Zimons Posted April 27, 2006 Share Posted April 27, 2006 Spent about 6 hours so far trying to get rid of look2me, drsmartload etc. Just checking they are all gone. This log is from safe boot after all apps have finished but couldn't get Windows defender to install for some reason. Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 1, 2006 Administrator Share Posted October 1, 2006 Generated by Tarun's HijackThis Converter v0.50 Beta. Default-color items are optional, red are known to be malicious. Created extra registry value where only one should be R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) Changed *.ini file value forced into registry F2 - REG:system.ini: UserInit=userinit.exe Enumeration of existing IE's toolbars O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll Enumeration of suspicious auto-loading registry entries O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Extra IE context menu items O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm Extra "Tools" menu items and buttons O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe Downloaded Program Files item O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab Domain hijack O17 - HKLM\System\CCS\Services\Tcpip\..\{4F222563-0F71-4B9B-B3DF-CE1C5515CE8E}: NameServer = 212.135.1.36,195.40.1.36 Link to comment Share on other sites More sharing options...
corjello Posted October 1, 2006 Share Posted October 1, 2006 party poker be malicious? or is that some other spyware hiding as party poker? if it is the legit party poker than what are you talking about? )corjello( Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 2, 2006 Administrator Share Posted October 2, 2006 It's a very common malware actually. I've cleaned it off multiple computers at work as well. Link to comment Share on other sites More sharing options...
Recommended Posts