1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help with "Privacy Protector" malware!

Discussion in 'Virus & Other Malware Removal' started by libcal, Oct 31, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. libcal

    libcal Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    4
    My stupid mistake by accepting an ActiveObject in IE and now my wallpaper has been changed to this PrivacyProtection malware and three shortcuts added.

    Please see my Hijackthis log below and help me!

    Thanks!!!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:36:30 AM, on 10/31/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\trcboot.exe
    C:\Program Files\IBM\Mobility Client\artstartsvc.exe
    C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
    C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
    C:\progra~1\c4ebreg\c4ebreg.exe
    c:\sdwork\issimsvc.exe
    C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
    C:\notes\ntmulti.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\System32\vmnat.exe
    C:\WINDOWS\System32\vmnetdhcp.exe
    C:\WINDOWS\System32\Drivers\ldlcserv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\acs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
    C:\progra~1\c4ebreg\isamtray.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: TBSB06559 - {5E65C12C-D4DE-4FBA-B548-4DF4E5F78819} - C:\PROGRA~1\IBMTOO~1\toolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: MSVPS System - {90CF5384-7C70-4CD6-A30D-B2F14537B5C3} - C:\WINDOWS\movctrlwxq.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
    O3 - Toolbar: IBM Toolbar - {83DC8BD3-AB6C-4E32-BF78-40F1200D598E} - C:\Program Files\IBM Toolbar\toolbar.dll
    O3 - Toolbar: The nssfrch - {7D61C1B5-86AF-439F-9ACF-D19FDB5F55CC} - C:\WINDOWS\nssfrch.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [QCWLICON] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
    O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
    O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
    O4 - HKLM\..\Run: [defergui] c:\sdwork\defergui.exe
    O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [borfgvtp] D;]XJOEPXT]tztufn43]Svoemm43/fyf!#D;]XJOEPXT]tztufn43]deoqsi/emm#-Tubsu
    O4 - HKLM\..\Run: [SysTdSvr] C:\WINDOWS\system32\Rundll32.exe "C:\WINDOWS\system32\SysTdSvr.dll",Start
    O4 - HKLM\..\Run: [Sysmppcv] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\SysTdSvr.dll",Start
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DownloadGrid] C:\Program Files\IBM\Java142\jre\javaws\javaws.exe http://downloadgrid.webahead.ibm.com/DownloadGridAppletWrapper/client/JNLPWrapper
    O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
    O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 使用iTudou下载节目 - C:\Program Files\iTudou\iTudou_Link.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
    O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
    O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
    O9 - Extra button: D?à?UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - C:\Program Files\sina\UC\uc.exe (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
    O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
    O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download.answers.com/pub/AnswersSetup.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {448A5F6B-8C03-4B54-A338-F00237C508AD} (WEBChatRoomOCX Control) - http://www.51uc.com/cab/WEBChatRoom_1_51.cab
    O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroomclient/STJNILoader.cab
    O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{080CA878-69C8-4EF0-A7D8-2C6B5C6BE9B0}: Domain = ibm.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM,
    O17 - HKLM\System\CS1\Services\Tcpip\..\{080CA878-69C8-4EF0-A7D8-2C6B5C6BE9B0}: Domain = ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM,
    O20 - AppInit_DLLs: C:\WINDOWS\system32\Manager.dll
    O21 - SSODL: bxsbang - {F82BF1F4-B4E9-41EF-AD68-7D330E8F1491} - C:\WINDOWS\bxsbang.dll
    O21 - SSODL: ocgrep - {ECF2CF6A-8CE6-4FDD-86F2-BFE6FD8F72AB} - C:\WINDOWS\ocgrep.dll
    O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Mobility Client (ArtourService) - Unknown owner - C:\Program Files\IBM\Mobility Client\artsvc.exe
    O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\progra~1\c4ebreg\c4ebreg.exe
    O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
    O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
    O23 - Service: Indexing Data (lDOMANE) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\System32\drivers\trcboot.exe
    O23 - Service: Creative VF0250 RunApp Service (V0250Srv) - Creative Technology Ltd. - C:\PROGRA~1\Creative\V0250Srv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

    --
    End of file - 15077 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    The P2P programs you have installed expose you to risks because of the nature of the P2P file sharing process. File sharing/P2P programs rely on members giving and gaining unrestricted access to computers across the P2P network. This practice can make you vulnerable to data and identity theft. It also exposes you to very malicious worms and trojans. You change those risky default settings to a safer configuration but the act of downloading files from an anonymous source greatly increases your exposure to infection.


    Please download (save) SmitfraudFix (by S!Ri) to your desktop. SmitfraudFix runs under W2K, XP only.

    Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
    to a new folder called SmitfraudFix.
    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  3. libcal

    libcal Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    4
    Thanks for the help! Below is the result of the search. My system language is Chinese
    so there might be some encoding issues.

    SmitFraudFix v2.246

    Scan done at 17:19:22.99, 11/01/2007 Thu
    Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    换换换换换换换换换换换换 Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\trcboot.exe
    C:\Program Files\IBM\Mobility Client\artstartsvc.exe
    C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
    C:\progra~1\c4ebreg\c4ebreg.exe
    c:\sdwork\issimsvc.exe
    C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
    C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe
    C:\Program Files\Java\jre1.5.0_08\bin\javaw.exe
    C:\notes\ntmulti.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\System32\vmnat.exe
    C:\WINDOWS\System32\vmnetdhcp.exe
    C:\WINDOWS\System32\Drivers\ldlcserv.exe
    C:\WINDOWS\System32\acs.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\notes\NLNOTES.EXE
    C:\Program Files\IBM\Mobility Client\artcore.exe
    C:\Program Files\IBM\Mobility Client\artifdown.exe
    C:\notes\ntaskldr.EXE
    C:\Program Files\IBM\WID602\eclipse\eclipse.exe
    C:\Program Files\IBM\WID602\eclipse\jre\bin\javaw.exe
    C:\WINDOWS\system32\calc.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
    C:\WINDOWS\system32\cmd.exe

    换换换换换换换换换换换换 hosts


    换换换换换换换换换换换换 C:\


    换换换换换换换换换换换换 C:\WINDOWS

    C:\WINDOWS\bxsbang.dll FOUND !
    C:\WINDOWS\kthemup.exe FOUND !
    C:\WINDOWS\movctrlwxq.dll FOUND !
    C:\WINDOWS\nssfrch.dll FOUND !
    C:\WINDOWS\ocgrep.dll FOUND !

    换换换换换换换换换换换换 C:\WINDOWS\system


    换换换换换换换换换换换换 C:\WINDOWS\Web


    换换换换换换换换换换换换 C:\WINDOWS\system32


    换换换换换换换换换换换换 C:\Documents and Settings\Administrator


    换换换换换换换换换换换换 C:\Documents and Settings\Administrator\Application Data


    换换换换换换换换换换换换 Start Menu


    换换换换换换换换换换换换


    换换换换换换换换换换换换 Desktop


    换换换换换换换换换换换换 C:\Program Files


    换换换换换换换换换换换换 Corrupted keys


    换换换换换换换换换换换换 Desktop Components



    换换换换换换换换换换换换 Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    换换换换换换换换换换换换 AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\WINDOWS\\system32\\Manager.dll"


    换换换换换换换换换换换换 Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    换换换换换换换换换换换换 Rustock



    换换换换换换换换换换换换 DNS

    Description: 11a/b/g Wireless LAN Mini PCI Adapter
    DNS Server Search Order: 192.168.0.1

    Description: IBM Mobility Client Virtual Adapter
    DNS Server Search Order: 9.0.9.1
    DNS Server Search Order: 9.0.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{080CA878-69C8-4EF0-A7D8-2C6B5C6BE9B0}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D1EAEC50-E950-4382-9A06-61E8C4D3782A}: DhcpNameServer=9.0.9.1 9.0.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{080CA878-69C8-4EF0-A7D8-2C6B5C6BE9B0}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{833A38E2-6A00-426C-A414-7989FF2079C3}: NameServer=鹈g
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{D1EAEC50-E950-4382-9A06-61E8C4D3782A}: DhcpNameServer=9.0.9.1 9.0.2.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{080CA878-69C8-4EF0-A7D8-2C6B5C6BE9B0}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{833A38E2-6A00-426C-A414-7989FF2079C3}: NameServer=鹈g
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


    换换换换换换换换换换换换 Scanning for wininet.dll infection


    换换换换换换换换换换换换 End
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.



    Please post the C:\rapport.txt and a new HJT log in your next reply.
     
  5. libcal

    libcal Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    4
    Thanks cybertech!

    Here is the result of running option #2. One thing I'm not sure about is that after the cleaning and restart of my computer I still got a pop up window: "Windows can't find
    C:/Windows/System32/SystdSvr.dll". Not sure if something is trying to load this dll?

    Appreciate your help a lot!

    ---------------------
    SmitFraudFix v2.246

    Scan done at 12:23:06.97, 11/02/2007 Fri
    Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    换换换换换换换换换换换换 SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    换换换换换换换换换换换换 Killing process


    换换换换换换换换换换换换 hosts

    127.0.0.1 localhost

    换换换换换换换换换换换换 Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    换换换换换换换换换换换换 Generic Renos Fix

    GenericRenosFix by S!Ri


    换换换换换换换换换换换换 Deleting infected files

    C:\WINDOWS\bxsbang.dll Deleted
    Deleting [HKEY_CLASSES_ROOT\CLSID\{F82BF1F4-B4E9-41EF-AD68-7D330E8F1491}]
    C:\WINDOWS\kthemup.exe Deleted
    C:\WINDOWS\movctrlwxq.dll Deleted
    C:\WINDOWS\nssfrch.dll Deleted
    C:\WINDOWS\ocgrep.dll Deleted
    Deleting [HKEY_CLASSES_ROOT\CLSID\{ECF2CF6A-8CE6-4FDD-86F2-BFE6FD8F72AB}]

    换换换换换换换换换换换换 DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{080CA878-69C8-4EF0-A7D8-2C6B5C6BE9B0}: DhcpNameServer=192.168.0.1


    换换换换换换换换换换换换 Deleting Temp Files


    换换换换换换换换换换换换 Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    换换换换换换换换换换换换 Registry Cleaning

    Registry Cleaning done.

    换换换换换换换换换换换换 SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    换换换换换换换换换换换换 End
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I need to see a new hijackthis log please.
     
  7. libcal

    libcal Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    4
    I removed(hopefully) the systdsrv.dll with Hijackthis. Not sure if there's anything else in
    the system. Here is the log file. Thanks a lot for your help!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:06:12 PM, on 11/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\trcboot.exe
    C:\Program Files\IBM\Mobility Client\artstartsvc.exe
    C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
    C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
    C:\progra~1\c4ebreg\c4ebreg.exe
    c:\sdwork\issimsvc.exe
    C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
    C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exe
    C:\Program Files\Java\jre1.5.0_08\bin\javaw.exe
    C:\notes\ntmulti.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\System32\vmnat.exe
    C:\WINDOWS\System32\vmnetdhcp.exe
    C:\WINDOWS\System32\Drivers\ldlcserv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\System32\acs.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\progra~1\c4ebreg\isamtray.exe
    C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\V0250Mon.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\IBM\Mobility Client\artcore.exe
    C:\Program Files\IBM\Mobility Client\artifdown.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\IBM\Mobility Client\artbcast.exe
    C:\notes\NLNOTES.EXE
    C:\notes\ntaskldr.EXE
    C:\Program Files\IBM\WID602\eclipse\eclipse.exe
    C:\Program Files\IBM\WID602\eclipse\jre\bin\javaw.exe
    C:\hijackthis\HiJackThis.exe

    O1 - Hosts: 9.43.32.156 robert-zpro.ibm.com robert-zpro
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: TBSB06559 - {5E65C12C-D4DE-4FBA-B548-4DF4E5F78819} - C:\PROGRA~1\IBMTOO~1\toolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
    O3 - Toolbar: IBM Toolbar - {83DC8BD3-AB6C-4E32-BF78-40F1200D598E} - C:\Program Files\IBM Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [QCWLICON] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
    O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
    O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
    O4 - HKLM\..\Run: [defergui] c:\sdwork\defergui.exe
    O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
    O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\system32\Rundll32.exe NMGameX.dll,LiveProcess /aa
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DownloadGrid] C:\Program Files\IBM\Java142\jre\javaws\javaws.exe http://downloadgrid.webahead.ibm.com/DownloadGridAppletWrapper/client/JNLPWrapper
    O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
    O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 使用iTudou下载节目 - C:\Program Files\iTudou\iTudou_Link.HTM
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
    O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
    O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
    O9 - Extra button: D?à?UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - C:\Program Files\sina\UC\uc.exe (file missing)
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
    O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
    O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download.answers.com/pub/AnswersSetup.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.inf...W/win/019-0312.20050111.MmVrT/iTunesSetup.exe
    O16 - DPF: {448A5F6B-8C03-4B54-A338-F00237C508AD} (WEBChatRoomOCX Control) - http://www.51uc.com/cab/WEBChatRoom_1_51.cab
    O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroomclient/STJNILoader.cab
    O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{080CA878-69C8-4EF0-A7D8-2C6B5C6BE9B0}: Domain = ibm.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM
    O17 - HKLM\System\CS1\Services\Tcpip\..\{080CA878-69C8-4EF0-A7D8-2C6B5C6BE9B0}: Domain = ibm.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM
    O20 - AppInit_DLLs: C:\WINDOWS\system32\Manager.dll
    O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
    O23 - Service: Mobility Client (ArtourService) - Unknown owner - C:\Program Files\IBM\Mobility Client\artsvc.exe
    O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\progra~1\c4ebreg\c4ebreg.exe
    O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exe
    O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
    O23 - Service: Indexing Data (lDOMANE) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\System32\drivers\trcboot.exe
    O23 - Service: Creative VF0250 RunApp Service (V0250Srv) - Creative Technology Ltd. - C:\PROGRA~1\Creative\V0250Srv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

    --
    End of file - 15012 bytes
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You should remove BitTorrent.

    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. This is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 update 3.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/645988

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice