CPU 100% redirecting web pages

Today i picked up my parents pc and i'll mention my 17yo niece live there so this machine coulda browsed anywhere..

So i get a call from parents telling me there isp had suspended there account due to a virus, likely host and spamming people.

I get it home and clean alot of unecesary garbage from it like toolbars and websearch...ya di ya.. Right now svchost.exe is running 100% cpu. There are also 4 unidentified .exe file in start up. ther is Baex.exe, Ilux.exe, Osylix.exe, Udmoyl.exe.. Google searches on those have left me with no result. What are these?

The path of these folder is somthing like document and setting....startup ( which is 89kb in size) but when i open it up it shows nothing in both safe mode and regular. Also cpu will not spike in safe mode and its not even in start up list there either.

Web page searchs also rediect every time unlees typing in a specific address.

Any help would be great.

Ty,

Terry

Hijackthis alsow showed me alot of 04 redirection stuffs but atm i'm afraid to connect that pc to the internet...would it be fine in safe mode with connection?

Edited by Terry96, 28 October 2010 - 07:01 PM.

here is my log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:49 AM, on 29/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\documents and settings\compaq_administrator\start menu\programs\startup\iluxsrv.exe,c:\windows\i386\winnt32srv.exe,c:\progra~1\symantec\liveup~1\lucoms~1srv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: baex.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: ilux.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: osylix.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: udmoyl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: baex.exe (User 'Default user')
O4 - .DEFAULT Startup: ilux.exe (User 'Default user')
O4 - .DEFAULT Startup: osylix.exe (User 'Default user')
O4 - .DEFAULT Startup: udmoyl.exe (User 'Default user')
O4 - .DEFAULT User Startup: baex.exe (User 'Default user')
O4 - .DEFAULT User Startup: ilux.exe (User 'Default user')
O4 - .DEFAULT User Startup: osylix.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: udmoyl.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1288320598203
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4036 bytes

#1
Terry96

Posted 28 October 2010 - 06:55 PM

Advertisements

#2
Terry96

Posted 28 October 2010 - 07:15 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us