Jump to content

Am I infected?


Recommended Posts

I was visiting a few Drive-by-Download sites to test a HIPS based antimalware (DriveSentry). It didn't detect anything. So I am worried because I don't know if I am infected or not. I have a HijackThis log if it helps:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:43:49 PM, on 8/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\DriveSentry\DriveSentryService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

C:\Program Files\Common Files\AOL\1201396782\ee\AOLSoftware.exe

C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe

C:\Program Files\DriveSentry\DriveSentry.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft Office77\Office\OSA.EXE

C:\Program Files\AOL 9.0a\waol.exe

C:\Program Files\AOL 9.0a\shellmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab

O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab

O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://12.163.161.139/cab/OCXChecker_8000.cab

O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.toontown.com/sv1.0.18.39/ttinst.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe

O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://12.163.161.139/cab/DownloadFile_8000.cab

O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: DriveSentryService - Unknown owner - C:\Program Files\DriveSentry\DriveSentryService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SuperProServer - Unknown owner - C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.2\Server\WinNT\spnsrvnt.exe

--

End of file - 8665 bytes

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.