Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CPU 100% redirecting web pages


  • Please log in to reply

#1
Terry96

Terry96

    New Member

  • Member
  • Pip
  • 2 posts
Today i picked up my parents pc and i'll mention my 17yo niece live there so this machine coulda browsed anywhere..

So i get a call from parents telling me there isp had suspended there account due to a virus, likely host and spamming people.

I get it home and clean alot of unecesary garbage from it like toolbars and websearch...ya di ya.. Right now svchost.exe is running 100% cpu. There are also 4 unidentified .exe file in start up. ther is Baex.exe, Ilux.exe, Osylix.exe, Udmoyl.exe.. Google searches on those have left me with no result. What are these?

The path of these folder is somthing like document and setting....startup ( which is 89kb in size) but when i open it up it shows nothing in both safe mode and regular. Also cpu will not spike in safe mode and its not even in start up list there either.

Web page searchs also rediect every time unlees typing in a specific address.

Any help would be great.

Ty,

Terry



Hijackthis alsow showed me alot of 04 redirection stuffs but atm i'm afraid to connect that pc to the internet...would it be fine in safe mode with connection?

Edited by Terry96, 28 October 2010 - 07:01 PM.

  • 0

Advertisements


#2
Terry96

Terry96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
here is my log



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:49 AM, on 29/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\documents and settings\compaq_administrator\start menu\programs\startup\iluxsrv.exe,c:\windows\i386\winnt32srv.exe,c:\progra~1\symantec\liveup~1\lucoms~1srv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: baex.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: ilux.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: osylix.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: udmoyl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: baex.exe (User 'Default user')
O4 - .DEFAULT Startup: ilux.exe (User 'Default user')
O4 - .DEFAULT Startup: osylix.exe (User 'Default user')
O4 - .DEFAULT Startup: udmoyl.exe (User 'Default user')
O4 - .DEFAULT User Startup: baex.exe (User 'Default user')
O4 - .DEFAULT User Startup: ilux.exe (User 'Default user')
O4 - .DEFAULT User Startup: osylix.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: udmoyl.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1288320598203
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4036 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP