xazncrazyx

i have tried everything possible. Here is my log, i already deleted some programs, but i was wondering what else i should delete. Attatched is my log. Thank you!

Attached Files

Doc2.doc (90.5 KB, 2 views)

tetonbob

Hello -

That is not a log, but a screenshot of the scanning interface.

Please do this to create a log:

double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

Please do not attach the log, just post it in your reply.

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

xazncrazyx

Logfile of HijackThis v1.99.1
Scan saved at 10:55:59 AM, on 7/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avp] C:\WINNT\avp.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Ouue] "C:\WINNT\SSTEM~1\scanregw.exe" -vt yazb
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

and i dled startupcpl and it keeps on showing rutsfabc.exe

xazncrazyx

may i also add that my firefox nor internet explorer work

tetonbob

What exactly have you deleted already? And how is it that you're posting logs here? Are you using another computer?

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

xazncrazyx

Deckard's System Scanner v20070711.54
Run by abc on 2007-07-26 at 12:08:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as abc.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:22:02 PM, on 7/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINNT\explorer.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Documents and Settings\abc\Desktop\dss.exe
C:\PROGRA~1\hjt\abc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {03a1251a-1dd2-11b2-91b4-d614f9bbea5e} - C:\WINNT\srkzsvip.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67475B4D-150D-44A4-B5DD-BC80D4C9361F} - C:\WINNT\system32\awtttuu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FCBE6D84-2EF7-42DD-A9F9-76A0548B2D8E} - C:\WINNT\system32\ddaby.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avp] C:\WINNT\avp.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Ouue] "C:\WINNT\SSTEM~1\scanregw.exe" -vt yazb
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O20 - Winlogon Notify: awtttuu - C:\WINNT\SYSTEM32\awtttuu.dll
O20 - Winlogon Notify: ddaby - C:\WINNT\system32\ddaby.dll
O20 - Winlogon Notify: winopn32 - C:\WINNT\SYSTEM32\winopn32.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 zntport (NTPort Library Driver) - c:\winnt\system32\zntport.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Scheduled Tasks -------------------------------------------------------------

2007-07-25 19:04:06 1506 --a------ C:\WINNT\Tasks\wrSpySweeperTrialSweep.job
2007-07-02 14:11:00 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-06-26 and 2007-07-26 -----------------------------

2007-07-26 11:56:14 0 d-------- C:\Documents and Settings\abc\Application Data\Netscape
2007-07-26 11:55:42 0 d-------- C:\Program Files\Netscape
2007-07-26 10:53:57 0 d-------- C:\Program Files\hjt
2007-07-26 10:35:52 6602 ---hs---- C:\WINNT\system32\ybadd.bak2
2007-07-26 10:35:30 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_310.dat
2007-07-25 19:03:36 0 d-------- C:\Program Files\Webroot
2007-07-25 19:03:36 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Webroot
2007-07-25 19:03:36 0 d-------- C:\Documents and Settings\abc\Application Data\Webroot
2007-07-25 19:00:52 0 d-------- C:\Program Files\4DiskcleanG
2007-07-25 19:00:17 0 d-------- C:\Program Files\Advanced Spyware Remover
2007-07-25 17:58:53 6467 ---hs---- C:\WINNT\system32\ybadd.bak1
2007-07-25 17:58:39 228960 --a------ C:\WINNT\system32\ddaby.dll
2007-07-25 17:54:35 10240 --a------ C:\WINNT\system32\hlpsrv.exe <Not Verified; NoName Corp.; NNC module>
2007-07-25 17:53:49 0 d-------- C:\WINNT\system32\twqogrlb
2007-07-25 17:53:45 122880 --a------ C:\WINNT\srkzsvip.dll
2007-07-25 17:53:45 122880 --a------ C:\Documents and Settings\All Users.WINNT\Application Data\ylgpgzav.dll
2007-07-25 17:53:34 31254 --a------ C:\WINNT\system32\awtttuu.dll
2007-07-25 17:53:34 0 --a------ C:\Documents and Settings\abc\Application Data\Install.dat
2007-07-25 17:53:32 0 d-------- C:\WINNT\s?stem
2007-07-25 17:53:15 20992 --a------ C:\WINNT\system32\winopn32.dll
2007-07-23 23:36:40 0 d-------- C:\Documents and Settings\abc\Application Data\WinRAR


-- Find3M Report ---------------------------------------------------------------

2007-07-26 11:09:03 0 d-------- C:\Program Files\Microsoft Games
2007-07-26 10:35:39 0 d-a------ C:\Program Files\Steam
2007-07-26 00:00:22 275954 ---h----- C:\WINNT\ShellIconCache
2007-07-25 18:08:32 0 d-------- C:\Program Files\IrfanView
2007-07-25 13:02:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-17 10:56:56 6455 --a------ C:\WINNT\scedunin.dat
2007-06-17 10:56:54 967 --a------ C:\WINNT\ScEdUnin.pif
2007-06-16 23:44:23 1764 --a------ C:\WINNT\Sketchpad Preferences.dat
2007-05-28 14:48:41 0 d-------- C:\Documents and Settings\abc\Application Data\Lavasoft
2007-05-28 14:48:35 0 d-------- C:\Program Files\Lavasoft
2007-05-28 14:48:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-28 14:20:50 0 d-------- C:\Program Files\iTunes
2007-05-28 14:20:43 0 d-------- C:\Program Files\iPod
2007-05-28 14:20:10 0 d-------- C:\Program Files\QuickTime
2007-05-26 22:14:57 0 d-------- C:\Program Files\AIM


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{03a1251a-1dd2-11b2-91b4-d614f9bbea5e} C:\WINNT\srkzsvip.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{67475B4D-150D-44A4-B5DD-BC80D4C9361F} C:\WINNT\system32\awtttuu.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{FCBE6D84-2EF7-42DD-A9F9-76A0548B2D8E} C:\WINNT\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"avp"="C:\\WINNT\\avp.exe"
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="\"C:\\Program Files\\AIM\\aim.exe\" -cnetwait.odl"
"Aim6"="C:\\Program Files\\AIM6\\aim6.exe /d locale=en-US ee://aol/imApp"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"Ouue"="\"C:\\WINNT\\SSTEM~1\\scanregw.exe\" -vt yazb"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{67475B4D-150D-44A4-B5DD-BC80D4C9361F}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttuu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaby
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0



-- End of Deckard's System Scanner: finished at 2007-07-26 at 12:23:48 ---------

Attached Files

extra.txt (7.5 KB, 2 views)

xazncrazyx

i just dled programs off another comp, and transfered it to my usb. then i dled it on my comp ran it, and saved log on my usb and posted it with other comp. I have windows 2000 and i dont remember what i deleted. Some weird name like. Dvutybf iono. or something

tetonbob

OK...one more set of questions, and we can also tackle the infections present. I'm uncertain if the infections are causing your browser malfunction.

When you say IE and FF do not work, do you mean the page does not load, or the applications don't start?

What type of internet access do you have on the infected machine? Dial-up? Broadband?

Do any applications access the internet? Mail programs?

You also have no Anti-Virus protection installed. We'll address this as we go forward.

Carry this tool to the infected machine.....

1. Download combofix.exe to your desktop.
2. Double click on combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

xazncrazyx

"abc" - 2007-07-26 18:56:02 [GMT -7:00] - ComboFix 07-07-24.5 - Service Pack 4 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\winopn32.dll
C:\WINNT\system32\ybadd.bak1
C:\WINNT\system32\ybadd.bak2
C:\WINNT\system32\ybadd.ini
C:\WINNT\system32\ddaby.dll
C:\WINNT\system32\awtttuu.dll
C:\WINNT\system32\awtttuu.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\abc\APPLIC~1.\macromedia\Flash Player\#SharedObjects\J3QG982F\www.broadcaster.com
C:\DOCUME~1\abc\APPLIC~1.\macromedia\Flash Player\#SharedObjects\J3QG982F\www.broadcaster.com\played_list.sol
C:\DOCUME~1\abc\APPLIC~1.\macromedia\Flash Player\#SharedObjects\J3QG982F\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\abc\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\abc\APPLIC~1\Install.dat
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\WINNT\mgrs.exe
C:\WINNT\NDNuninstall7_48.exe
C:\WINNT\sstem~1
C:\WINNT\sstem~1\scanregw.exe~
C:\WINNT\system32\ldpackage.dll
C:\WINNT\system32\model.dat
C:\WINNT\system32\rlxf.dll
C:\WINNT\system32\silc_dll.dll
C:\WINNT\wr.txt


((((((((((((((((((((((((( Files Created from 2007-06-27 to 2007-07-27 )))))))))))))))))))))))))))))))


2007-07-26 15:41 51,200 --a------ C:\WINNT\nircmd.exe
2007-07-26 14:09 70,312 --a------ C:\Program Files\codec_setup.exe
2007-07-26 14:05 93,696 --a------ C:\WINNT\system32\drvzos.dll
2007-07-26 14:05 31,254 --a------ C:\WINNT\system32\hgggfcd.dll
2007-07-26 12:08 <DIR> d-------- C:\Deckard
2007-07-26 11:56 <DIR> d-------- C:\DOCUME~1\abc\APPLIC~1\Netscape
2007-07-26 11:55 <DIR> d-------- C:\Program Files\Netscape
2007-07-26 10:53 <DIR> d-------- C:\Program Files\hjt
2007-07-25 19:04 23,864 --a------ C:\WINNT\system32\drivers\sskbfd.sys
2007-07-25 19:04 21,816 --a------ C:\WINNT\system32\drivers\sshrmd.sys
2007-07-25 19:04 20,280 --a------ C:\WINNT\system32\drivers\SSFS0BB8.sys
2007-07-25 19:04 160,056 --a------ C:\WINNT\system32\drivers\ssidrv.sys
2007-07-25 19:03 1,520,952 --a------ C:\WINNT\WRSetup.dll
2007-07-25 19:03 <DIR> d-------- C:\Program Files\Webroot
2007-07-25 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Webroot
2007-07-25 19:03 <DIR> d-------- C:\DOCUME~1\abc\APPLIC~1\Webroot
2007-07-25 19:00 <DIR> d-------- C:\Program Files\Advanced Spyware Remover
2007-07-25 19:00 <DIR> d-------- C:\Program Files\4DiskcleanG
2007-07-25 17:54 10,240 --a------ C:\WINNT\system32\hlpsrv.exe
2007-07-25 17:53 122,880 --a------ C:\WINNT\srkzsvip.dll
2007-07-25 17:53 122,880 --a------ C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ylgpgzav.dll
2007-07-25 17:53 <DIR> d-a------ C:\WINNT\system32\twqogrlb
2007-07-23 23:36 <DIR> d-------- C:\DOCUME~1\abc\APPLIC~1\WinRAR


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-27 02:10:35 -------- d---a-w C:\Program Files\Steam
2007-07-26 18:09:03 -------- d-----w C:\Program Files\Microsoft Games
2007-07-26 01:08:32 -------- d-----w C:\Program Files\IrfanView
2007-07-25 20:02:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 17:56:56 6,455 ----a-w C:\WINNT\scedunin.dat
2007-06-17 17:56:54 967 ----a-w C:\WINNT\ScEdUnin.pif
2007-06-17 06:44:23 1,764 ----a-w C:\WINNT\Sketchpad Preferences.dat
2007-05-28 21:48:41 -------- d-----w C:\DOCUME~1\abc\APPLIC~1\Lavasoft
2007-05-28 21:48:35 -------- d-----w C:\Program Files\Lavasoft
2007-05-28 21:48:17 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-28 21:20:50 -------- d-----w C:\Program Files\iTunes
2007-05-28 21:20:43 -------- d-----w C:\Program Files\iPod
2007-05-28 21:20:10 -------- d-----w C:\Program Files\QuickTime
2007-05-27 05:14:57 -------- d-----w C:\Program Files\AIM
2006-08-10 22:39:48 271 ---h--w C:\Program Files\desktop.ini
2006-08-10 22:39:48 21,952 ---h--w C:\Program Files\folder.htt


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03a1251a-1dd2-11b2-91b4-d614f9bbea5e}]
07-07-25 17:53 122880 --a------ C:\WINNT\srkzsvip.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 C:\WINNT\system32\mobsync.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07-04-27 11:25 ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [07-06-21 18:57 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [05-06-02 02:34 ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" []
"Steam"="C:\Program Files\Steam\Steam.exe" [07-06-26 18:54 ]
"Ouue"="C:\WINNT\SSTEM~1\scanregw.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\abc\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-11 11:10:00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

R0 Diskperf;Diskperf;C:\WINNT\system32\drivers\Diskperf.sys
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINNT\system32\Drivers\SSFS0BB8.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINNT\system32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINNT\system32\Drivers\SSIDRV.SYS
R1 Cdr4_2K;Cdr4_2K;C:\WINNT\system32\drivers\Cdr4_2K.sys
R1 Cdralw2k;Cdralw2k;C:\WINNT\system32\drivers\Cdralw2k.sys
R1 Parport;Parallel port driver;C:\WINNT\system32\DRIVERS\parport.sys
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
R3 i81x;i81x;C:\WINNT\system32\DRIVERS\i81xnt5.sys
R3 Parallel;Parallel class driver;C:\WINNT\system32\DRIVERS\parallel.sys
R3 Ptilink;Direct Parallel Link Driver;C:\WINNT\system32\DRIVERS\ptilink.sys
R3 Raspti;Direct Parallel;C:\WINNT\system32\DRIVERS\raspti.sys
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINNT\system32\Drivers\sskbfd.sys
R3 uhcd;Microsoft USB Universal Host Controller Driver;C:\WINNT\system32\DRIVERS\uhcd.sys
R4 EFS;EFS;C:\WINNT\system32\drivers\EFS.sys
S2 zntport;NTPort Library Driver;\??\C:\WINNT\system32\zntport.sys
S3 Fax;Fax Service;C:\WINNT\system32\faxsvc.exe
S3 ichaud;Service for AC'97 Driver (WDM);C:\WINNT\system32\drivers\ichaud.sys
S3 NetDetect;NetDetect;C:\WINNT\system32\drivers\netdtect.sys
S3 RCA;Microsoft Streaming Network Raw Channel Access;C:\WINNT\system32\drivers\RCA.sys
S3 UtilMan;Utility Manager;C:\WINNT\System32\UtilMan.exe

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-07-02 21:11:00 C:\WINNT\tasks\AppleSoftwareUpdate.job
2007-07-26 02:04:06 C:\WINNT\tasks\wrSpySweeperTrialSweep.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 19:10:25
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-26 19:13:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-07-26 19:12

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 7:46:52 PM, on 7/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\abc\Local Settings\Temp\wz7336\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {03a1251a-1dd2-11b2-91b4-d614f9bbea5e} - C:\WINNT\srkzsvip.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Ouue] "C:\WINNT\SSTEM~1\scanregw.exe" -vt yazb
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

ie and Ff wont start. it says that firefox.exe and iexplorer.exe has generated errors and cannot start. I have Dsl. Everything accesed interent, just no browsers. However, i managed to dl netscape and it works perfectly. yesterday after i delted some files with hijack, the " process has already exited" dissapeared. Now it is back

tetonbob

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Let's work on the infection, and getting this machine some protection, before we address FF or IE, since Netscape works.

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

Or....ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip
Please submit this file to:

http://www.bleepingcomputer.com/subm....php?channel=4

Please include a link to this topic in the message.

---------------------------------------------------------------------------------------------

Since you can use Netscape....please do this now:

Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

Please download and install this excellent and FREE anti-virus program:

Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop.

• Please remember to register for your Activation Code using a legitimate email address.
• Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:
  
  
  
  
  
  
• Then please update the program and run a systemwide scan. Allow it to neutralize all that it finds.
• When done, launch Active Virus Shield's main window.
  
  
  
  
  
  
• Click the Scan button on the left, and then click Detected.
  
  
  
  
  
  
• In the ensuing window, click the Save As button to save a copy of the log.
• Copy and paste that log in your next reply.

Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

xazncrazyx

"abc" - 07/26/2007 20:26:57 [GMT -7:00] - ComboFix 07-07