lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Massive Spyware/Virus Problem -- Posted HijackThis log.

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Closed Thread
 
Thread Tools
  #1  
Old 10th Dec 2007, 21:39
New Member Group
  
Hey guys,

Recently, my computer started acting funny -- about two days ago. It's been getting worse and worse, and I fear for a total melt down and I really can't afford a new computer.

Basically, I think it came from a bad file from limewire. Since I downloaded last time from limewire, my computer desktop screen went blank, I can't access desktop properties (I always get the message: This operation has been canceled due to restrictions on this computer, please contact computer administrator), I can't access the control panel, MSN always encounters an error when it tries to sign in, and a bubble in my lower right corner keeps popping up saying that my computer needs to download free anti-spyware.
Also, files like Ultimate defender, and Ultimate guard keep downloading onto my computer, and when I look in task manager, a file called iexplorer.exe keeps popping up.

I ran Hijack this, and tried deleting the files that I thought were harmful, I even tried safemode and tried to run ad-aware and hijack this, when my computer suddenly restarted on it's own.

This is my Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:55 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WService.EXE
C:\WINDOWS\TEMP\winAD.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\main\LOCALS~1\Temp\syssys.exe
C:\DOCUME~1\main\LOCALS~1\Temp\synsyn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [ipzw32.exe] C:\WINDOWS\ipzw32.exe
O4 - HKLM\..\Run: [nettu.exe] C:\WINDOWS\nettu.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [sysdp.exe] C:\WINDOWS\sysdp.exe
O4 - HKLM\..\Run: [netil.exe] C:\WINDOWS\system32\netil.exe
O4 - HKLM\..\Run: [winlh.exe] C:\WINDOWS\winlh.exe
O4 - HKLM\..\Run: [systm.exe] C:\WINDOWS\system32\systm.exe
O4 - HKLM\..\Run: [winmp32.exe] C:\WINDOWS\system32\winmp32.exe
O4 - HKLM\..\Run: [wingp.exe] C:\WINDOWS\system32\wingp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [winll.exe] C:\WINDOWS\winll.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winAD.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: findfast.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 4856 bytes

If anyone can help me, it would be greatly appreciated. I do a lot of work on this computer, and I really can't afford to lose it.

Sincerely,
Cal.
  #2  
Old 11th Dec 2007, 00:04
Donor Group
  
Discussions regarding p2p/torrents are not allowed on this forum. Or problems caused by downloading illegal content.

I know you're new Callista but it still applies.
__________________
heard wow is a better contraceptive then the pill, no joke i played rs for 2-3 years and 2 weeks after i stopped i lost my virginity.

-Kanoakavirus
__________________

My System: Zoomy

Processor(s):
E8400 @ 3.6ghz (400x9) @ 1.15v
Motherboard:
Asus P5K Premium
RAM Memory:
2GB Dominator 8500
Graphics Card(s):
BFG 8800GT
Sound Card:
Xfi Extremegamer
Hard Drive(s):
3.35TB ext storage. 2TB int storage
Optical Drive(s):
LG GGC H20L
Case / PSU:
Enermax 720w
Cooling:
AC7
Network / Internet:
Monitor(s):
245B, 931B (Samsung)
Operating System(s):
Vista 32P
  #3  
Old 11th Dec 2007, 13:00
Moderator Group
  
As Alex stated, we do not support or discuss p2p, warez or any illegal content.

Uninstall the p2p programs. We will be able to tell by the logs we request so if any are installed.

Make a new post in this forum with a fresh HijackThis log and we will help to remove the virus.
__________________
Closed Thread

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.