Free Malware Removal Forum

[social misfit]

am i infected?

Logfile of Trend Micro HijackThis

v2.0.2
Scan saved at 7:56:19 AM, on 5/18/2009
Platform: Windows XP SP3 (WinNT

5.01.2600)
MSIE: Internet Explorer v8.00

(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\LSI

SoftModem\agrsmsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.e

xe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.e

xe
C:\Program

Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\Program Files\Internet

Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://google.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId

=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId

=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId

=54896
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId

=69157
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue

RegistryBooster 2009] E:\program

files\reg

chekr\Uniblue\RegistryBooster\Registry

Booster.exe /S
O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation

Tool) -

http://go.microsoft.com/fwlink/?linkid

=39204
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupd

ate/v6/V5Controls/en/x86/client/wuweb_

site.cab?1241360770109
O23 - Service: Agere Modem Call

Progress Audio (AgereModemAudio) -

Agere Systems - C:\Program Files\LSI

SoftModem\agrsmsvc.exe
O23 - Service: Google Update Service

(gupdate1c9d6f94811c176)

(gupdate1c9d6f94811c176) - Google Inc.

- C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Remote Packet Capture

Protocol v.0 (experimental) (rpcapd) -

CACE Technologies - C:\Program

Files\WinPcap\rpcapd.exe

--
End of file - 3011 bytes

[NonSuch]

Your HijackThis log is unreadable in its present form. In order for us to help you it is necessary that you provide us with a readable HijackThis log.

Please follow the guideline at the link below to start a new topic and post your HijackThis log by pasting it into your post. Make sure Notepad's Format Menu has Word Wrap unchecked. (See instructions in the HijackThis Guideline).

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<