HijackThis problems.

[Washaway]

Hi everyone,

I'm new here so I'd like to first say "Hello".
I've briefly read through the threads and I've kind of caught on to what is happenening.

I too have had issue since I've installed Limewire and will never do it again. However, I can't run regedt32 or open my task manager.

"Another program is currently using this file" is the error message that I get.


I've attached my log file.

Please help!

 

[Spike]

:wave: Welcome to Techspot :wave:

Do you have a firewall? There's none that I can see.

You should probably follow Howards instructions HERE and post a new HJT log. You might also like to run Ewido too, and post the log from that at the same time (the link for download is in Howards instructions.)

 

[Washaway]

I've run the Trend Housecall online scanner but it had nothing. I'll try it again.

Haven't downloaded Ewido but will do it now.

will repost after completed.

Thanks

 

[Washaway]

Thanks for your help and for the useful information within your threads!

After running the Ewido software everything is back to normal.

Ciao all!
:giddy:

 

[howard_hopkinso]

Hello and welcome to Techspot.

Thanks for your help and for the useful information within your threads!

After running the Ewido software everything is back to normal.

Ciao all!
:giddy:

You should still post a fresh HJT log, so we can check it over for you.

Regards Howard :wave: :wave:

 

[Washaway]

Hi Howard,

Here it is.

Much appreciated,
Balazs

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel. Uninstall anything to do with(if there).

p2pnetworks
winupdates

Close control panel.

Open your task manager and click on the processes tab. End process for(if there).

mpp2pl.exe
winupdates.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://webcam.geovision.com.tw/cab/OCXChecker_6110.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142001273281
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB1E947-9174-4997-A99F-A86192502C3C}: NameServer = 216.199.54.11,216.199.46.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB1E947-9174-4997-A99F-A86192502C3C}: NameServer = 216.199.54.11,216.199.46.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB1E947-9174-4997-A99F-A86192502C3C}: NameServer = 216.199.54.11,216.199.46.9 Only fix these 017 entries, if they don`t belong to your ISP.

Click on the fix checked button.

close HJT.

Locate and delete the following bold files(if there).

C:\Program Files\p2pnetworks\mpp2pl.exe" /H

C:\Program Files\winupdates\winupdates.exe /auto

Reboot into normal mode.

Regards Howard

 

[Washaway]

Will do.

Ciao

 

[Washaway]

HiJackThis Log

Not sure if this is in the right thread or not but could someone please have a look at the log file below and tell me if you see anything unusual.

Thank you.

 

[howard_hopkinso]

Your system is infected with a variety of nasties.

Go HERE and follow all the instructions exactly.

Post a fresh HJT log as an attachment into this thread, only after doing the above. See HERE for instructions.

Regards Howard

This thread is for the use of Washaway only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[howard_hopkinso]

I have merged your new thread into this one. Please continue to post in this thread.

Regards Howard

 

[Washaway]

I'm taking a look at the instructions Howard, thanks.

I'm assuming you don't need me to post Ewido scan logs, correct?

 

[howard_hopkinso]

When you`re finished with the instructions, please post a fresh HJT log and a fresh Ewido log as well.

Regards Howard

 

[Washaway]

I've done everything asked of me.

Here are my updated scan logs.

 

[howard_hopkinso]

You`re not running any antivirus or firewall software.

Download and install the free AVG antivirus programme and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE and HERE.

Install whichever firewall you chose, followed by AVG and reboot your system the required number of times. Run the AVG updates.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run a full system scan with AVG and delete whatever it finds.

Delete the files in the Ewido quarantine.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log, only after doing the above.


Regards Howard

This thread is for the use of Washaway only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.