Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

am i infected ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

am i infected ?

Unread postby social misfit » May 18th, 2009, 11:02 am

am i infected?

Logfile of Trend Micro HijackThis

v2.0.2
Scan saved at 7:56:19 AM, on 5/18/2009
Platform: Windows XP SP3 (WinNT

5.01.2600)
MSIE: Internet Explorer v8.00

(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\LSI

SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.e

xe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.e

xe
C:\Program

Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://google.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId

=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId

=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId

=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId

=69157
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue

RegistryBooster 2009] E:\program

files\reg

chekr\Uniblue\RegistryBooster\Registry

Booster.exe /S
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation

Tool) -

http://go.microsoft.com/fwlink/?linkid

=39204
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupd

ate/v6/V5Controls/en/x86/client/wuweb_

site.cab?1241360770109
O23 - Service: Agere Modem Call

Progress Audio (AgereModemAudio) -

Agere Systems - C:\Program Files\LSI

SoftModem\agrsmsvc.exe
O23 - Service: Google Update Service

(gupdate1c9d6f94811c176)

(gupdate1c9d6f94811c176) - Google Inc.

- C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Remote Packet Capture

Protocol v.0 (experimental) (rpcapd) -

CACE Technologies - C:\Program

Files\WinPcap\rpcapd.exe

--
End of file - 3011 bytes
social misfit
Regular Member
 
Posts: 59
Joined: October 8th, 2006, 5:37 am
Advertisement
Register to Remove

Re: am i infected ?

Unread postby NonSuch » May 19th, 2009, 5:16 pm

Your HijackThis log is unreadable in its present form. In order for us to help you it is necessary that you provide us with a readable HijackThis log.

Please follow the guideline at the link below to start a new topic and post your HijackThis log by pasting it into your post. Make sure Notepad's Format Menu has Word Wrap unchecked. (See instructions in the HijackThis Guideline).

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware