TechSpot

My Hijack this Log

By SDstevenSD
Dec 11, 2005
  1. Please help as soon as possible before I restart my whole system
     
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    I'd kill these:

    C:\Program Files\MsMovies\MsMovies.exe
    C:\WINDOWS\system32\winlogi.exe
    C:\WINDOWS\system32\p2pnetworking.exe
    C:\Program Files\Support.com\bin\tgcmd.exe

    And fix these:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/php/start4.php?gname=dkwitz
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll (file missing)
    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
    O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
    O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
    O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
    O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
    O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
    O15 - Trusted Zone: http://www.neededware.com
    O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)


    I included tgcmd.exe because of this.
     
  3. SDstevenSD

    SDstevenSD TS Rookie Topic Starter

    I am panicing. Everytime I loom back at my free space, it gets smaller so something is definately downloading stuff to my pc. I only have 2.13 Gigs left! I think I am being key logged. What should I do?
     
  4. SDstevenSD

    SDstevenSD TS Rookie Topic Starter

    I think Ive narrowed it down to where I got the virus/ spyware I think I got it from Limewire. I am going to back up my important files on discs right now just in case. I deleted Limewire. Here is my updated Hijack This log.
     
  5. SDstevenSD

    SDstevenSD TS Rookie Topic Starter

    Sorry heres the attachment
     
  6. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    [​IMG]

    Unplug the network cable, or if you're using wireless connection, disable the wireless network adapter. That should be the first step.

    As much as I hate to say this, I guess the only way to be sure (and the easiest way as well) is to reinstall the operating system.

    Antivirus applications don't detect everything, and (possible) rootkits are quite difficult to deal with, especially if you've never even heard of them.

    Of course there are alternatives to Windows that don't share the virus / spyware problem...
     
  7. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    This needs to be killed first:

    C:\Program Files\Common Files\Windows\services32.exe

    There are still these to fix:

    O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
    O15 - Trusted Zone: http://www.neededware.com
    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
     
  8. SDstevenSD

    SDstevenSD TS Rookie Topic Starter

    Thank you for all of your help. I really do not know anything about this and without you, I wouldnt be typing this. The downloading to my computer has stopped. I am left with 1.54 Gigs left. The only problems I have are:

    O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) keeps showing up on the hijack this log even though i keep checking it and fixing it.


    The downloading has stopped but the files downloaded to my computer are probably still here seeing as how I am still missing my space. I found one place where files were downloaded to and deleted everything in the folder (over 600 zip folders!). I found the hidden folder by watching the places ad aware searched and saw them. But there may be others. How do I find them and get my space back?


    Here is my most recent Hijack This log. Thank you for your help by the way.
     
  9. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    An application like JDiskReport could help here.

    Read How to remove Aurora/Nailfix for information about svcproc.exe.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...