Caught an Audio ad virus (Help!)

Hewlett-packard G71t with intel- r penti...
April 19, 2010 at 20:50:14
Specs: Windows 7
So i have a 3 month old laptop that recently
caught a virus after the crappy Norton trial
expired
here is the log of Hijack
Logfile of HijackThis v1.99.1
Scan saved at 10:18:20 PM, on 4/19/2010
Platform: Unknown Windows (WinNT
6.01.3504)
MSIE: Internet Explorer v8.00
(8.00.7600.16385)

Running processes:
C:\Program Files (x86)\Lexmark 2500
Series\lxddmon.exe
C:\Program Files (x86)\Lexmark 2500
Series\lxddamon.exe
C:\Program Files (x86)\Common
Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files
(x86)\Yahoo!\Messenger\YahooMessenger.ex
e
C:\Program Files
(x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP
Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software
Update\hpwuschd2.exe
C:\Program Files
(x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil
Software\Avast5\AvastUI.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\Internet
Explorer\iexplore.exe
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet
Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-
Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\HP\Digital
Imaging\Smart Web
Printing\hpswp_clipbook.exe
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
C:\Users\Antonio\Documents\Downloads\Hijac
kThis.exe
C:\Program Files (x86)\Trend
Micro\HijackThis\HijackThis.exe
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
C:\Users\Antonio\Incomplete\HijackThis.exe
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_US&c=94&bd
=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_US&c=94&bd
=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=en_US&c=94&bd
=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Local Page =
C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-
9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-
8762-4905-BF09-768834316C61} - C:\Program
Files (x86)\HP\Digital Imaging\Smart Web
Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-
E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files (x86)\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShi
m.dll
O2 - BHO: PriceGong - {4D3F3F3A-0E4B-
4085-9032-7D072072319A} - C:\Program Files
(x86)\PriceGong\2.0.0\PriceLoadIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-
49b4-9D64-90988571CECB} - (no file)
O2 - BHO: gooochi browser enhancer -
{73A48612-16D2-EBA4-9F50-8698BDBB23C4}
- C:\Windows\SysWow64\qhyqudxkrxi.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6}
- C:\Program Files (x86)\Common
Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-
B268-407B-A150-2641DAB8D898} -
C:\Program Files (x86)\Common
Files\Homepage
Protection\HomepageProtection.dll
O2 - BHO: Microsoft Live Search Toolbar
Helper - {d2ce3e00-f94a-4740-988e-
03dc2f38c34f} - c:\Program Files
(x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Program Files
(x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class -
{FFFFFFFF-CF4E-4F2B-BDC2-
0E72E116A856} - C:\Program Files
(x86)\HP\Digital Imaging\Smart Web
Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar -
{1E61ED7C-7CB8-49d6-B9E9-
AB4C880C8414} - c:\Program Files
(x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O4 - HKLM\..\Run: [QPService] "C:\Program
Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program
Files (x86)\Hewlett-Packard\HP Quick Launch
Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run:
[NortonOnlineBackupReminder] "C:\Program
Files (x86)\Symantec\Norton Online
Backup\Activation\NobuActivation.exe"
UNATTENDED
O4 - HKLM\..\Run: [UpdatePRCShortCut]
"C:\Program Files (x86)\Hewlett-
Packard\Recovery\MUITransfer\MUIStartMenu.
exe" "C:\Program Files (x86)\Hewlett-
Packard\Recovery" UpdateWithCreateOnce
"Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files
(x86)\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update]
C:\Program Files (x86)\Hp\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant]
C:\Program Files (x86)\Hewlett-Packard\HP
Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files
(x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Clearwire Connection
Manager] "C:\Program Files
(x86)\Clearwire\Connection
Manager\ClearwireCM.exe" -a
O4 - HKLM\..\Run: [avast5] "C:\Program
Files\Alwil Software\Avast5\avastUI.exe"
/nogui
O4 - HKLM\..\Run: [cqeomttamb]
C:\Windows\System32\regsvr32.exe /s
"C:\Windows\system32\qhyqudxkrxi.dll"
O4 - HKCU\..\Run: [LightScribe Control Panel]
C:\Program Files (x86)\Common
Files\LightScribe\LightScribeControlPanel.exe
-hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program
Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ares] "C:\Program Files
(x86)\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Messenger (Yahoo!)]
"C:\PROGRA~2\Yahoo!\Messenger\YahooMe
ssenger.exe" -quiet
O4 - HKCU\..\Run: [Pando Media Booster]
C:\Program Files (x86)\Pando Networks\Media
Booster\PMB.exe
O4 - HKCU\..\Run: [winlogin.exe]
C:\Users\Antonio\AppData\Roaming\Microsoft\
winlogin.exe
O4 - HKCU\..\Run:
[RESTART_STICKY_NOTES]
C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~2\MICROS~4\Office12\EXC
EL.EXE/3000
O9 - Extra button: Blog This - {219C3416-
8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files (x86)\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in
Windows Live Writer - {219C3416-8CB2-491a-
A3C7-D9FCDDC9D600} - C:\Program Files
(x86)\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~2\MICROS~4\Office12\ONBttnIE
.dll
O9 - Extra 'Tools' menuitem: S&end to
OneNote - {2670000A-7350-4f3c-8081-
5663EE0C6C49} -
C:\PROGRA~2\MICROS~4\Office12\ONBttnIE
.dll
O9 - Extra button: Research - {92780B25-
18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~2\MICROS~4\Office12\REFIEBA
R.DLL
O9 - Extra button: Show or hide HP Smart
Web Printing - {DDE87865-83C5-48c4-8357-
2F5B1AA84522} - C:\Program Files
(x86)\HP\Digital Imaging\Smart Web
Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP:
c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL]
International
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-
AC9BF37916A7} -
http://platformdl.adobe.com/NOS/get...
1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-
4009-854F-8E305202313F} -
C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSG
RAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-
11D2-BBCA-00C04F8EC294} - C:\Program
Files (x86)\Common Files\Microsoft
Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-
4009-854F-8E305202313F} -
C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSG
RAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-
4856-9F99-10D7BE1653C0} - C:\Program
Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-
11D5-A672-00B0D022E945} -
C:\PROGRA~2\COMMON~1\MICROS~1\OFFI
CE12\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service
(AESTFilters) - Andrea Electronics Corporation
-
C:\Windows\System32\DriverStore\FileReposit
ory\stwrt64.inf_amd64_neutral_ccf0dd3cb081af
84\AESTSr64.exe
O23 - Service: Agere Modem Call Progress
Audio (AgereModemAudio) - LSI Corporation -
C:\Program Files\LSI
SoftModem\agr64svc.exe
O23 - Service:
@%SystemRoot%\system32\Alg.exe,-112
(ALG) - Unknown owner -
C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL
Software - C:\Program Files\Alwil
Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL
Software - C:\Program Files\Alwil
Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL
Software - C:\Program Files\Alwil
Software\Avast5\AvastSvc.exe
O23 - Service: Clearwire Con App Svc
(CACLEARWIRE) - Unknown owner -
C:\Program Files (x86)\Clearwire\Connection
Manager\ConAppsSvc.exe" /n
"CACLEARWIRE (file missing)
O23 - Service: Clearwire RcAppSvc
(CLEARWIRERcAppSvc) - Unknown owner -
C:\Program Files (x86)\Clearwire\Connection
Manager\RcAppSvc.exe" /n
"CLEARWIRERcAppSvc (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard
Development Company, L.P. - C:\Program
Files (x86)\Hewlett-Packard\HP Quick Launch
Buttons\Com4QLBEx.exe
O23 - Service:
@%SystemRoot%\system32\efssvc.dll,-100
(EFS) - Unknown owner -
C:\Windows\System32\lsass.exe (file missing)
O23 - Service:
@%systemroot%\system32\fxsresm.dll,-118
(Fax) - Unknown owner -
C:\Windows\system32\fxssvc.exe (file
missing)
O23 - Service: GameConsoleService -
WildTangent, Inc. - C:\Program Files (x86)\HP
Games\HP Game
Console\GameConsoleService.exe
O23 - Service: Google Update Service
(gupdate) (gupdate) - Unknown owner -
C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe" /svc
(file missing)
O23 - Service: HP Health Check Service -
Hewlett-Packard - C:\Program Files
(x86)\Hewlett-Packard\HP Health
Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard
Development Company, L.P. - C:\Program
Files (x86)\Hewlett-
Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) -
Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc
Labeling Service (LightScribeService) -
Hewlett-Packard Company - C:\Program Files
(x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxddCATSCustConnectService -
Lexmark International, Inc. -
C:\Windows\system32\spool\DRIVERS\x64\3\
\lxddserv.exe
O23 - Service: lxdd_device - -
C:\Windows\system32\lxddcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) -
Unknown owner -
C:\Windows\System32\msdtc.exe (file
missing)
O23 - Service:
@%SystemRoot%\System32\netlogon.dll,-
102 (Netlogon) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service:
@%systemroot%\system32\psbase.dll,-300
(ProtectedStorage) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service:
@%SystemRoot%\system32\qwave.dll,-1
(QWAVE) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo
Service(CRVS) (RichVideo) - Unknown owner -
C:\Program Files (x86)\CyberLink\Shared
files\RichVideo.exe
O23 - Service:
@%systemroot%\system32\Locator.exe,-2
(RpcLocator) - Unknown owner -
C:\Windows\system32\locator.exe (file
missing)
O23 - Service:
@%SystemRoot%\system32\samsrv.dll,-1
(SamSs) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service:
@%SystemRoot%\system32\seclogon.dll,-
7001 (seclogon) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: Clearwire Device Launch
Service (SMSI Device Launch Service) -
Unknown owner - C:\Program Files
(x86)\Clearwire\Connection
Manager\DeviceLaunchSvc.exe" /n "SMSI
Device Launch Service (file missing)
O23 - Service:
@%SystemRoot%\system32\snmptrap.exe,-3
(SNMPTRAP) - Unknown owner -
C:\Windows\System32\snmptrap.exe (file
missing)
O23 - Service:
@%systemroot%\system32\spoolsv.exe,-1
(Spooler) - Unknown owner -
C:\Windows\System32\spoolsv.exe (file
missing)
O23 - Service:
@%SystemRoot%\system32\sppsvc.exe,-101
(sppsvc) - Unknown owner -
C:\Windows\system32\sppsvc.exe (file
missing)
O23 - Service: Audio Service (STacSV) - IDT,
Inc. -
C:\Windows\System32\DriverStore\FileReposit
ory\stwrt64.inf_amd64_neutral_ccf0dd3cb081af
84\STacSV64.exe
O23 - Service:
@%SystemRoot%\system32\ui0detect.exe,-
101 (UI0Detect) - Unknown owner -
C:\Windows\system32\UI0Detect.exe (file
missing)
O23 - Service:
@%SystemRoot%\system32\vaultsvc.dll,-
1003 (VaultSvc) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
O23 - Service:
@%SystemRoot%\system32\vds.exe,-100
(vds) - Unknown owner -
C:\Windows\System32\vds.exe (file missing)
O23 - Service:
@%systemroot%\system32\vssvc.exe,-102
(VSS) - Unknown owner -
C:\Windows\system32\vssvc.exe (file missing)
O23 - Service:
@%SystemRoot%\system32\Wat\WatUX.exe
,-601 (WatAdminSvc) - Unknown owner -
C:\Windows\system32\Wat\WatAdminSvc.exe

(file missing)
O23 - Service:
@%systemroot%\system32\wbengine.exe,-
104 (wbengine) - Unknown owner -
C:\Windows\system32\wbengine.exe (file
missing)
O23 - Service:
@%Systemroot%\system32\wbem\wmiapsrv.
exe,-110 (wmiApSrv) - Unknown owner -
C:\Windows\system32\wbem\WmiApSrv.exe
(file missing)
O23 - Service:
@%PROGRAMFILES%\Windows Media
Player\wmpnetwk.exe,-101 (WMPNetworkSvc)
- Unknown owner -
%PROGRAMFILES%\Windows Media
Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater
(YahooAUService) - Yahoo! Inc. - C:\Program
Files
(x86)\Yahoo!\SoftwareUpdate\YahooAUService
.exe


See More: Caught an Audio ad virus (Help!)

Report •


#1
Report •

#2
April 20, 2010 at 02:00:23
... plonk it in here

... "antonio16" you must request that someone look @ it!

... forum rules!

.

... Posting is provided "AS IS" with no warranties
http://img402.imageshack.us/img402/...
Grrrr... ...im


Report •

Related Solutions


Ask Question