Please help- Worm in the system

**exploreint** · 2007-11-20, 17:09

Deckard's System Scanner v20071014.68
Run by Q12 Alex on 2007-11-20 10:06:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Q12 Alex.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:10 AM, on 11/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\IDriveE\IDriveE Service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IDriveE\IDriveETray.exe
C:\Program Files\IDriveE\IDriveEBackground.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Q12 Alex\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Q12ALE~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explore-int.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: CommuniKate Toolbar - {2AD46959-7EE4-47C3-B976-C0912755DE1F} - C:\Program Files\ucietb\ucietb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FaxMonitor] C:\Program Files\IPFax\FaxMonitor.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [American Airlines DealFinder] "C:\Program Files\American Airlines DealFinder\American_Airlines_DealFinder.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.3.0.39\PlaxoHelper_en_us.exe -a
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDriveE\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Spell Check Options... - res://C:\Program Files\ucietb\Speller.dll/RUNOPTIONS.HTM
O8 - Extra context menu item: Spell Check this page... - res://C:\Program Files\ucietb\Speller.dll/RUNSPELLER.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra 'Tools' menuitem: CommuniKate Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\ucietb\ucietb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...02/Coupons.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-c0bc9c0449e30208.skydriv...RichUpload.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\aagrtasv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDriveE\IDriveE Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11115 bytes

-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 09:55:00 0 d-------- C:\!KillBox
2007-11-15 09:56:10 0 d-------- C:\Program Files\Trend Micro
2007-11-15 09:39:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-15 09:39:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-14 11:24:35 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-14 11:24:35 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-14 11:24:35 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-14 11:24:34 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-14 11:24:34 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-14 11:24:31 0 d-------- C:\Program Files\Trojan Remover
2007-11-14 11:24:31 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Simply Super Software
2007-11-14 11:24:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-13 09:49:00 0 d-------- C:\85cbd9eeac5a5e9f990e3392b9c9
2007-11-13 09:48:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 09:27:58 0 d-------- C:\WinPE
2007-11-13 09:22:57 0 d-------- C:\Program Files\Windows Imaging
2007-11-13 09:16:10 0 d-------- C:\Program Files\Windows AIK
2007-11-13 09:12:11 0 d-------- C:\Program Files\MSXML 6.0
2007-11-12 15:03:53 144480 --a------ C:\WINDOWS\system32\hlqqcshi.dll
2007-11-12 14:57:52 81472 --a------ C:\WINDOWS\system32\wyejgweb.dll
2007-11-12 10:52:01 0 d-------- C:\Program Files\Lavasoft
2007-11-12 10:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-12 10:51:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-02 23:15:00 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-02 23:09:55 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 22:28:51 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-01 13:01:22 0 d-------- C:\WINDOWS\pss
2007-10-27 14:26:26 66 --a------ C:\WINDOWS\system32\RegisterIDriveEDll.bat
2007-10-27 14:26:26 733184 --a------ C:\WINDOWS\system32\IDriveEService.dll <Not Verified; Pro Soft Net Corporation; IDrive-E>
2007-10-27 14:26:25 55808 --a------ C:\WINDOWS\system32\zlib1.dll <Not Verified; ; zlib>
2007-10-27 14:26:25 135168 --a------ C:\WINDOWS\system32\LogMail.dll <Not Verified; Pro-Softnet Corporation; IBackup For Windows>

-- Find3M Report ---------------------------------------------------------------

2007-11-20 09:59:55 0 d-------- C:\Program Files\IDriveE
2007-11-20 09:59:22 0 d-------- C:\Program Files\Plaxo
2007-11-19 11:50:07 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\American Airlines DealFinder
2007-11-12 10:51:09 0 d-------- C:\Program Files\Common Files
2007-11-10 13:16:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-27 22:07:15 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Vso
2007-10-27 22:07:15 33 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.log
2007-10-27 22:07:12 7887 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.cat
2007-10-27 22:07:11 47360 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-10-27 22:07:11 1144 --a------ C:\Documents and Settings\Q12 Alex\Application Data\pcouffin.inf
2007-10-27 22:05:27 0 d-------- C:\Program Files\Picasa2
2007-10-27 13:29:32 0 d-------- C:\Program Files\Java
2007-10-22 11:37:17 256 --a------ C:\WINDOWS\system32\pool.bin
2007-10-19 13:51:51 0 d-------- C:\Program Files\Common Files\Research In Motion
2007-10-14 11:08:56 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Roxio
2007-10-13 20:34:39 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-10-13 20:33:21 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-10-13 20:33:01 0 d-------- C:\Program Files\Roxio
2007-10-13 20:32:27 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-13 20:28:30 0 d-------- C:\Program Files\Research In Motion
2007-10-13 16:06:34 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Teleca
2007-10-13 16:06:29 0 d-------- C:\Program Files\Sony Ericsson
2007-10-13 16:06:11 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-10-08 21:33:53 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Blackberry Desktop
2007-10-08 21:28:57 0 d-------- C:\Documents and Settings\Q12 Alex\Application Data\Research In Motion
2007-09-30 13:58:34 0 d-------- C:\Program Files\iTunes
2007-09-30 13:57:58 0 d-------- C:\Program Files\iPod
2007-09-26 19:29:00 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-09-26 19:28:55 0 d-------- C:\Program Files\Coupons

Thread: Please help- Worm in the system

Thread Tools

Display

Threaded View

Posting Permissions