GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

View previous topic View next topic Go down

lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

Post by Paul Francis on Wed Sep 30, 2009 8:14 am

Hello.
First of all, great job Team. Really great job.
I am not a tech on computer whatsoever, so I need a great help.
I have gone thorugh hundreds of the previous posts to try to recognize my virus problem, and despite having found many many similar to mine, it looks I am a bit lonely to experience all the following problems at once:
a) looks it all started with antivirus pro 2010, which automatically started on my laptop and after that disasters struck
b) Main issue is that computer is almost frozen as it runs at 100% CPU all the time
c) CPU usage is mostly cause by c.exe , b.exe, hsjxqlhbwt.exe which riproduce itself at incredible speed rate, msa.exe (similar to the previous one), lgqig.exe, mcods.exe
d) my computer was "armed" of avast and McAfee but still this went thorugh
e) internet explorer almost not working, and when it does it autoroutes itself to some virus-freindly scanning pages or shuts down
f) cannot open windows explorer
g) does not recognize any USB drive, so I cannot do any help from outside
h) big thing...it won't let me boot in a safe mode. I can open the dialog box, but when I select any of the safe modes, it just goes back on the dialog box over and over.
i) I did try restore mode, and all I have done is loosingf all my recent work, but not the virus
j) tried search for the above files and manually delete. It allows some not all, and later they come back
k) managed to boot using an external CD boot program called MINI PE2.XT or similar and at least I can save files and managed to scan system with AVG antivirus
l) AVG managed to find 7 infected files and it could only remove 5. But the computer is still slow and still having the virus or the malware
m) trying now to run Spybot in the same way, but because the PC is always 100% CPU takes like a day only for scanning
n) tried to get infos, help and antivirus and tools from my other laptop and putting program in a pen drive until I managed to get my other laptop with exactly the same problem. Fantastic
o) trying to download all programs and files suggested on your forum to topic similar to mine, but I decided to contact you first as it is now 5 full days lost in this issue. Desperate
I am running Windows XP in both computers.


Thanks a lot in any case for your great web site, full of information and help.

Paul

Paul Francis
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-09-29
OS : XP
Points : 26227
# Likes : 0

View user profile

Back to top Go down

Re: lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

Post by Paul Francis on Wed Sep 30, 2009 10:31 am

Not meaning to bounce this one back to top of list, but after I scanned Spybot on the same laptop which has had the AVG scan as well, and after having found several infections and intrusions later deleted, CPU dropped considerably , therefore I believed to be in the right direction. Well, not!!
I shut down the laptop, and at the restart after a while, it will only go to the dialog box of the safe mode boot. Any clickable option would take it back over and over on the same booting page without ever starting.
This may be also an issue reƖ to Acer One laptops, as I think it happened already once long ago. What is your opinion, please?

Thanks a lot

Paul Francis
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-09-29
OS : XP
Points : 26227
# Likes : 0

View user profile

Back to top Go down

Re: lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

Post by Belahzur on Wed Sep 30, 2009 10:09 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

Post by Paul Francis on Thu Oct 01, 2009 5:52 am

Hi, thanks for answering.
Here's the file



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:11:24, on 01/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\hsjxqlhbwt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\ARCHIV~1\LAUNCH~1\QtZgAcer.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\Archivos de programa\Lexmark 1300 Series\lxdcamon.exe
C:\WINDOWS\system32\rundll32.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe
C:\DOCUME~1\Claudio\CONFIG~1\Temp\b.exe
C:\Documents and Settings\Claudio\lgqig.exe
C:\WINDOWS\msa.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Archivos de programa\OpenOffice.org 3\program\soffice.exe
C:\Archivos de programa\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\Claudio\CONFIG~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\TEMP\hsjxqlhbwt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Archivos de programa\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Archivos de programa\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Archivos de programa\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\ARCHIV~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Archivos de programa\Lexmark 1300 Series\lxdcmon.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Archivos de programa\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VodafoneUSBPP.exe] C:\Archivos de programa\Huawei technologies\Vodafone Mobile Connect Modem\VodafoneUSBPP.exe windows
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [lgqig] C:\Documents and Settings\Claudio\lgqig.exe
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\Claudio\CONFIG~1\Temp\b.exe
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\NETWOR~1\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [NordBull] C:\WINDOWS\msa.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [svchost] C:\WINDOWS\system32\config\systemprofile\Datos de programa\svcst.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\ARCHIV~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Servicio de alerta AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\hsjxqlhbwt.exe
O23 - Service: avast! Management Server - ALWIL Software - C:\Archivos de programa\Alwil Software\Management Tools\avEngine.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Administrador de Google Desktop 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Administrador de Google Desktop 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b893bebb1aea) (gupdate1c9b893bebb1aea) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Archivos de programa\Archivos comunes\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

--
End of file - 12850 bytes

Paul Francis
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-09-29
OS : XP
Points : 26227
# Likes : 0

View user profile

Back to top Go down

Re: lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

Post by Belahzur on Thu Oct 01, 2009 10:20 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
    O4 - HKCU\..\Run: [lgqig] C:\Documents and Settings\Claudio\lgqig.exe
    O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\Claudio\CONFIG~1\Temp\b.exe
    O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\NETWOR~1\ntuser.dll,_IWMPEvents@0
    O4 - HKCU\..\Run: [NordBull] C:\WINDOWS\msa.exe
    O4 - HKUS\S-1-5-18\..\Run: [svchost] C:\WINDOWS\system32\config\systemprofile\Datos de programa\svcst.exe (User 'SYSTEM')
    O23 - Service: Servicio de alerta AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\hsjxqlhbwt.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

Post by Paul Francis on Fri Oct 02, 2009 12:13 pm

Hey, seems it is all good now, thanks a lot. I will proceed with a proper thanks.
Here's the log

Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 2775
Windows 5.1.2600 Service Pack 3

02/10/2009 12:30:22
mbam-log-2009-10-02 (12-30-22).txt

Tipo de examen : Examen Rápido
Objetos examinados: 92951
Tiempo transcurrido: 10 minute(s), 43 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 9
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 21

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Documents and Settings\Claudio\Configuración local\Temp\bng2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bng3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bng4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bng5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bng6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bng7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bng8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bng9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bngA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bngB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bngC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bngD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bngE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\bngF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Claudio\Configuración local\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmpwr2 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmpwr3 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tmpwr4 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Paul Francis
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-09-29
OS : XP
Points : 26227
# Likes : 0

View user profile

Back to top Go down

Re: lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

Post by Belahzur on Sat Oct 03, 2009 4:56 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

Post by Paul Francis on Tue Oct 06, 2009 1:20 pm

Hello back,.
Sorry, been away for the weekend. Here's the log

DDS (Ver_09-09-29.01) - NTFSx86
Run by Claudio at 15:17:45.26 on 06/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.34.3082.18.1012.290 [GMT 2:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Archivos comunes\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\AVG\AVG8\avgemc.exe
C:\ARCHIV~1\AVG\AVG8\avgam.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\ARCHIV~1\LAUNCH~1\QtZgAcer.EXE
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\Archivos de programa\Lexmark 1300 Series\lxdcamon.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE
C:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
C:\Archivos de programa\OpenOffice.org 3\program\soffice.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\Archivos de programa\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\igfxext.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\DOCUME~1\Claudio\CONFIG~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\RealOneMessageCenter.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Claudio\Escritorio\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\archivos de programa\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\archivos de programa\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: Romantic-Emotion Toolbar: {51913bd0-9c90-4379-9c5c-72ae6453410b} - c:\archivos de programa\romantic-emotion\tbRoma.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\archivos de programa\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\archivos de programa\lexmark toolbar\toolband.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\archivos de programa\avg\avg8\avgssie.dll
BHO: Romantic-Emotion Toolbar: {51913bd0-9c90-4379-9c5c-72ae6453410b} - c:\archivos de programa\romantic-emotion\tbRoma.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\archiv~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\archivos de programa\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\archivos de programa\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\archivos de programa\yahoo!\companion\installs\cpn\yt.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\archivos de programa\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\archivos de programa\avg\avg8\toolbar\IEToolbar.dll
TB: Romantic-Emotion Toolbar: {51913bd0-9c90-4379-9c5c-72ae6453410b} - c:\archivos de programa\romantic-emotion\tbRoma.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\archivos de programa\messenger\msmsgs.exe" /background
uRun: [VodafoneUSBPP.exe] c:\archivos de programa\huawei technologies\vodafone mobile connect modem\VodafoneUSBPP.exe windows
uRun: [Messenger (Yahoo!)] "c:\archivos de programa\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SpybotSD TeaTimer] c:\archivos de programa\spybot - search & destroy\TeaTimer.exe
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\archivos de programa\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\archivos de programa\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\archivos de programa\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\archiv~1\launch~1\QtZgAcer.EXE
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [TkBellExe] "c:\archivos de programa\archivos comunes\real\update_ob\realsched.exe" -osboot
mRun: [Google Desktop Search] "c:\archivos de programa\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [lxdcmon.exe] "c:\archivos de programa\lexmark 1300 series\lxdcmon.exe"
mRun: [lxdcamon] "c:\archivos de programa\lexmark 1300 series\lxdcamon.exe"
mRun: [AVG8_TRAY] c:\archiv~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\archivos de programa\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [mserv] c:\windows\system32\config\systemprofile\datos de programa\seres.exe
dRun: [svchost] c:\windows\system32\config\systemprofile\datos de programa\svcst.exe
StartupFolder: c:\docume~1\claudio\menini~1\progra~1\inicio\openof~1.lnk - c:\archivos de programa\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\claudio\menini~1\progra~1\inicio\recort~1.lnk - c:\archivos de programa\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\claudio\menini~1\progra~1\inicio\scandisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\menini~1\progra~1\inicio\interv~1.lnk - c:\archivos de programa\intervideo\common\bin\WinCinemaMgr.exe
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\archiv~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archiv~1\spybot~1\SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\archivos de programa\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\archiv~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-29 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-29 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-29 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-29 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\archiv~1\avg\avg8\avgemc.exe [2009-9-29 908056]
R2 avg8wd;AVG8 WatchDog;c:\archiv~1\avg\avg8\avgwdsvc.exe [2009-9-29 297752]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
S2 avast! Management Server;avast! Management Server;c:\archivos de programa\alwil software\management tools\avEngine.exe [2009-5-31 21632]
S2 gupdate1c9b893bebb1aea;Google Update Service (gupdate1c9b893bebb1aea);c:\archivos de programa\google\update\GoogleUpdate.exe [2009-4-8 133104]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2009-3-19 99248]
S3 GoogleDesktopManager-061008-081103;Administrador de Google Desktop 5.7.806.10245;c:\archivos de programa\google\google desktop search\GoogleDesktop.exe [2008-12-13 29744]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-5-21 96856]

=============== Created Last 30 ================

2009-10-06 15:04 361,369 a------- c:\archivos de programa\dds.scr
2009-10-02 18:19 --d----- c:\archivos de programa\Conduit
2009-10-02 18:19 --d----- c:\archivos de programa\Romantic-Emotion
2009-10-02 18:18 1,598,224 a------- c:\archivos de programa\Romantic-Emotion.exe
2009-10-02 12:16 --d----- c:\docume~1\claudio\datosd~1\Malwarebytes
2009-10-02 12:16 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 12:16 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-02 12:16 --d----- c:\docume~1\alluse~1\datosd~1\Malwarebytes
2009-10-02 12:16 --d----- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-10-01 19:18 628 a------- c:\windows\system32\gasfkylog.dat
2009-10-01 18:46 --d----- c:\documents and settings\claudio\DoctorWeb
2009-10-01 00:09 --d----- c:\archivos de programa\Trend Micro
2009-09-30 04:42 --d----- c:\docume~1\alluse~1\datosd~1\Spybot - Search & Destroy
2009-09-30 04:42 --d----- c:\archivos de programa\Spybot - Search & Destroy
2009-09-29 22:50 --d-h--- C:\$AVG8.VAULT$
2009-09-29 22:34 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-09-29 22:34 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-29 22:34 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-29 22:34 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-29 22:30 --d----- c:\windows\system32\drivers\Avg
2009-09-29 22:30 --d----- c:\docume~1\alluse~1\datosd~1\AVG Security Toolbar
2009-09-29 22:30 --d----- c:\docume~1\alluse~1\datosd~1\avg8
2009-09-29 22:30 --d----- c:\archivos de programa\AVG
2009-09-29 22:00 --d----- c:\docume~1\claudio\datosd~1\AVG8
2009-09-29 15:44 43 a------- c:\windows\system32\gasfkyrfulrmkt.dat
2009-09-29 15:39 28,942 a------- c:\windows\system32\gasfkyksrrirns.dat

==================== Find3M ====================


============= FINISH: 15:18:55.95 ===============

Paul Francis
Novice
Novice

Status :
Online
Offline

Posts : 5
Joined : 2009-09-29
OS : XP
Points : 26227
# Likes : 0

View user profile

Back to top Go down

Re: lgqig.exe-c.exe-b.exe-hsjxqlhbwt.exe-no safe mode-no explorer-CPU 100%

Post by Belahzur on Tue Oct 06, 2009 8:56 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\archivos de programa\Conduit
    c:\windows\system32\gasfkylog.dat
    c:\windows\system32\gasfkyrfulrmkt.dat
    c:\windows\system32\gasfkyksrrirns.dat

    :reg
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mserv"=-
    "svchost"=-


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum