mtijjm
2007-08-06, 15:26
ive ran spybot hjt adaware vundofix almost everything i could find but to no avail bc spybot still recognizes the vundo adware
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:10 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\wyssxqsA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\?ssembly\wucrtupd.exe
C:\WINDOWS\system32\DOBE~1\rundll32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\SPYWARE ELIMINATORS\aawservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\JJM\Application Data\tmp13.tmp.exe
C:\WINDOWS\system32\qwerty12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\DOCUME~1\JJM\LOCALS~1\Temp\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\SkpN\command.exe
C:\HJT\scanner.exe
O2 - BHO: (no name) - {01892ED4-D397-45F3-8613-B10232FF6954} - \
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CD9FAD8-9FFC-4C82-8DFC-4C86714A5337} - \
O2 - BHO: (no name) - {15F12912-DE8D-457E-90C0-C40389A2D72D} - \
O2 - BHO: (no name) - {168cf242-6cd7-4526-a9f9-1637b0ab13cb} - C:\WINDOWS\system32\glgglns.dll
O2 - BHO: (no name) - {28AF159E-3B69-475B-8B2E-1F39453E6F9F} - \
O2 - BHO: (no name) - {2C037A84-B4AD-4516-8247-569968227B85} - \
O2 - BHO: (no name) - {461FBF4A-9344-4A3C-BE63-84A2A78E4422} - \
O2 - BHO: (no name) - {4781E99A-2130-453E-84F0-8C0C4B61D2EA} - \
O2 - BHO: (no name) - {488883C3-320F-46A8-7879-4FB60C48F0B8} - C:\WINDOWS\system32\ssidsx.dll
O2 - BHO: (no name) - {4CDF82C2-320C-48F8-2D79-4FB60C48F1BE} - C:\WINDOWS\system32\xixafx.dll
O2 - BHO: (no name) - {4E793B7C-D549-4213-858F-476B3771CE71} - \
O2 - BHO: (no name) - {4FBF8A1D-5DC1-4817-8F6E-267ED8AB9C79} - \
O2 - BHO: (no name) - {53136DCE-B7EC-4482-8645-5C5A3E02CB37} - \
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\JJM\Desktop\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67142B60-D294-4977-AA5F-582205F7A45C} - \
O2 - BHO: (no name) - {70789ee5-bd07-4e0a-a84f-052fe9906a10} - C:\WINDOWS\system32\licide.dll
O2 - BHO: 0 - {71B5224F-924E-4001-E580-CFBBA189FBAD} - C:\Program Files\MSN\lavumafe817.dll
O2 - BHO: (no name) - {7D7156DE-0860-4A67-AD92-8F0D771FC934} - \
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {8BB84647-912E-4B30-947A-09F74821FC2B} - \
O2 - BHO: (no name) - {99B2D268-D751-424C-BA10-9E25B6F17152} - \
O2 - BHO: (no name) - {B0B30D9B-9BF2-4C12-A0CE-419C3C66AE5D} - \
O2 - BHO: (no name) - {B0F1E599-6986-4ED5-8177-D075A6F26177} - \
O2 - BHO: (no name) - {B5028E4F-46EA-40EE-AF13-9601A7630173} - C:\Program Files\Online Services\hokeso83122.dll
O2 - BHO: (no name) - {B855DDDA-BD1F-43BC-8B6C-028C40D95132} - \
O2 - BHO: (no name) - {C11EBBE2-355C-4B57-A586-485D78B6EDE7} - \
O2 - BHO: (no name) - {C24DDB81-410A-4B90-BCAC-1C2C5666F807} - \
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp14.tmp.dll
O2 - BHO: (no name) - {CB501D9A-2A9C-4271-96D7-9F26C3A3561D} - \
O2 - BHO: (no name) - {E1F93F4F-EF25-4B5E-AA17-CBD842D8A7AB} - \
O2 - BHO: (no name) - {E4C305C0-5ACE-4AFF-BC76-31CE6A1F391A} - \
O2 - BHO: (no name) - {F211E7A2-4AEC-48B0-8B41-79AD660FF8B5} - \
O2 - BHO: (no name) - {F8E00435-5372-4590-9B74-DF93F7D0A71A} - \
O2 - BHO: (no name) - {FD35C6DD-D423-4148-902C-0D7900D3B803} - \
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [wyssxqsA] C:\WINDOWS\wyssxqsA.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\awwvuu.dll",forkonce
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Eoas] "C:\WINDOWS\ICROSO~2\explorer.exe" -vt yazb
O4 - HKCU\..\Run: [ccleaner] "C:\SPYWARE ELIMINATORS\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Uutc] "C:\WINDOWS\system32\DOBE~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Rftkvbw] "C:\Program Files\?ssembly\wucrtupd.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141507647015
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O20 - AppInit_DLLs: c:\windows\system32\sstqrqq.dll
O20 - Winlogon Notify: licide - C:\WINDOWS\SYSTEM32\licide.dll
O20 - Winlogon Notify: Lvdlnr - C:\WINDOWS\SYSTEM32\Lvdlnr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\SPYWARE ELIMINATORS\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SkpN\command.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7177 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:10 AM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\wyssxqsA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\?ssembly\wucrtupd.exe
C:\WINDOWS\system32\DOBE~1\rundll32.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\SPYWARE ELIMINATORS\aawservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\JJM\Application Data\tmp13.tmp.exe
C:\WINDOWS\system32\qwerty12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\DOCUME~1\JJM\LOCALS~1\Temp\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\SkpN\command.exe
C:\HJT\scanner.exe
O2 - BHO: (no name) - {01892ED4-D397-45F3-8613-B10232FF6954} - \
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CD9FAD8-9FFC-4C82-8DFC-4C86714A5337} - \
O2 - BHO: (no name) - {15F12912-DE8D-457E-90C0-C40389A2D72D} - \
O2 - BHO: (no name) - {168cf242-6cd7-4526-a9f9-1637b0ab13cb} - C:\WINDOWS\system32\glgglns.dll
O2 - BHO: (no name) - {28AF159E-3B69-475B-8B2E-1F39453E6F9F} - \
O2 - BHO: (no name) - {2C037A84-B4AD-4516-8247-569968227B85} - \
O2 - BHO: (no name) - {461FBF4A-9344-4A3C-BE63-84A2A78E4422} - \
O2 - BHO: (no name) - {4781E99A-2130-453E-84F0-8C0C4B61D2EA} - \
O2 - BHO: (no name) - {488883C3-320F-46A8-7879-4FB60C48F0B8} - C:\WINDOWS\system32\ssidsx.dll
O2 - BHO: (no name) - {4CDF82C2-320C-48F8-2D79-4FB60C48F1BE} - C:\WINDOWS\system32\xixafx.dll
O2 - BHO: (no name) - {4E793B7C-D549-4213-858F-476B3771CE71} - \
O2 - BHO: (no name) - {4FBF8A1D-5DC1-4817-8F6E-267ED8AB9C79} - \
O2 - BHO: (no name) - {53136DCE-B7EC-4482-8645-5C5A3E02CB37} - \
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\JJM\Desktop\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67142B60-D294-4977-AA5F-582205F7A45C} - \
O2 - BHO: (no name) - {70789ee5-bd07-4e0a-a84f-052fe9906a10} - C:\WINDOWS\system32\licide.dll
O2 - BHO: 0 - {71B5224F-924E-4001-E580-CFBBA189FBAD} - C:\Program Files\MSN\lavumafe817.dll
O2 - BHO: (no name) - {7D7156DE-0860-4A67-AD92-8F0D771FC934} - \
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {8BB84647-912E-4B30-947A-09F74821FC2B} - \
O2 - BHO: (no name) - {99B2D268-D751-424C-BA10-9E25B6F17152} - \
O2 - BHO: (no name) - {B0B30D9B-9BF2-4C12-A0CE-419C3C66AE5D} - \
O2 - BHO: (no name) - {B0F1E599-6986-4ED5-8177-D075A6F26177} - \
O2 - BHO: (no name) - {B5028E4F-46EA-40EE-AF13-9601A7630173} - C:\Program Files\Online Services\hokeso83122.dll
O2 - BHO: (no name) - {B855DDDA-BD1F-43BC-8B6C-028C40D95132} - \
O2 - BHO: (no name) - {C11EBBE2-355C-4B57-A586-485D78B6EDE7} - \
O2 - BHO: (no name) - {C24DDB81-410A-4B90-BCAC-1C2C5666F807} - \
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp14.tmp.dll
O2 - BHO: (no name) - {CB501D9A-2A9C-4271-96D7-9F26C3A3561D} - \
O2 - BHO: (no name) - {E1F93F4F-EF25-4B5E-AA17-CBD842D8A7AB} - \
O2 - BHO: (no name) - {E4C305C0-5ACE-4AFF-BC76-31CE6A1F391A} - \
O2 - BHO: (no name) - {F211E7A2-4AEC-48B0-8B41-79AD660FF8B5} - \
O2 - BHO: (no name) - {F8E00435-5372-4590-9B74-DF93F7D0A71A} - \
O2 - BHO: (no name) - {FD35C6DD-D423-4148-902C-0D7900D3B803} - \
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [wyssxqsA] C:\WINDOWS\wyssxqsA.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\awwvuu.dll",forkonce
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Eoas] "C:\WINDOWS\ICROSO~2\explorer.exe" -vt yazb
O4 - HKCU\..\Run: [ccleaner] "C:\SPYWARE ELIMINATORS\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Uutc] "C:\WINDOWS\system32\DOBE~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [Rftkvbw] "C:\Program Files\?ssembly\wucrtupd.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nLite] %systemroot%\inf\nlite.cmd (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141507647015
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O20 - AppInit_DLLs: c:\windows\system32\sstqrqq.dll
O20 - Winlogon Notify: licide - C:\WINDOWS\SYSTEM32\licide.dll
O20 - Winlogon Notify: Lvdlnr - C:\WINDOWS\SYSTEM32\Lvdlnr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\SPYWARE ELIMINATORS\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SkpN\command.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7177 bytes