2010-07-15 09:18:54 289144 ----a-w- c:\windows\system32\VCCLSID.exe 2010-07-15 09:18:53 51200 ----a-w- c:\windows\system32\dumphive.exe 2010-07-15 09:18:53 288417 ----a-w- c:\windows\system32\SrchSTS.exe 2010-07-15 09:18:52 135168 ----a-w- c:\windows\system32\swreg.exe 2010-07-15 09:18:51 53248 ----a-w- c:\windows\system32\Process.exe 2010-07-15 08:50:46 0 d-----w- c:\docume~1\mikehe~1\applic~1\SUPERAntiSpyware.com 2010-07-15 08:50:46 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-06-30 18:33:08 94208 ---ha-w- c:\windows\system32\fcyyww.dll 2010-06-30 18:28:05 87552 ---ha-w- c:\windows\system32\fcbbxv.dll ==================== Find3M ==================== 2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 12:09:51.96 =============== Latest mbam log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4325 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 19/07/2010 12:34:01 mbam-log-2010-07-19 (12-34-01).txt Scan type: Full scan (C:\|) Objects scanned: 150430 Time elapsed: 28 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 7 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nnolmjdrv (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssqpoosys (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ljihgddrv (Trojan.Vundo) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yaxvsssys (Trojan.Vundo) -> No action taken. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssrolkdrv (Trojan.Vundo) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yaxvsssys (Trojan.Vundo) -> No action taken. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssrolkdrv (Trojan.Vundo) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.