Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Nate

Pages: [1]

Tech Clinic / HijackThis Logfile (SmartSecurity)

« on: April 06, 2005, 12:25:21 AM »

Sorry, must have not refreshed after doing the config.

StartDreck (build 2.1.7 public stable) - 2005-04-05 @ 22:20:14 (GMT -07:00)
Platform: Windows XP (Win NT 5.1.2600 )
Internet Explorer: 6.0.2600.0000
Logged in as Naythin at MAFIA-CQJWXACFS

»Registry
»Run Keys
»Current User
»Run
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
*ntddetect=C:\WINDOWS\System32\ntddetect.exe
*x3yy=C:\WINDOWS\System32\x3yy\anlogefj.exe
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
*nwiz=nwiz.exe /install
*D2TradeHack=C:\WINDOWS\System32\D2TradeHack.exe
*ShowNews=C:\Program Files\EstelleReyna\Updater.exe
*ViewMgr=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe
*ntddetect=C:\WINDOWS\System32\ntddetect.exe
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
*ntddetect=C:\WINDOWS\System32\ntddetect.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*ViewBarBHO.BHO.1/{A7327C09-B521-4EDB-8509-7D2660C9EC98}
`InprocServer32=C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+408=\SystemRoot\System32\smss.exe
+464=\??\C:\WINDOWS\system32\csrss.exe
+496=\??\C:\WINDOWS\system32\winlogon.exe
+540=C:\WINDOWS\system32\services.exe
+552=C:\WINDOWS\system32\lsass.exe
+712=C:\WINDOWS\system32\svchost.exe
+764=C:\WINDOWS\System32\svchost.exe
+844=C:\WINDOWS\System32\svchost.exe
+872=C:\WINDOWS\System32\svchost.exe
+1052=C:\WINDOWS\system32\spoolsv.exe
+1244=C:\WINDOWS\System32\svchost.exe
+1304=C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
+1584=C:\WINDOWS\system32\D2TradeHack.exe
+1780=C:\WINDOWS\Explorer.EXE
+1940=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
+1956=C:\Program Files\iTunes\iTunesHelper.exe
+1964=C:\WINDOWS\System32\ntddetect.exe
+2012=C:\Program Files\interMute\SpySubtract\SpySub.exe
+228=C:\Program Files\iPod\bin\iPodService.exe
+252=C:\WINDOWS\System32\x3yy\anlogefj.exe
+1864=C:\Program Files\Internet Explorer\IEXPLORE.EXE
+1720=C:\StartDreck\StartDreck.exe
»Application specific

Tech Clinic / HijackThis Logfile (SmartSecurity)

« on: April 05, 2005, 11:54:22 PM »

StartDreck Log:

`InprocServer32=C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+408=\SystemRoot\System32\smss.exe
+464=\??\C:\WINDOWS\system32\csrss.exe
+496=\??\C:\WINDOWS\system32\winlogon.exe
+540=C:\WINDOWS\system32\services.exe
+552=C:\WINDOWS\system32\lsass.exe
+712=C:\WINDOWS\system32\svchost.exe
+764=C:\WINDOWS\System32\svchost.exe
+844=C:\WINDOWS\System32\svchost.exe
+872=C:\WINDOWS\System32\svchost.exe
+1052=C:\WINDOWS\system32\spoolsv.exe
+1244=C:\WINDOWS\System32\svchost.exe
+1304=C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
+1584=C:\WINDOWS\system32\D2TradeHack.exe
+1780=C:\WINDOWS\Explorer.EXE
+1940=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
+1956=C:\Program Files\iTunes\iTunesHelper.exe
+1964=C:\WINDOWS\System32\ntddetect.exe
+2012=C:\Program Files\interMute\SpySubtract\SpySub.exe
+228=C:\Program Files\iPod\bin\iPodService.exe
+252=C:\WINDOWS\System32\x3yy\anlogefj.exe
+1520=C:\Program Files\Internet Explorer\IEXPLORE.EXE
+1464=C:\StartDreck\StartDreck.exe
»Application specific

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />"
________________________________________________

1,247 items found: 1,247 files (1 H/S), 0 directories.
Total of file sizes: 262,280,797 bytes 250.13 M

Administrator Account = True

--------------------End log---------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:50:41 PM, on 4/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\D2TradeHack.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ntddetect.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\StartDreck\StartDreck.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.big-search.org/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.big-search.org/clickpps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rockclimbing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.big-search.org/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Naythin\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.big-search.org/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.big-search.org/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.big-search.org/clickpps.php
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D2TradeHack] C:\WINDOWS\System32\D2TradeHack.exe
O4 - HKLM\..\Run: [ShowNews] C:\Program Files\EstelleReyna\Updater.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O20 - Winlogon Notify: D2TradeHack - C:\WINDOWS\SYSTEM32\D2TradeHack.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Tech Clinic / HijackThis Logfile (SmartSecurity)

« on: April 05, 2005, 04:29:14 PM »

Logfile of HijackThis v1.99.1
Scan saved at 2:25:13 PM, on 4/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\D2TradeHack.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ntddetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.big-search.org/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.big-search.org/clickpps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.big-search.org/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.big-search.org/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Naythin\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.big-search.org/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.big-search.org/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.big-search.org/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.big-search.org/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.big-search.org/clickpps.php
O1 - Hosts: auto.search.msn.com 127.0.0.1127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 www.iframeprofit.com
O1 - Hosts: 127.0.0.3 www.loadcash.biz
O1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3 traffic2cash.biz
O1 - Hosts: 127.0.0.3 www.traffic2cash.biz
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 www.iframedollars.biz
O1 - Hosts: 127.0.0.3 iframedollars.biz
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AFF89AB2-2807-4B12-AD4C-5743E6F9E3C6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D2TradeHack] C:\WINDOWS\System32\D2TradeHack.exe
O4 - HKLM\..\Run: [ShowNews] C:\Program Files\EstelleReyna\Updater.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O13 - DefaultPrefix: http://www.big-search.org/best.php?url=
O13 - WWW Prefix: http://www.big-search.org/best.php?url=
O13 - Home Prefix: http://www.big-search.org/best.php?url=
O13 - Mosaic Prefix: http://www.big-search.org/best.php?url=
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/inflaterball/miniclipGameLoader.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O20 - Winlogon Notify: D2TradeHack - C:\WINDOWS\SYSTEM32\D2TradeHack.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - Nate

Tech Clinic / HijackThis Logfile (SmartSecurity)

Tech Clinic / HijackThis Logfile (SmartSecurity)

Tech Clinic / HijackThis Logfile (SmartSecurity)