Thread: Looking for help(HJT Logs)
View Single Post
Old 04-15-2006, 07:41 PM   #7 (permalink)
Rakuda
Registered User
 
Join Date: Apr 2006
Posts: 21
OS: XP


Look2ME Destoyer
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/15/2006 5:22:11 PM

Infected! C:\WINDOWS\system32\hr2005fme.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP10\A0000320.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP10\A0000324.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP11\A0000329.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP12\A0000371.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP15\A0000434.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP15\A0000435.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000082.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000085.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000090.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000091.dll
Infected! C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000100.dll
Infected! C:\WINDOWS\system32\aysnt.dll
Infected! C:\WINDOWS\system32\hr2005fme.dll
Infected! C:\WINDOWS\system32\irrql5951.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\hr2005fme.dll
C:\WINDOWS\system32\hr2005fme.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP10\A0000320.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP10\A0000320.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP10\A0000324.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP10\A0000324.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP11\A0000329.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP11\A0000329.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP12\A0000371.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP12\A0000371.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP15\A0000434.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP15\A0000434.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP15\A0000435.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP15\A0000435.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000082.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000082.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000085.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000085.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000090.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000090.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000091.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000091.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000100.dll
C:\System Volume Information\_restore{EC67E1E2-80D9-4E4B-9F0E-4D91A4141998}\RP3\A0000100.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aysnt.dll
C:\WINDOWS\system32\aysnt.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr2005fme.dll
C:\WINDOWS\system32\hr2005fme.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\irrql5951.dll
C:\WINDOWS\system32\irrql5951.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDLLs

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{34C343C4-7BC7-4E93-843D-154D2DB5751B}"
HKCR\Clsid\{34C343C4-7BC7-4E93-843D-154D2DB5751B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{36F3CD06-97CD-4E34-81E8-9B78FFDD5F04}"
HKCR\Clsid\{36F3CD06-97CD-4E34-81E8-9B78FFDD5F04}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DA76C1BA-8803-408B-8A19-9A030976F48C}"
HKCR\Clsid\{DA76C1BA-8803-408B-8A19-9A030976F48C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4A8C1009-F6CE-493D-A8BB-4E4BFA8BB6BE}"
HKCR\Clsid\{4A8C1009-F6CE-493D-A8BB-4E4BFA8BB6BE}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
Rakuda is offline