Hijacked By Looking-for.cc Need Help

vijaysaraf · #1 (**permalink**) 13-03-2005, 06:34 AM

hello all,

i have been affected by Looking-for.cc. and i am not in condition to format my pc.Last time i have posted a mail but Probably that forum was not OK for Spy .

i am attaching HijackThis.log file
Please help me this very urgent

Thanks in advance.

---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:40:19 PM, on 3/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Documents and Settings\db2admin\WINDOWS\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Trend\SProtect\SpntSvc.exe
D:\Program Files\Trend\SProtect\StWatchDog.exe
D:\Program Files\Trend\SProtect\StOPP.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\cisvc.exe
C:\Program Files\SQLLIB\bin\db2jds.exe
C:\Program Files\SQLLIB\bin\db2licd.exe
C:\Program Files\SQLLIB\bin\db2sec.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\SQLLIB\bin\IWH2SERV.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\Explorer.EXE
D:\Program Files\Common files\updater\wupdater.exe
D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\nhldaemn.EXE
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\Program Files\RegCleaner\RegCleanr.exe
C:\WINNT\regedit.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\db2admin\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\vnffl.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.8.53.31:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*;*.ril.com;<local>
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2818FA5A-CD2C-CC25-2A59-7083BAD410B4} - C:\Documents and Settings\db2admin\WINDOWS\addws.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [updater] D:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [WinVNC] "D:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\db2admin\windows\system32\rnr20.dll' missing
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...98a73bd5be0348
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.8.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/...tdmgainads.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/604417.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dakc.ril.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D522E9E-F359-4931-8025-F9DC17F22C30}: NameServer = 10.11.58.2,10.11.58.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EEB4672-580D-4EFB-958D-E95D3D42F1F9}: NameServer = 10.11.58.8,10.11.58.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{95AEB909-736C-44C1-A7B0-60CD13C5DC89}: Domain = exchangenext.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{95AEB909-736C-44C1-A7B0-60CD13C5DC89}: NameServer = 10.8.53.239,10.8.53.241
O17 - HKLM\System\CCS\Services\Tcpip\..\{E923BE22-DD3C-43FF-B011-F4623742D901}: Domain = exchangenext.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E923BE22-DD3C-43FF-B011-F4623742D901}: NameServer = 10.11.58.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dakc.ril.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dakc.ril.com
O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Computer Browser (Browser) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\clipsrv.exe (file missing)
O23 - Service: DB2 - DB2 (DB2) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
O23 - Service: DB2 - DB2CTLSV (DB2CTLSV) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2 - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: Distributed File System (Dfs) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
O23 - Service: Fax Service (Fax) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\faxsvc.exe (file missing)
O23 - Service: IBM WS AdminServer 4.0 - Unknown owner - d:\WebSphere\AppServer\bin\adminservice.exe
O23 - Service: IBM HTTP Administration (IBMHTTPAdministration) - Unknown owner - d:\IBM HTTP Server\Apache.exe
O23 - Service: IBM HTTP Server (IBMHTTPServer) - Unknown owner - d:\IBM HTTP Server\Apache.exe
O23 - Service: Infrared Monitor (Irmon) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: jakartas - Unknown owner - D:\jakarta\conf\jk\jk_nt_service.exe (file missing)
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
O23 - Service: License Logging Service (LicenseService) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\llssrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper Service (LmHosts) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
O23 - Service: Network DDE (NetDDE) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\netdde.exe (file missing)
O23 - Service: Network Connections (Netman) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: File Replication (NtFrs) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Policy Agent (PolicyAgent) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager (RasMan) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Remote Registry Service (RemoteRegistry) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\regsvc.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\locator.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\rsvp.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card Helper (SCardDrv) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\MSTask.exe (file missing)
O23 - Service: RunAs Service (seclogon) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
O23 - Service: System Event Notification (SENS) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Internet Connection Sharing (SharedAccess) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Trend ServerProtect (SpntSvc) - Trend Micro Inc. - D:\Program Files\Trend\SProtect\SpntSvc.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony (TapiSrv) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services (TermService) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\termsrv.exe (file missing)
O23 - Service: Terminal Services Licensing (TermServLicensing) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\lserver.exe (file missing)
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\tlntsvr.exe (file missing)
O23 - Service: Distributed Link Tracking Server (TrkSvr) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\services.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Utility Manager (UtilMan) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\UtilMan.exe (file missing)
O23 - Service: Warehouse server (vwkernel) - Unknown owner - C:\PROGRA~1\SQLLIB\bin\IWH2SERV.EXE
O23 - Service: Warehouse logger (vwlogger) - Unknown owner - C:\PROGRA~1\SQLLIB\bin\IWH2LOG.EXE
O23 - Service: Windows Time (W32Time) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\services.exe (file missing)
O23 - Service: Windows Management Instrumentation (WinMgmt) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\WBEM\WinMgmt.ex e (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\Services.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Wireless Configuration (WZCSVC) - Unknown owner - C:\Documents and Settings\db2admin\WINDOWS\System32\svchost.exe (file missing)

--------------------------------

owen · #2 (**permalink**) 20-03-2005, 12:10 AM

Hiya,
Sorry about the response time. If you still require help could you post a fresh log because the infection may have morphed.