my comp is F'ed

[alkatrazz]

hello everyone,

I havent been around in a bit but I need some comp help and I know there are some comp gods here (steve).

 

What happened was my gf downloaded something on here and now i have a little icon in my task bar telling me my comp is infected and it recommends a cleaner tool. anyway I tried to get rid of it but I can open my task manager, my firewall is going crazy telling me all these things are trying to access the internet. This is a pretty nasty trojan im pretty sure im dealing with. im running a scan of my comp but I think more can be done as far as turning some of these things off. I cant even view hidden files because the option in tools is gone. under documents and settings the file for local setting to get to temp file doesnt even exist. i have to type it in to get to the temp file and in the temp file there are 10 hidden files i cant even delete because theyre hidden. Someone help please.

 

heres my hijack file

 

Logfile of HijackThis v1.97.7

Scan saved at 3:04:04 PM, on 3/7/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\drivers\services.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Raxco\PerfectDisk\PDSched.exe

C:\Program Files\Apoint\Apoint.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\HotKey Utility\HKserv.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\drivers\services.exe

C:\Documents and Settings\Alvaro Salinas\svchost.exe

C:\WINDOWS\system32\frmwrk32.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\MI3AA1~1\wcescomm.exe

C:\WINDOWS\system32\drivers\services.exe

C:\Documents and Settings\Alvaro Salinas\svchost.exe

C:\Program Files\Southwest Airlines\Ding\Ding.exe

C:\Documents and Settings\Alvaro Salinas\Start Menu\Programs\Startup\userinit.exe

C:\Program Files\Lexmark X74-X75\lxbbbmon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Sony\HotKey Utility\HKWnd.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\ALVARO~1\LOCALS~1\Temp\cw2gurtiq5.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Storage\Computer Protection\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe

O1 - Hosts: 91.207.117.244 browser-security.microsoft.com

O2 - BHO: (no name) - {198bc18e-6a85-4cb2-b275-cd8dc1eb6517} - C:\WINDOWS\system32\murijovu.dll

O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\hs3i7jdgfd.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [0c21e3d0] rundll32.exe "C:\WINDOWS\system32\sujehehe.dll",b

O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Alvaro Salinas\svchost.exe

O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe

O4 - HKLM\..\Run: [CPM0f12d04c] Rundll32.exe "c:\windows\system32\timuroje.dll",a

O4 - HKLM\..\Run: [Npamubuworucato] rundll32.exe "C:\WINDOWS\obimukohiyima.dll",e

O4 - HKLM\..\Run: [Gmopeboyo] rundll32.exe "C:\WINDOWS\Ajewezelagarobif.dll",e

O4 - HKLM\..\Run: [kesemavema] Rundll32.exe "C:\WINDOWS\system32\jumebobo.dll",s

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Alvaro Salinas\svchost.exe

O4 - HKCU\..\Run: [v8ctfnnza57miyccqk477rtacv6rwsx787ppp5hti] C:\DOCUME~1\ALVARO~1\LOCALS~1\Temp\cw2gurtiq5.exe

O4 - HKCU\..\Run: [oz2nngxtheos6azdhebzuv] C:\DOCUME~1\ALVARO~1\LOCALS~1\Temp\f78m1k.exe

O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe

O4 - Startup: userinit.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Create Mobile Favorite (HKLM)

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108353121759

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Steve]

Run a full scan here: -

 

http://onecare.live.com/site/en-us/default.htm

 

It'll autofix any shit it finds.

 

By the looks of that log, the PC is riddled with shite and you probably got infected because you haven't installed any updates in a long time. It certainly wouldn't have helped anyway. Even the version of HijackThis you're using is way out of date, haha.

 

If you're still having problems after using OneCare, post another log (using the latest version of HijackThis), but if it's in as bad a shape as it is now then a backup/format/reinstall is gonna be your best option.