I have a mass mailing worm/virus :(

Can you look at my hijackthis log to see what’s doing it please?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:17:03 PM, on 19/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:Program Files (x86)DigitalPersonaBinDPAgent.exe
C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe
C:ProgramDataMacrovisionFLEXnet Connect6ISUSPM.exe

C:Program Files (x86)Microsoft OfficeOffice12EXCEL.EXE
C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe
C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
C:Program Files (x86)iTunesiTunesHelper.exe
C:Program Files (x86)LavasoftAd-AwareAAWTray.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:WindowsSysWOW64rundll32.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:Program FilesAVAST SoftwareAvastAvastUI.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:UsersmcutugnoAppDataLocalGoogleChromeAppl icationchrome.exe
C:Program Files (x86)Trend MicroHiJackThisHiJackThis.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:WindowsSysWOW64DllHost.exe

R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInt ernet Settings,ProxyOverride = *.local
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 – BHO: SDHelper – {53707962-6F74-2D53-2644-206D7942484F} – C:Program Files (x86)Spybot – Search & Destroy 2SDHelper.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:Program Files (x86)Microsoft OfficeOffice12GrooveShellExtensions.dll
O2 – BHO: avast! WebRep – {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} – C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
O2 – BHO: Windows Live ID Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 – BHO: Windows Live Messenger Companion Helper – {9FDDE16B-836F-4806-AB1F-1455CBEFF289} – C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O2 – BHO: SkypeIEPluginBHO – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:Program Files (x86)Javajre6binjp2ssv.dll
O3 – Toolbar: avast! WebRep – {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} – C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
O4 – HKLM..Run: [StartCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 – HKLM..Run: [avast] "C:Program FilesAVAST SoftwareAvastavastUI.exe" /nogui
O4 – HKLM..Run: [SDTray] "C:Program Files (x86)Spybot – Search & Destroy 2SDTray.exe"
O4 – HKLM..Run: [HP Quick Launch] C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
O4 – HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"
O4 – HKLM..Run: [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 – HKLM..Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"
O4 – HKLM..Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"
O4 – HKCU..Run: [LightScribe Control Panel] C:Program Files (x86)Common FilesLightScribeLightScribeControlPanel.exe -hidden
O4 – HKCU..Run: [ISUSPM] "C:ProgramDataMacrovisionFLEXnet Connect6ISUSPM.exe" -scheduler
O4 – HKCU..Run: [uTorrent] "C:Program Files (x86)uTorrentuTorrent.exe" /MINIMIZED
O4 – HKCU..Run: [Google Update] "C:UsersmcutugnoAppDataLocalGoogleUpdateGoo gleUpdate.exe" /c
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:PROGRA~2MICROS~3Office12EXCEL.EXE/3000
O9 – Extra button: @C:Program Files (x86)Windows LiveCompanioncompanionlang.dll,-600 – {0000036B-C524-4050-81A0-243669A86B9F} – C:Program Files (x86)Windows LiveCompanioncompanioncore.dll
O9 – Extra button: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 – Extra ‘Tools’ menuitem: @C:Program Files (x86)Windows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:PROGRA~2MICROS~3Office12ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:PROGRA~2MICROS~3Office12ONBttnIE.dll
O9 – Extra button: Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 – Extra ‘Tools’ menuitem: Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:PROGRA~2MICROS~3Office12REFIEBAR.DLL
O10 – Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O10 – Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll
O11 – Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 – Trusted Zone: *.incrediblecharts.com
O15 – Trusted Zone: *.incrediblecharts.com (HKLM)
O15 – Trusted IP range:
O15 – ESC Trusted Zone: *.incrediblecharts.com
O15 – ESC Trusted Zone: *.incrediblecharts.com (HKLM)
O15 – ESC Trusted IP range:
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:Program Files (x86)Microsoft OfficeOffice12GrooveSystemServices.dll
O18 – Protocol: skype-ie-addon-data – {91774881-D725-4E58-B298-07617B9B86A8} – C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll
O18 – Protocol: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} – C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O20 – AppInit_DLLs: C:PROGRA~2GoogleGOOGLE~1GoogleDesktopNetwork3. dll C:PROGRA~2GoogleGOOGLE~1GO36F4~1.DLL
O20 – Winlogon Notify: SDWinLogon – SDWinLogon.dll (file missing)
O23 – Service: Adobe Acrobat Update Service (AdobeARMservice) – Adobe Systems Incorporated – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
O23 – Service: Andrea ST Filters Service (AESTFilters) – Andrea Electronics Corporation – C:Program FilesIDTWDMAESTSr64.exe
O23 – Service: @%SystemRoot%system32Alg.exe,-112 (ALG) – Unknown owner – C:WindowsSystem32alg.exe (file missing)
O23 – Service: AMD External Events Utility – Unknown owner – C:Windowssystem32atiesrxx.exe (file missing)
O23 – Service: Apple Mobile Device – Apple Inc. – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 – Service: avast! Antivirus – AVAST Software – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
O23 – Service: Bonjour Service – Apple Inc. – C:Program FilesBonjourmDNSResponder.exe
O23 – Service: @C:Program FilesDigitalPersonaBinDpHostW.exe,-128 (DpHost) – DigitalPersona, Inc. – C:Program FilesDigitalPersonaBinDpHostW.exe
O23 – Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) – Unknown owner – C:WindowsSystem32lsass.exe (file missing)
O23 – Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) – SEIKO EPSON CORPORATION – C:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXE
O23 – Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) – SEIKO EPSON CORPORATION – C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.EXE
O23 – Service: @%systemroot%system32fxsresm.dll,-118 (Fax) – Unknown owner – C:Windowssystem32fxssvc.exe (file missing)
O23 – Service: GamesAppService – WildTangent, Inc. – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
O23 – Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) – Google – C:Program Files (x86)GoogleGoogle Desktop SearchGoogleDesktop.exe
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 – Service: Google Update Service (gupdatem) (gupdatem) – Google Inc. – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 – Service: HP Support Assistant Service – Hewlett-Packard Company – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe
O23 – Service: HP Wireless Assistant Service – Hewlett-Packard Company – C:Program FilesHewlett-PackardHP Wireless AssistantHPWA_Service.exe
O23 – Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) – Hewlett-Packard Company – C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe
O23 – Service: HP Software Framework Service (hpqwmiex) – Hewlett-Packard Company – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
O23 – Service: HP Service (hpsrv) – Unknown owner – C:Windowssystem32Hpservice.exe (file missing)
O23 – Service: HPWMISVC – Hewlett-Packard Development Company, L.P. – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
O23 – Service: iPod Service – Apple Inc. – C:Program FilesiPodbiniPodService.exe
O23 – Service: @keyiso.dll,-100 (KeyIso) – Unknown owner – C:Windowssystem32lsass.exe (file missing)
O23 – Service: Lavasoft Ad-Aware Service – Lavasoft Limited – C:Program Files (x86)LavasoftAd-AwareAAWService.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
O23 – Service: Intel(R) Management and Security Application Local Management Service (LMS) – Intel Corporation – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
O23 – Service: @comres.dll,-2797 (MSDTC) – Unknown owner – C:WindowsSystem32msdtc.exe (file missing)
O23 – Service: NBService – Nero AG – C:Program Files (x86)NeroNero 7Nero BackItUpNBService.exe
O23 – Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) – Unknown owner – C:Windowssystem32lsass.exe (file missing)
O23 – Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) – Unknown owner – C:Windowssystem32lsass.exe (file missing)
O23 – Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) – Unknown owner – C:Windowssystem32locator.exe (file missing)
O23 – Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) – Unknown owner – C:Windowssystem32lsass.exe (file missing)
O23 – Service: Spybot-S&D 2 Hooks Service (SDHookService) – Safer-Networking Ltd. – C:Program Files (x86)Spybot – Search & Destroy 2SDHookSvc.exe
O23 – Service: Spybot-S&D 2 Scanner Service (SDScannerService) – Safer-Networking Ltd. – C:Program Files (x86)Spybot – Search & Destroy 2SDFSSvc.exe
O23 – Service: Spybot-S&D 2 Updating Service (SDUpdateService) – Safer-Networking Ltd. – C:Program Files (x86)Spybot – Search & Destroy 2SDUpdSvc.exe
O23 – Service: Spybot-S&D 2 Security Center Service (SDWSCService) – Safer-Networking Ltd. – C:Program Files (x86)Spybot – Search & Destroy 2SDWSCSvc.exe
O23 – Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) – Unknown owner – C:WindowsSystem32snmptrap.exe (file missing)
O23 – Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) – Unknown owner – C:WindowsSystem32spoolsv.exe (file missing)
O23 – Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) – Unknown owner – C:Windowssystem32sppsvc.exe (file missing)
O23 – Service: @%SystemRoot%system32stlang64.dll,-10101 (STacSV) – IDT, Inc. – C:Program FilesIDTWDMSTacSV64.exe
O23 – Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) – Unknown owner – C:Windowssystem32UI0Detect.exe (file missing)
O23 – Service: Intel(R) Management & Security Application User Notification Service (UNS) – Intel Corporation – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
O23 – Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) – Unknown owner – C:Windowssystem32lsass.exe (file missing)
O23 – Service: Validity VCS Fingerprint Service (vcsFPService) – Validity Sensors, Inc. – C:Windowssystem32vcsFPService.exe
O23 – Service: @%SystemRoot%system32vds.exe,-100 (vds) – Unknown owner – C:WindowsSystem32vds.exe (file missing)
O23 – Service: @%systemroot%system32vssvc.exe,-102 (VSS) – Unknown owner – C:Windowssystem32vssvc.exe (file missing)
O23 – Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) – Unknown owner – C:Windowssystem32WatWatAdminSvc.exe (file missing)
O23 – Service: @%systemroot%system32wbengine.exe,-104 (wbengine) – Unknown owner – C:Windowssystem32wbengine.exe (file missing)
O23 – Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) – Unknown owner – C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 – Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) – Unknown owner – C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)


End of file – 14603 bytes

Leave a Reply

Your email address will not be published. Required fields are marked *