TechSpot

HijackThis problems.

By Washaway
Apr 6, 2006
  1. Hi everyone,

    I'm new here so I'd like to first say "Hello".
    I've briefly read through the threads and I've kind of caught on to what is happenening.

    I too have had issue since I've installed Limewire and will never do it again. However, I can't run regedt32 or open my task manager.

    "Another program is currently using this file" is the error message that I get.


    I've attached my log file.
    :confused:
    Please help!
     
  2. Spike

    Spike TS Evangelist Posts: 2,168

    :wave: Welcome to Techspot :wave:

    Do you have a firewall? There's none that I can see.

    You should probably follow Howards instructions HERE and post a new HJT log. You might also like to run Ewido too, and post the log from that at the same time (the link for download is in Howards instructions.)
     
  3. Washaway

    Washaway TS Rookie Topic Starter

    I've run the Trend Housecall online scanner but it had nothing. I'll try it again.

    Haven't downloaded Ewido but will do it now.

    will repost after completed.

    Thanks
     
  4. Washaway

    Washaway TS Rookie Topic Starter

    Thanks for your help and for the useful information within your threads!

    After running the Ewido software everything is back to normal.

    Ciao all!
    :giddy:
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You should still post a fresh HJT log, so we can check it over for you.

    Regards Howard :wave: :wave:
     
  6. Washaway

    Washaway TS Rookie Topic Starter

    Hi Howard,

    Here it is.

    Much appreciated,
    Balazs
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel. Uninstall anything to do with(if there).

    p2pnetworks
    winupdates

    Close control panel.

    Open your task manager and click on the processes tab. End process for(if there).

    mpp2pl.exe
    winupdates.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H

    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

    O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://webcam.geovision.com.tw/cab/OCXChecker_6110.cab
    O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142001273281
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB1E947-9174-4997-A99F-A86192502C3C}: NameServer = 216.199.54.11,216.199.46.9
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB1E947-9174-4997-A99F-A86192502C3C}: NameServer = 216.199.54.11,216.199.46.9
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB1E947-9174-4997-A99F-A86192502C3C}: NameServer = 216.199.54.11,216.199.46.9 Only fix these 017 entries, if they don`t belong to your ISP.

    Click on the fix checked button.

    close HJT.

    Locate and delete the following bold files(if there).

    C:\Program Files\p2pnetworks\mpp2pl.exe" /H

    C:\Program Files\winupdates\winupdates.exe /auto

    Reboot into normal mode.

    Regards Howard :)
     
  8. Washaway

    Washaway TS Rookie Topic Starter

    Will do.

    Ciao
     
  9. Washaway

    Washaway TS Rookie Topic Starter

    HiJackThis Log

    Not sure if this is in the right thread or not but could someone please have a look at the log file below and tell me if you see anything unusual.

    Thank you.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected with a variety of nasties.

    Go HERE and follow all the instructions exactly.

    Post a fresh HJT log as an attachment into this thread, only after doing the above. See HERE for instructions.

    Regards Howard :)

    This thread is for the use of Washaway only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have merged your new thread into this one. Please continue to post in this thread.

    Regards Howard :)
     
  12. Washaway

    Washaway TS Rookie Topic Starter

    I'm taking a look at the instructions Howard, thanks.

    I'm assuming you don't need me to post Ewido scan logs, correct?
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    When you`re finished with the instructions, please post a fresh HJT log and a fresh Ewido log as well.

    Regards Howard :)
     
  14. Washaway

    Washaway TS Rookie Topic Starter

    I've done everything asked of me.

    Here are my updated scan logs.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`re not running any antivirus or firewall software.

    Download and install the free AVG antivirus programme and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE and HERE.

    Install whichever firewall you chose, followed by AVG and reboot your system the required number of times. Run the AVG updates.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run a full system scan with AVG and delete whatever it finds.

    Delete the files in the Ewido quarantine.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log, only after doing the above.


    Regards Howard :)

    This thread is for the use of Washaway only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...