Posted April 27, 200619 yr Spent about 6 hours so far trying to get rid of look2me, drsmartload etc. Just checking they are all gone. This log is from safe boot after all apps have finished but couldn't get Windows defender to install for some reason.
October 1, 200618 yr Administrator Generated by Tarun's HijackThis Converter v0.50 Beta. Default-color items are optional, red are known to be malicious. Created extra registry value where only one should be R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) Changed *.ini file value forced into registry F2 - REG:system.ini: UserInit=userinit.exe Enumeration of existing IE's toolbars O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll Enumeration of suspicious auto-loading registry entries O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Extra IE context menu items O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm Extra "Tools" menu items and buttons O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe Downloaded Program Files item O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab Domain hijack O17 - HKLM\System\CCS\Services\Tcpip\..\{4F222563-0F71-4B9B-B3DF-CE1C5515CE8E}: NameServer = 212.135.1.36,195.40.1.36
October 1, 200618 yr party poker be malicious? or is that some other spyware hiding as party poker? if it is the legit party poker than what are you talking about? )corjello(
October 2, 200618 yr Administrator It's a very common malware actually. I've cleaned it off multiple computers at work as well.