Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Infected?
#1
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:25, on 13/12/2009
Platform: Unknown Windows (WinNT 6.01.3133)
MSIE: Internet Explorer v8.00 (8.00.7229.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
H:\Win 7\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
H:\Program Files\Free Download Manager\fdm.exe
C:\Windows\system32\wuauclt.exe
H:\Program Files\DAEMON Tools Lite\DTLite.exe
H:\Win 7\Program Files\Xfire\Xfire.exe
H:\Win7\OpenOffice\OpenOffice.org 3\program\soffice.exe
H:\Win7\OpenOffice\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Skype\Plugin Manager\skypePM.exe
H:\Win 7\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
H:\Win 7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
H:\Win 7\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Win 7\AppData\Local\Google\Chrome\Application\chrome.exe
H:\Win 7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Win 7\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Win 7\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - H:\Win 7\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - H:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - H:\Win 7\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] H:\WIN7~1\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\SkullTraill\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] "H:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = H:\Win7\OpenOffice\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Xfire.lnk = H:\Win 7\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://H:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://H:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://H:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://H:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D379AAA-1FC7-427B-9BC6-D5B1CB71579E}: NameServer = 123.231.0.167 123.231.0.181
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D379AAA-1FC7-427B-9BC6-D5B1CB71579E}: NameServer = 123.231.0.167 123.231.0.181
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Win 7\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - H:\WIN7~1\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - H:\WIN7~1\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 7404 bytes


Recently I downloaded a crack for a program and scanned with AVG Free, nothing was found, but when I ran it it disappeared, which is pretty suspicious. So am I?
[Image: vhc689.jpg]
do noт мaĸe мe мad. ι wιll ĸιll yoυ.
-rep me if you want to get banned! please!
Anonymous rep is for freakin cowards!
#2
Remove Gopher Prefix.
#3
Er. Anyone else?
[Image: vhc689.jpg]
do noт мaĸe мe мad. ι wιll ĸιll yoυ.
-rep me if you want to get banned! please!
Anonymous rep is for freakin cowards!
#4
www.malwarebytes.org

Download, update and perform a full system scan, and post log please. Smile
FREE PSN CARDS, XBOX LIVE, GAMES + MORE VIEW THREAD Here Yeye
#5
Your log seems to be some days old. If you didn't install anything new on your system you should be fine. Otherwise I believe you have to run a more recent one. There is always a small possibility of major or minor programms/applications getting installed or deleted.
#6
Post an HJT log at HF.You'll get help right away from experienced Malware experts.
#7
#Bloxx: Assholes didn't reply Sad
[Image: vhc689.jpg]
do noт мaĸe мe мad. ι wιll ĸιll yoυ.
-rep me if you want to get banned! please!
Anonymous rep is for freakin cowards!
#8
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D379AAA-1FC7-427B-9BC6-D5B1CB71579E}: NameServer = 123.231.0.167 123.231.0.181

O17 - HKLM\System\CS1\Services\Tcpip\..\{2D379AAA-1FC7-427B-9BC6-D5B1CB71579E}: NameServer = 123.231.0.167 123.231.0.181

Are you familiar with the above IP addresses? If not, I recommend removing them. Other than that, your log looks clean to me (please bear in mind that I am no professional when it comes to malware removal and the likes).
[Image: 3326yvl.jpg]

#9
Yes, I know those ips.
[Image: vhc689.jpg]
do noт мaĸe мe мad. ι wιll ĸιll yoυ.
-rep me if you want to get banned! please!
Anonymous rep is for freakin cowards!


Possibly Related Threads…
Thread Author Replies Views Last Post
  I am Infected Give some good suggestions heartylover 11 4,657 03-12-2015, 03:19 AM
Last Post: TobyCordova
  Infected - Can't Start System Restore srcstcbstrd 2 1,716 08-17-2014, 11:39 PM
Last Post: Autopost
  [Think You're Infected?! LOOK HERE] Infested Cleaner [White Hat Heper] Infested Terran 11 5,145 02-08-2012, 08:39 PM
Last Post: AceInfinity
  Help. Infected with Adware.Toolbar.Dealio Resistance 3 3,693 11-27-2011, 11:47 AM
Last Post: Resistance
  i may be infected can you analyze this otl log please helpplease 6 3,149 11-23-2011, 08:58 PM
Last Post: Brandenx781

Forum Jump:


Users browsing this thread: 1 Guest(s)