Caught By Looking-for.cc Realy Urgent

  1. 12-03-2005  #1
    vijaysaraf
    vijaysaraf is offline Newbie

    Caught By Looking-for.cc Realy Urgent

    Hello All,

    I have affected by Lookin-For.cc and i am unable to surf any where at web.
    i am sending my HijackThis.log file
    Please help me .
    Thanks in advance.

    ---------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 9:40:19 PM, on 3/12/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Documents and Settings\db2admin\WINDOWS\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    D:\Program Files\Trend\SProtect\SpntSvc.exe
    D:\Program Files\Trend\SProtect\StWatchDog.exe
    D:\Program Files\Trend\SProtect\StOPP.exe
    C:\WINNT\System32\msdtc.exe
    C:\WINNT\System32\cisvc.exe
    C:\Program Files\SQLLIB\bin\db2jds.exe
    C:\Program Files\SQLLIB\bin\db2licd.exe
    C:\Program Files\SQLLIB\bin\db2sec.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\llssrv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    D:\Program Files\ORL\VNC\WinVNC.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\PROGRA~1\SQLLIB\bin\IWH2SERV.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\cidaemon.exe
    C:\WINNT\System32\cidaemon.exe
    C:\WINNT\Explorer.EXE
    D:\Program Files\Common files\updater\wupdater.exe
    D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Windows AdControl\WinAdCtl.exe
    C:\Program Files\Windows AdControl\WinAdAlt.exe
    C:\Lotus\Notes\NLNOTES.EXE
    C:\Lotus\Notes\nhldaemn.EXE
    D:\Program Files\Spyware Doctor\swdoctor.exe
    D:\Program Files\RegCleaner\RegCleanr.exe
    C:\WINNT\regedit.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\PROGRA~1\WinZip\winzip32.exe
    C:\Documents and Settings\db2admin\Desktop\New Folder\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.8.53.31:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*;*.ril.com;<local>
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {2818FA5A-CD2C-CC25-2A59-7083BAD410B4} - C:\Documents and Settings\db2admin\WINDOWS\addws.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [updater] D:\Program Files\Common files\updater\wupdater.exe
    O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O10 - Broken Internet access because of LSP provider 'c:\documents and settings\db2admin\windows\system32\rnr20.dll' missing
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...98a73bd5be0348
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/...tdmgainads.cab
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/604417.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dakc.ril.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D522E9E-F359-4931-8025-F9DC17F22C30}: NameServer = 10.11.58.2,10.11.58.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6EEB4672-580D-4EFB-958D-E95D3D42F1F9}: NameServer = 10.11.58.8,10.11.58.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95AEB909-736C-44C1-A7B0-60CD13C5DC89}: Domain = exchangenext.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{95AEB909-736C-44C1-A7B0-60CD13C5DC89}: NameServer = 10.8.53.239,10.8.53.241
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E923BE22-DD3C-43FF-B011-F4623742D901}: Domain = exchangenext.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E923BE22-DD3C-43FF-B011-F4623742D901}: NameServer = 10.11.58.8
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dakc.ril.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dakc.ril.com
    O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
    O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\clipsrv.exe (file missing)
    O23 - Service: DB2 - DB2 (DB2) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
    O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
    O23 - Service: DB2 - DB2CTLSV (DB2CTLSV) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
    O23 - Service: DB2 - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
    O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2govds.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
    O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2licd.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
    O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\Dfssvc.exe (file missing)
    O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
    O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Fax Service (Fax) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\faxsvc.exe (file missing)
    O23 - Service: IBM WS AdminServer 4.0 - Unknown owner - d:\WebSphere\AppServer\bin\adminservice.exe
    O23 - Service: IBM HTTP Administration (IBMHTTPAdministration) - Unknown owner - d:\IBM HTTP Server\Apache.exe
    O23 - Service: IBM HTTP Server (IBMHTTPServer) - Unknown owner - d:\IBM HTTP Server\Apache.exe
    O23 - Service: Infrared Monitor (Irmon) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: jakartas - Unknown owner - D:\jakarta\conf\jk\jk_nt_service.exe (file missing)
    O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
    O23 - Service: License Logging Service (LicenseService) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\llssrv.exe (file missing)
    O23 - Service: TCP/IP NetBIOS Helper Service (LmHosts) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
    O23 - Service: Network DDE (NetDDE) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\netdde.exe (file missing)
    O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\netdde.exe (file missing)
    O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\ntfrs.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
    O23 - Service: IPSEC Policy Agent (PolicyAgent) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Remote Registry Service (RemoteRegistry) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\regsvc.exe (file missing)
    O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\locator.exe (file missing)
    O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\rsvp.exe (file missing)
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\SCardSvr.exe (file missing)
    O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\SCardSvr.exe (file missing)
    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\MSTask.exe (file missing)
    O23 - Service: RunAs Service (seclogon) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
    O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Trend ServerProtect (SpntSvc) - Trend Micro Inc. - D:\Program Files\Trend\SProtect\SpntSvc.exe
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\spoolsv.exe (file missing)
    O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\smlogsvc.exe (file missing)
    O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\termsrv.exe (file missing)
    O23 - Service: Terminal Services Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\lserver.exe (file missing)
    O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\tlntsvr.exe (file missing)
    O23 - Service: Distributed Link Tracking Server (TrkSvr) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
    O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\ups.exe (file missing)
    O23 - Service: Utility Manager (UtilMan) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\UtilMan.exe (file missing)
    O23 - Service: Warehouse server (vwkernel) - Unknown owner - C:\PROGRA~1\SQLLIB\bin\IWH2SERV.EXE
    O23 - Service: Warehouse logger (vwlogger) - Unknown owner - C:\PROGRA~1\SQLLIB\bin\IWH2LOG.EXE
    O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
    O23 - Service: Windows Management Instrumentation (WinMgmt) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\WBEM\WinMgmt.ex e (file missing)
    O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)
    O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\Services.exe (file missing)
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)

    ---------------------------------------------

  3. 12-03-2005  #2
    spud
    spud is offline D-A-L Team Member (UK)
    welcome to dal the online computer help forum could you first please click on the link called owens help in my downloads then follow his advice then post a fresh hijac this log in the spyware and virus forum


    hope this helps

    if you need further help to do this please get back to me
Closed Thread
« Computer has a new beep | Help Ridding ABOUT:BLANK »