Please help...looks and smells like Malware, but is it?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bighman, Aug 26, 2009.

Thread Status:
Not open for further replies.
  1. bighman

    bighman Private E-2

    here you go:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:54:24, on 8/26/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\csrss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir Desktop\sched.exe
    D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Java\jre6\bin\jqs.exe
    D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    D:\WINDOWS\system32\hkcmd.exe
    D:\WINDOWS\system32\igfxpers.exe
    D:\WINDOWS\system32\WDBtnMgr.exe
    D:\WINDOWS\RTHDCPL.EXE
    D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    D:\Program Files\Java\jre6\bin\jusched.exe
    D:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    D:\DOCUME~1\harry\LOCALS~1\Temp\RtkBtMnt.exe
    D:\WINDOWS\System32\alg.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Spyware Doctor\pctsAuxs.exe
    D:\Program Files\Spyware Doctor\pctsSvc.exe
    D:\Program Files\Spyware Doctor\pctsTray.exe
    D:\Documents and Settings\harry\Desktop\This.exe
    D:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?ui=1
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "D:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [ISUSPM] "D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SNM] D:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [MS Desktop] D:\WINDOWS\system32\msdesk.exe
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] D:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] D:\Documents and Settings\harry\Application Data\Microsoft\Windows\lsass.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
    O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} (Java Plug-in 1.4.2_15) -
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{66A5B27F-5CAD-4B1B-BECE-F550FD5CE025}: NameServer = 85.255.112.26,85.255.112.73
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.26,85.255.112.73
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.26,85.255.112.73
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.26,85.255.112.73
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 6738 bytes

    If anyone can help thanks
     
    bighman, Aug 26, 2009
    #1
  2. bighman

    bighman Private E-2

    Hi there please close this thread
     
    bighman, Aug 28, 2009
    #2
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds