Please help as soon as possible before I restart my whole system
My Hijack this Log
- Thread starter SDstevenSD
- Start date
- Status
Mictlantecuhtli
Posts: 4,049 +13
I'd kill these:
C:\Program Files\MsMovies\MsMovies.exe
C:\WINDOWS\system32\winlogi.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Support.com\bin\tgcmd.exe
And fix these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/php/start4.php?gname=dkwitz
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll (file missing)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
I included tgcmd.exe because of this.
C:\Program Files\MsMovies\MsMovies.exe
C:\WINDOWS\system32\winlogi.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Support.com\bin\tgcmd.exe
And fix these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysearch.com/php/start4.php?gname=dkwitz
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\System32\WinStat12.dll (file missing)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
I included tgcmd.exe because of this.
I am panicing. Everytime I loom back at my free space, it gets smaller so something is definately downloading stuff to my pc. I only have 2.13 Gigs left! I think I am being key logged. What should I do?
I think Ive narrowed it down to where I got the virus/ spyware I think I got it from Limewire. I am going to back up my important files on discs right now just in case. I deleted Limewire. Here is my updated Hijack This log.
Sorry heres the attachment
Mictlantecuhtli
Posts: 4,049 +13
Unplug the network cable, or if you're using wireless connection, disable the wireless network adapter. That should be the first step.
As much as I hate to say this, I guess the only way to be sure (and the easiest way as well) is to reinstall the operating system.
Antivirus applications don't detect everything, and (possible) rootkits are quite difficult to deal with, especially if you've never even heard of them.
Of course there are alternatives to Windows that don't share the virus / spyware problem...
Mictlantecuhtli
Posts: 4,049 +13
SDstevenSD said:
This needs to be killed first:
C:\Program Files\Common Files\Windows\services32.exe
There are still these to fix:
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O15 - Trusted Zone: http://www.neededware.com
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
Thank you for all of your help. I really do not know anything about this and without you, I wouldnt be typing this. The downloading to my computer has stopped. I am left with 1.54 Gigs left. The only problems I have are:
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) keeps showing up on the hijack this log even though i keep checking it and fixing it.
The downloading has stopped but the files downloaded to my computer are probably still here seeing as how I am still missing my space. I found one place where files were downloaded to and deleted everything in the folder (over 600 zip folders!). I found the hidden folder by watching the places ad aware searched and saw them. But there may be others. How do I find them and get my space back?
Here is my most recent Hijack This log. Thank you for your help by the way.
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing) keeps showing up on the hijack this log even though i keep checking it and fixing it.
The downloading has stopped but the files downloaded to my computer are probably still here seeing as how I am still missing my space. I found one place where files were downloaded to and deleted everything in the folder (over 600 zip folders!). I found the hidden folder by watching the places ad aware searched and saw them. But there may be others. How do I find them and get my space back?
Here is my most recent Hijack This log. Thank you for your help by the way.
Mictlantecuhtli
Posts: 4,049 +13
An application like JDiskReport could help here.SDstevenSD said:
Read How to remove Aurora/Nailfix for information about svcproc.exe.
- Status
Similar threads
