Thread: Look2me, Yourtruths, newsalone
View Single Post
Old 10-21-2006, 08:17 AM   #3 (permalink)
LM79
Bronze Member
 
Join Date: Oct 2006
Posts: 25
Default
Here goes... sorry for delay.

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 7:38:35 p.m., on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Compaq\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LCIDConfig] C:\WINDOWS\lcidchng.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by22fd.bay22.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1150717858126
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1150717836665
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://daywalker79.multiply.com/photos/uploader.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://photo.digitalmax.co.nz/en/ulcontrolxp.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} - http://wwemail.support.hp.com/fd2/objects/SysQuery.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\q2680cjuefo80.dll (file missing)
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\r4r60e9seh.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\ogfox32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe (file missing)
------------------------
RAPPORT:

SmitFraudFix v2.109

Scan done at 19:31:59.65, Sat 21/10/2006
Run from C:\Documents and Settings\Compaq\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\icont.exe Deleted
C:\WINDOWS\keyboard1.dat Deleted
C:\WINDOWS\Web\desktop.html Deleted
C:\Documents and Settings\Compaq\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------
LOOK2MEdestroyer


Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 21/10/2006 7:59:39 p.m.

Infected! C:\WINDOWS\system32\ir6ml5j11.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP193\A0030717.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP194\A0031409.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP194\A0031446.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP195\A0031504.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP195\A0032495.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP196\A0035522.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035580.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035581.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035582.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035583.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035584.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035587.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0036537.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0036545.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP201\A0038619.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP203\A0039626.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP206\A0039654.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP206\A0039655.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP208\A0040654.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP209\A0040678.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP209\A0041678.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP210\A0041787.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP210\A0041798.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP210\A0042788.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP211\A0042843.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP211\A0042855.dll
Infected! C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP211\A0043322.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\ir6ml5j11.dll
C:\WINDOWS\system32\ir6ml5j11.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP193\A0030717.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP193\A0030717.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP194\A0031409.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP194\A0031409.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP194\A0031446.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP194\A0031446.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP195\A0031504.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP195\A0031504.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP195\A0032495.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP195\A0032495.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP196\A0035522.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP196\A0035522.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035580.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035580.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035581.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035581.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035582.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035582.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035583.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035583.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035584.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035584.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035587.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0035587.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0036537.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0036537.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0036545.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP197\A0036545.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP201\A0038619.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP201\A0038619.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP203\A0039626.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP203\A0039626.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP206\A0039654.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP206\A0039654.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP206\A0039655.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP206\A0039655.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP208\A0040654.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP208\A0040654.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP209\A0040678.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP209\A0040678.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP209\A0041678.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP209\A0041678.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP210\A0041787.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP210\A0041787.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP210\A0041798.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP210\A0041798.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP210\A0042788.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP210\A0042788.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP211\A0042843.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP211\A0042843.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP211\A0042855.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP211\A0042855.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP211\A0043322.dll
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP211\A0043322.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{BF326C1A-7D7E-42F5-9DAD-F40704578BDA}"
HKCR\Clsid\{BF326C1A-7D7E-42F5-9DAD-F40704578BDA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{1F8E32CC-D021-4FE0-8F6F-812D7CACCB07}"
HKCR\Clsid\{1F8E32CC-D021-4FE0-8F6F-812D7CACCB07}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{1288A63F-C4FC-4D9D-8993-F693388CF4D5}"
HKCR\Clsid\{1288A63F-C4FC-4D9D-8993-F693388CF4D5}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{C1E8ADA1-BCA3-46BD-BE55-60088BEA22D7}"
HKCR\Clsid\{C1E8ADA1-BCA3-46BD-BE55-60088BEA22D7}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved "{C9D35A4A-80E6-4B0E-9D4E-7DCA4077C3BB}"
HKCR\Clsid\{C9D35A4A-80E6-4B0E-9D4E-7DCA4077C3BB}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
----------

thanks - await your reply please.

LM79
LM79 is offline   Reply With Quote