Need help, not sure what virus

View previous topic View next topic Go down

Solved Need help, not sure what virus

Post by Azag-toth on Mon Feb 23, 2009 1:33 am

Hi, I was trying to fix my girlfriends computer when i found this site. Her computer has been running very slowly for the past few months and she has been getting a lot of pop-ups and ads along with redirects to ad sites. 2 days ago an alert came up on her taskbar saying "Warning your computer is infected!Click here etc.etc." it had a red circle with an X in it like the symbol Norton uses but she does not have Norton on her computer. We figured it was some kind of fake spyware thing but we clicked on it to see if maybe it wasn't. It took us to a website to download AntivirusProXp2009 but we did not download it as I'm pretty sure it is fake, as soon as this happened the computer started acting very weird so we disconnected it from the internet and i have been trying to find out whats wrong since. The alert still keeps popping up, the desktop wallpaper is gone, sometimes the desktop wallpaper is an ad saying i need to click on it to fix the virus, and ads try to pop-up using both internet explorer and firefox. A new administrator account has been created that was never there before and i am unable to view hidden files or use the task manager i was able to get the task manager back using "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f" in run. When i start the computer up a lot of error windows open, one says init.exe has encountered a problem and needs to close, one says AppleSyncNotifier.exe has failed to start because CoreFoundation.dll was not found, one says there was an error loading nnxlothg.dll, and another says that Data Execution Prevention has closed Windows Logon UI for my protection. I ran AVG in safe mode and it found and deleted a file called "Win32/Rustock.C" and it said that the boot sector of C, Kernel32.dll, wsock32.dll, user32.dll shell32.dll, and ntoskcnl.exe had been changed. I hope this is enough information to help identify what the problem is. Thanks for your time. Here is the Hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:41 PM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afisicx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
C:\Program Files\FarStone\GameDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
F:\DAEMON Tools\daemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\winlognn.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\msrstart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\i89xts49yn2v.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\lxi4e5ql3z7.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\cp71an5iniczf.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\a61w9j4.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\b1sqlm2wcioo2.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\kfmkybysw.exe
C:\DOCUME~1\Becky\LOCALS~1\Temp\p9kgtqqkkgj10.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Qwest\QuickCare\agentui\quickcare.exe
C:\Program Files\Qwest\QuickCare\agentui\quickcare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Virus Removal\Hijack(GP)This.exe

Azag-toth
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2009-02-23
OS : Windows XP

View user profile

Back to top Go down

Solved Re: Need help, not sure what virus

Post by Azag-toth on Mon Feb 23, 2009 1:34 am

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqNEXpN.dll
O2 - BHO: C:\WINDOWS\system32\hs78344kjkfd.dll - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KEMailKb] C:\PROGRA~1\MICROI~1\INTERN~1\KEMailKb.EXE
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\GameDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "F:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [30a52330] rundll32.exe "C:\WINDOWS\system32\nnxlothg.dll",b
O4 - HKLM\..\Run: [Fkiya] rundll32.exe "C:\WINDOWS\Nhakisawanulamol.dll",e
O4 - HKLM\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Becky\LOCALS~1\Temp\winlognn.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\msrstart.exe
O4 - HKLM\..\Run: [DeskTopSrv] C:\WINDOWS\system32\grcrt.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] C:\DOCUME~1\Becky\LOCALS~1\Temp\winlognn.exe
O4 - HKCU\..\Run: [ofanc3wmgoftej1d082xcn5pgcg4xpnr4c] C:\DOCUME~1\Becky\LOCALS~1\Temp\itqvy91io.exe
O4 - HKCU\..\Run: [pk2kmvngm4sspim4m9n4ojil0lmkdflh161dq83hn9hvr] C:\DOCUME~1\Becky\LOCALS~1\Temp\en0uhgbg.exe
O4 - HKCU\..\Run: [a3eal0qhu81x2w9s7ksoeftxih] C:\DOCUME~1\Becky\LOCALS~1\Temp\p1ru2mgc6.exe
O4 - HKCU\..\Run: [rutz6ubdgcvd57lkmxsto292de0p34wlj] C:\DOCUME~1\Becky\LOCALS~1\Temp\q9nudyv3ty2.exe
O4 - HKCU\..\Run: [cpshjxqab459asn8k8vqe7aihmk0tx5joyfu7mvpqysyl] C:\DOCUME~1\Becky\LOCALS~1\Temp\x8ufwtpf9.exe
O4 - HKCU\..\Run: [ohyfe9vql7mga7ayhtpknxl7c48dmoh6f37jfo9rhmc22ba] C:\DOCUME~1\Becky\LOCALS~1\Temp\lup2a2vik2g.exe
O4 - HKCU\..\Run: [rr40d31bgj5xpubezh01r9nf52jety6zw153ori] C:\DOCUME~1\Becky\LOCALS~1\Temp\yg1db8tyd0.exe
O4 - HKCU\..\Run: [t4azsf2he26e0] C:\DOCUME~1\Becky\LOCALS~1\Temp\u0tp9epr.exe
O4 - HKCU\..\Run: [yz3rotd2aqyy47if2giaylhpbrn7s2cb0g] C:\DOCUME~1\Becky\LOCALS~1\Temp\a69vr8f.exe
O4 - HKCU\..\Run: [r6mqk7s6p0aug32dsgy5jn5llleqhedt4z3ij0erfi92d] C:\DOCUME~1\Becky\LOCALS~1\Temp\h55xk1bfaxo.exe
O4 - HKCU\..\Run: [gax57dgq0v] C:\DOCUME~1\Becky\LOCALS~1\Temp\r2d4w5dnbomm2.exe
O4 - HKCU\..\Run: [p7xsm6oe6hvg4e8j95v2toew] C:\DOCUME~1\Becky\LOCALS~1\Temp\p0xj5j5fi.exe
O4 - HKCU\..\Run: [u4yak88vtpidu05yk96ttlrkofodcc6nz] C:\DOCUME~1\Becky\LOCALS~1\Temp\ruffxtcuf1.exe
O4 - HKCU\..\Run: [q1jms2ep8ujoguk8l8aid1d02pj93gn9k40] C:\DOCUME~1\Becky\LOCALS~1\Temp\yut8swowpk.exe
O4 - HKCU\..\Run: [g5cvahtj87x2kns8infh5op5u7ti9q7qeeyi2d625d2] C:\DOCUME~1\Becky\LOCALS~1\Temp\ndq3tq28j4.exe
O4 - HKCU\..\Run: [q8pfzq1mazmj2jtiavt1ifx5myvgn97rej55nh2ha32] C:\DOCUME~1\Becky\LOCALS~1\Temp\m5pkjcrf5nhn.exe
O4 - HKCU\..\Run: [uxffz0c8psrva2njdl0cgua7aszngo] C:\DOCUME~1\Becky\LOCALS~1\Temp\zz43kdm9l0.exe
O4 - HKCU\..\Run: [gde1tdext5z3062d4tdu1dvm3wp0qs5gbs53fmz6om] C:\DOCUME~1\Becky\LOCALS~1\Temp\afl8rl7.exe
O4 - HKCU\..\Run: [u2pdiystzh82fwht5pn5edx83tto0] C:\DOCUME~1\Becky\LOCALS~1\Temp\a253yf25nd3l.exe
O4 - HKCU\..\Run: [zfu6mc80lvhhb] C:\DOCUME~1\Becky\LOCALS~1\Temp\xjwn5sa35ec.exe
O4 - HKCU\..\Run: [xw969393bbna643xtmn9gyv04r9qz63oa3ew0bxj7fhzhi] C:\DOCUME~1\Becky\LOCALS~1\Temp\b885i7nyskjxd.exe
O4 - HKCU\..\Run: [eklf5odx0y7o3kl2ypgfjc1zmqlf0f08xzip48] C:\DOCUME~1\Becky\LOCALS~1\Temp\atr7b8r.exe
O4 - HKCU\..\Run: [ehe12dzqn7bnzog62c7kiik9tznnyihqxtrt3rjds] C:\DOCUME~1\Becky\LOCALS~1\Temp\suhb0u.exe
O4 - HKCU\..\Run: [e5ux8s0ysyta8q934dzy50impo28da] C:\DOCUME~1\Becky\LOCALS~1\Temp\d7n35eg.exe
O4 - HKCU\..\Run: [ia5o0ig3jmnb2pvir4wlty9sdnp2k926v32vg0ew47dx8] C:\DOCUME~1\Becky\LOCALS~1\Temp\icna1h7n.exe
O4 - HKCU\..\Run: [xyv4g6vqldnk0] C:\DOCUME~1\Becky\LOCALS~1\Temp\m13i945760.exe
O4 - HKCU\..\Run: [e12ps1oz9y2auj72xafs4bb5xettj3y7cv5bab7] C:\DOCUME~1\Becky\LOCALS~1\Temp\v0fivobjhcb.exe
O4 - HKCU\..\Run: [ob24wkpzz8ur23az791crxe2j6g67syps1] C:\DOCUME~1\Becky\LOCALS~1\Temp\j8eswawptr2gf.exe
O4 - HKCU\..\Run: [muc87lavj19zg] C:\DOCUME~1\Becky\LOCALS~1\Temp\de8kkixu1gf.exe
O4 - HKCU\..\Run: [k0m6plgsel3bqy2jxs] C:\DOCUME~1\Becky\LOCALS~1\Temp\i89xts49yn2v.exe
O4 - HKCU\..\Run: [ycahktj4qffvlj4qwnrypv4a4dozx45nass2yv] C:\DOCUME~1\Becky\LOCALS~1\Temp\lxi4e5ql3z7.exe
O4 - HKCU\..\Run: [n658h5yxp1cakfwhmze2s5m5ksx3h8u7] C:\DOCUME~1\Becky\LOCALS~1\Temp\cp71an5iniczf.exe
O4 - HKCU\..\Run: [oz2b0vooo02y54oy6b9xbc23kihmrbhqe756cqc] C:\DOCUME~1\Becky\LOCALS~1\Temp\b1sqlm2wcioo2.exe
O4 - HKCU\..\Run: [ku6khmeznbubz0pvnt7etj8ycbtbjjmoc0lqfal0] C:\DOCUME~1\Becky\LOCALS~1\Temp\a61w9j4.exe
O4 - HKCU\..\Run: [z2fqt3z3ftqbbl46lr03d0g26ftdyjc5u8er331170] C:\DOCUME~1\Becky\LOCALS~1\Temp\p9kgtqqkkgj10.exe
O4 - HKCU\..\Run: [rnvi4oldaqnm8cbljtnxqhiyh4wfiiarrj0tl4kwiutfvis] C:\DOCUME~1\Becky\LOCALS~1\Temp\kfmkybysw.exe
O4 - HKCU\..\Run: [j8xob4g143g3wlv0u] C:\DOCUME~1\Becky\LOCALS~1\Temp\v592uoxymqtn.exe
O4 - HKCU\..\Run: [ezbpb6c1oabh7hcgs496ppvi] C:\DOCUME~1\Becky\LOCALS~1\Temp\m7c2w3tcif.exe
O4 - HKCU\..\Run: [e3gog8eb7cgdoz8dj1yffb7a0291tckhp3] C:\DOCUME~1\Becky\LOCALS~1\Temp\a0758tv.exe
O4 - HKCU\..\Run: [zjguzmcpgpa9bvs46iu0nbz9h6se1lmt2i1t6] C:\DOCUME~1\Becky\LOCALS~1\Temp\mp0a8ub2tmg.exe
O4 - HKCU\..\Run: [smzn3y1k9ogm61z62vzz1ug46f4l] C:\DOCUME~1\Becky\LOCALS~1\Temp\hwzliat2h.exe
O4 - HKCU\..\Run: [gfp7sfoxrr] C:\DOCUME~1\Becky\LOCALS~1\Temp\rfmdp0xn9.exe
O4 - HKCU\..\Run: [owkcan4m7cxl6eocafebd65vs0kjy] C:\DOCUME~1\Becky\LOCALS~1\Temp\nvmvs3wvftfk.exe
O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\WINDOWS\system32\inf\rundll33.exe C:\WINDOWS\xccdf16_090131a.dll xccd16
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xs8xbbiq3] C:\WINDOWS\TEMP\m0xyj3ln.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [py7jljn1xfab35x] C:\WINDOWS\TEMP\spollfgn2li.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rkga2mko2fvimu6cccxm92juoylehmdgv72vuud7x68cko] C:\WINDOWS\TEMP\c5jmkreja.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [f8afqiq5kwe0xsqjzq62fs1i24y16e8dnkklt00xfrp6r] C:\WINDOWS\TEMP\rh60f09.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Qwest Live - {07620F96-F90F-43E4-A903-182C51FA4212} - [You must be registered and logged in to see this link.] (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\becky\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\becky\locals~1\temp\ntdll64.dll
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: sopefh.dll
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O20 - Winlogon Notify: urqnexpn - C:\WINDOWS\SYSTEM32\urqNEXpN.dll
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs78344kjkfd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 15733 bytes

Azag-toth
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2009-02-23
OS : Windows XP

View user profile

Back to top Go down

Solved Re: Need help, not sure what virus

Post by Belahzur on Mon Feb 23, 2009 1:39 am

Hello.

You say it has been running slowly for the past few months? so this infection has been building and building even worse for months?

This machine is so badly damaged, it cannot be repaired.

This is one messy infection, but the bad news is that the malware is using a service that is actually legit, so if we kill the infection, we basically kill the machine along with it.
I would recommend a format and re-install here.

See these links for info on formatting.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Solved Re: Need help, not sure what virus

Post by Azag-toth on Mon Feb 23, 2009 1:43 am

Ah that sucks, thanks a lot for the help though.

Azag-toth
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2009-02-23
OS : Windows XP

View user profile

Back to top Go down

Solved Re: Need help, not sure what virus

Post by Doctor Inferno on Mon Jul 06, 2009 3:44 am

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a [You must be registered and logged in to see this link.] for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Status :
Online
Offline

Posts : 12017
Joined : 2007-12-26
Gender : Male
OS : Windows 7 Home Premium and Ultimate X64

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum