Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] PCPrivacyTool removal


  • This topic is locked This topic is locked
9 replies to this topic

#1 adelante

adelante

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 03 December 2007 - 07:32 PM

Hello, I'm having popups saying that I have some privacy errors, which need to be fixed. I'm offered to visit pcprivacytool website. My PC is slower than it used to be. I used to install this pcprivacy tool. Later I realised what I did. So I thied to delete everythin' but still I have these popups. I thied different antiviruses and anti-spyware...but U know...

    Advertisements

Register to Remove


#2 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 04 December 2007 - 11:58 AM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

The first step in cleaning the malware off your computer is creating a HijackThis log:

Download HJTInstall.exe to your desktop.

  • Doubleclick HJTInstall.exe to install HijackThis.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Please copy the contents of the report and paste it back here.

Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

#3 adelante

adelante

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 04 December 2007 - 10:04 PM

OK. I did this in regular Windows mode. (not in SAFE mode...)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:59 AM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Nnueee
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\Program Files\flashget\jccatch.dll
O2 - BHO: (no name) - {40EB2EFA-65EE-4382-BDF6-B664C86C5CAB} - C:\WINDOWS\system32\actived.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll (file missing)
O2 - BHO: BitAccelerator module - {92860A02-4D69-48c1-82D7-EF6B2C609502} - C:\Program Files\BitAccelerator\BitAccelerator.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\Program Files\flashget\getflash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Закачать все при помощи FlashGet - F:\Program Files\flashget\jc_all.htm
O8 - Extra context menu item: &Закачать при помощи FlashGet - F:\Program Files\flashget\jc_link.htm
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher...menu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher...=menu_ie_report
O9 - Extra button: Ni?aai?iua iaoa?eaeu - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\4\flashget\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\4\flashget\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://ca.com/us/sec...an/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1195693813578
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1196288744156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57FA5059-FA51-4435-B258-651850831260}: NameServer = 193.110.57.4 193.110.56.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BC8B0B6-558F-411C-97B9-D00D6B1AEA56}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: c:\windows\system32\smserher.dll,C:\PROGRA~1\sQusi\SQUSIT~1\sQusi20Stb.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ?o?iae niauoee (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Neo?aa COM caiene eiiiaeo-aeneia IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Aeniao?a? naaina ni?aaee aey oaaeaiiiai ?aai?aai noiea (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Nia?o-ea?ou (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ?o?iaeu e iiiaauaiey i?iecaiaeoaeuiinoe (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Oaiaaia eiie?iaaiea oiia (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Aaaioa? i?iecaiaeoaeuiinoe WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 9675 bytes

#4 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 05 December 2007 - 05:23 AM

Hi :)

Do you have a Russian version of Windows?

Please go to VirusTotal or Jotti and upload C:\WINDOWS\system32\actived.dll for scanning.

For VirusTotal:

  • Please copy and paste C:\WINDOWS\system32\actived.dll in the text box next to the Browse... button.
  • Click on Send File.

For Jotti:

  • Please copy and paste C:\WINDOWS\system32\actived.dll in the text box next to the Browse... button.
  • Click on Submit.

Copy/paste the results in Notepad and save them to your desktop.

Also do this for c:\windows\system32\smserher.dll and C:\PROGRAM FILES\sQusi\SQUSIT~1\sQusi20Stb.dll (SQUSIT~1 > this folder starts with the letters SQUSIT and has the file sQusi20Stb.dll inside of it)

In your next reply, please post the Virustotal/Jotti results.

#5 adelante

adelante

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 05 December 2007 - 11:06 AM

I have licensed Win XP Russian ed.
I scanned actived.dll
I couldn't locate the shredder whatewer...it doesn't exist I quess.
I couldn't scan sQusi file cuz when I try to upload it in both sites that u gave me - i get - the page could not be displayed...

so here is actived.dll scan





File actived.dll received on 12.05.2007 17:26:24 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 14/32 (43.75%)


Antivirus Version Last Update Result
AhnLab-V3 2007.12.5.0 2007.12.05 -
AntiVir 7.6.0.34 2007.12.05 TR/BHO.abo.1
Authentium 4.93.8 2007.12.05 -
Avast 4.7.1098.0 2007.12.05 -
AVG 7.5.0.503 2007.12.05 Generic9.AAUY
BitDefender 7.2 2007.12.05 -
CAT-QuickHeal 9.00 2007.12.05 Trojan.BHO.abo
ClamAV 0.91.2 2007.12.05 -
DrWeb 4.44.0.09170 2007.12.05 Trojan.DownLoader.37561
eSafe 7.0.15.0 2007.12.04 -
eTrust-Vet 31.3.5353 2007.12.05 -
Ewido 4.0 2007.12.05 -
FileAdvisor 1 2007.12.05 -
Fortinet 3.14.0.0 2007.12.05 -
F-Prot 4.4.2.54 2007.12.05 -
F-Secure 6.70.13030.0 2007.12.05 Trojan.Win32.BHO.abo
Ikarus T3.1.1.12 2007.12.05 Trojan-PWS.Win32.Lmir
Kaspersky 7.0.0.125 2007.12.05 Trojan.Win32.BHO.abo
McAfee 5177 2007.12.04 -
Microsoft 1.3007 2007.12.05 TrojanSpy:Win32/Bzub.GB.dll
NOD32v2 2701 2007.12.05 -
Norman 5.80.02 2007.12.05 W32/BHO.ATH
Panda 9.0.0.4 2007.12.04 Adware/AVSystemCare
Prevx1 V2 2007.12.05 Trojan.DoS.Win32.Opdos
Rising 20.21.20.00 2007.12.05 -
Sophos 4.24.0 2007.12.05 Troj/BHO-EE
Sunbelt 2.2.907.0 2007.12.05 -
Symantec 10 2007.12.05 -
TheHacker 6.2.9.150 2007.12.05 Trojan/BHO.abo
VBA32 3.12.2.5 2007.12.04 -
VirusBuster 4.3.26:9 2007.12.05 -
Webwasher-Gateway 6.6.2 2007.12.05 Trojan.BHO.abo.1
Additional information
File size: 92672 bytes
MD5: feef541b98155d8892e24093d52fd1b0
SHA1: 59dcb212ce087d1087106581120604f986de47b7
PEiD: -
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://fileinfo.prev...78739001A7812D0

#6 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 05 December 2007 - 12:15 PM

Do you have sQusi Tracking Blocker installed?

Let's make an Uninstall List:

Open HijackThis.

  • Click on the Config button.
  • Click on the Misc Tools button.
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and save the file to a convenient location. When you press Save, Notepad will open with the contents of that file.

Be sure that you are set to see hidden files and folders:

  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labelled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labelled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labelled Hide protected operating system files. Answer Yes to the prompt.
  • Press the Apply button and then the OK button and close My Computer.

Then look for c:\windows\system32\smserher.dll and upload it to Virustotal or Jotti. If it doesn't exist, please let me know. In your next reply, post the Uninstall List (uninstall_list.txt), along with the Virustotal/Jotti results (if you found the file).

#7 adelante

adelante

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 06 December 2007 - 07:22 AM

Hey, there's no c:\windows\system32\smserher.dll . For sure) Yes I do have this sQusi. And I don't need it... I can delete it. I got it after all my problems begun... Ad Muncher Adobe Flash Player 9 ActiveX Adobe Reader 8.1.1 AppCore Apple Mobile Device Support Apple Software Update AV BitAccelerator BitTorrent 4.24.0 Broadcom 440x 10/100 Integrated Controller Broadcom 440x 10/100 Integrated Controller BSplayer Pro 2.20.949 Caoeiaia ono?ienoai SigmaTel Audio ccCommon Conexant HDA D110 MDC V.92 Modem ConnectionServices Counter-Strike 1.6 Dell Mobile Broadband Card Utility Dell Resource CD Dell Wireless WLAN Card Digital Line Detect Eni?aaeaiea aey i?iea?uaaoaey Windows Media 11 - (KB939683) Eni?aaeaiea aey Windows XP (KB914440) FlashGet 1.9.6.1073 GearDrvs High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Iaeao a?aeaa?ia Windows - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) Iaeao a?aeaa?ia Windows - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) Iaeao a?aeaa?ia Windows - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) Iaeao eni?aaeaiee aey Windows XP - KB873339 Iaeao eni?aaeaiee aey Windows XP - KB885835 Iaeao eni?aaeaiee aey Windows XP - KB885836 Iaeao eni?aaeaiee aey Windows XP - KB886185 Iaeao eni?aaeaiee aey Windows XP - KB887472 Iaeao eni?aaeaiee aey Windows XP - KB888302 Iaeao eni?aaeaiee aey Windows XP - KB890859 Iaeao eni?aaeaiee aey Windows XP - KB891781 Iaiiaeaiea aaciianiinoe aey i?iea?uaaoaey Windows Media - (KB911564) Iaiiaeaiea aaciianiinoe aey i?iea?uaaoaey Windows Media 11 - (KB936782) Iaiiaeaiea aaciianiinoe aey i?iea?uaaoaey Windows Media 6.4 - (KB925398) Iaiiaeaiea aaciianiinoe aey Windows Internet Explorer 7 (KB938127) Iaiiaeaiea aaciianiinoe aey Windows Internet Explorer 7 (KB939653) Iaiiaeaiea aaciianiinoe aey Windows XP (KB890046) Iaiiaeaiea aaciianiinoe aey Windows XP (KB893756) Iaiiaeaiea aaciianiinoe aey Windows XP (KB896358) Iaiiaeaiea aaciianiinoe aey Windows XP (KB896423) Iaiiaeaiea aaciianiinoe aey Windows XP (KB896428) Iaiiaeaiea aaciianiinoe aey Windows XP (KB899587) Iaiiaeaiea aaciianiinoe aey Windows XP (KB899591) Iaiiaeaiea aaciianiinoe aey Windows XP (KB900725) Iaiiaeaiea aaciianiinoe aey Windows XP (KB901017) Iaiiaeaiea aaciianiinoe aey Windows XP (KB901214) Iaiiaeaiea aaciianiinoe aey Windows XP (KB902400) Iaiiaeaiea aaciianiinoe aey Windows XP (KB904706) Iaiiaeaiea aaciianiinoe aey Windows XP (KB905414) Iaiiaeaiea aaciianiinoe aey Windows XP (KB905749) Iaiiaeaiea aaciianiinoe aey Windows XP (KB908519) Iaiiaeaiea aaciianiinoe aey Windows XP (KB911562) Iaiiaeaiea aaciianiinoe aey Windows XP (KB911927) Iaiiaeaiea aaciianiinoe aey Windows XP (KB913580) Iaiiaeaiea aaciianiinoe aey Windows XP (KB914388) Iaiiaeaiea aaciianiinoe aey Windows XP (KB914389) Iaiiaeaiea aaciianiinoe aey Windows XP (KB917953) Iaiiaeaiea aaciianiinoe aey Windows XP (KB918118) Iaiiaeaiea aaciianiinoe aey Windows XP (KB918439) Iaiiaeaiea aaciianiinoe aey Windows XP (KB919007) Iaiiaeaiea aaciianiinoe aey Windows XP (KB920213) Iaiiaeaiea aaciianiinoe aey Windows XP (KB920670) Iaiiaeaiea aaciianiinoe aey Windows XP (KB920683) Iaiiaeaiea aaciianiinoe aey Windows XP (KB920685) Iaiiaeaiea aaciianiinoe aey Windows XP (KB921503) Iaiiaeaiea aaciianiinoe aey Windows XP (KB922819) Iaiiaeaiea aaciianiinoe aey Windows XP (KB923191) Iaiiaeaiea aaciianiinoe aey Windows XP (KB923414) Iaiiaeaiea aaciianiinoe aey Windows XP (KB923980) Iaiiaeaiea aaciianiinoe aey Windows XP (KB924270) Iaiiaeaiea aaciianiinoe aey Windows XP (KB924667) Iaiiaeaiea aaciianiinoe aey Windows XP (KB925902) Iaiiaeaiea aaciianiinoe aey Windows XP (KB926255) Iaiiaeaiea aaciianiinoe aey Windows XP (KB926436) Iaiiaeaiea aaciianiinoe aey Windows XP (KB927779) Iaiiaeaiea aaciianiinoe aey Windows XP (KB927802) Iaiiaeaiea aaciianiinoe aey Windows XP (KB928255) Iaiiaeaiea aaciianiinoe aey Windows XP (KB928843) Iaiiaeaiea aaciianiinoe aey Windows XP (KB929123) Iaiiaeaiea aaciianiinoe aey Windows XP (KB930178) Iaiiaeaiea aaciianiinoe aey Windows XP (KB931261) Iaiiaeaiea aaciianiinoe aey Windows XP (KB931784) Iaiiaeaiea aaciianiinoe aey Windows XP (KB932168) Iaiiaeaiea aaciianiinoe aey Windows XP (KB933729) Iaiiaeaiea aaciianiinoe aey Windows XP (KB935839) Iaiiaeaiea aaciianiinoe aey Windows XP (KB935840) Iaiiaeaiea aaciianiinoe aey Windows XP (KB936021) Iaiiaeaiea aaciianiinoe aey Windows XP (KB938829) Iaiiaeaiea aaciianiinoe aey Windows XP (KB941202) Iaiiaeaiea aaciianiinoe aey Windows XP (KB943460) Iaiiaeaiea aey Windows XP (KB894391) Iaiiaeaiea aey Windows XP (KB898461) Iaiiaeaiea aey Windows XP (KB900485) Iaiiaeaiea aey Windows XP (KB904942) Iaiiaeaiea aey Windows XP (KB908531) Iaiiaeaiea aey Windows XP (KB910437) Iaiiaeaiea aey Windows XP (KB911280) Iaiiaeaiea aey Windows XP (KB916595) Iaiiaeaiea aey Windows XP (KB920342) Iaiiaeaiea aey Windows XP (KB920872) Iaiiaeaiea aey Windows XP (KB922582) Iaiiaeaiea aey Windows XP (KB927891) Iaiiaeaiea aey Windows XP (KB930916) Iaiiaeaiea aey Windows XP (KB933360) Iaiiaeaiea aey Windows XP (KB936357) Iaiiaeaiea aey Windows XP (KB938828) Intel® Graphics Media Accelerator Driver iTunes Kaspersky Online Scanner K-Lite Codec Pack 3.5.3 Full LiveUpdate 3.2 (Symantec Corporation) Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office - i?ioanneiiaeuiue auione aa?nee 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Nero Suite Norton 360 Norton 360 Norton 360 Norton 360 (Symantec Corporation) Norton 360 Help Norton Confidential Browser Component Norton Confidential Web Authentification Component Norton Confidential Web Protection Component QIP 2005 Uninstall QuickTime RegAlyzer Security Update aey Microsoft .NET Framework 2.0 (EA928365) SPBBC 32bit Spybot - Search & Destroy 1.4 sQusi Tracking Plus SuppSoft Symantec Technical Support Controls SymNet Total Video Converter 3.10 VideoLAN VLC media player 0.8.6c WIDCOMM Bluetooth Software Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live installer Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 WinRAR archiver

#8 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 06 December 2007 - 08:06 AM

Hi :)

I understand that downloading music and other files may be important to you; however, the Peer-to-Peer programs that you are using to do that, even if they are not infected with malware, will bring malware into your system. Therefore, the chances of you becoming infected again are very high. This obviously can result in disabling your computer and could even lead to someone stealing sensitive personal data from your computer. Beyond the inconvenience this causes you, these programs also tend to use your computer as a server to spread more infection all over the internet, so your computer becomes a part of the malware problem.

Remember that no matter how clean the program you're using for Peer-to-Peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via Peer-to-Peer filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Any program or file that offers you the ability to access non-freeware programs at no cost, e.g., pirated software and/or cracks/key generators for gaining access to legitimate software, is 100% guaranteed to contain malware.

Here is some information that looks at the rates of infection:

http://www.benedelman.org/spyware/p2p/

With that being said, I recommend that you remove the following Peer-to-Peer program(s):

BitTorrent 4.24.0

Step 1

Click on Start, then Control Panel. Double click on Add or Remove Programs.

Please remove the following program(s):

  • sQusi Tracking Plus
  • BitAccelerator
  • ConnectionServices

Step 2

Open HijackThis, perform a scan and put a check next to the following items (if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {40EB2EFA-65EE-4382-BDF6-B664C86C5CAB} - C:\WINDOWS\system32\actived.dll
O2 - BHO: ConnectionServices module - {6D7B211A-88EA-490c-BAB9-3600D8D7C503} - C:\Program Files\ConnectionServices\ConnectionServices.dll (file missing)
O2 - BHO: BitAccelerator module - {92860A02-4D69-48c1-82D7-EF6B2C609502} - C:\Program Files\BitAccelerator\BitAccelerator.dll (file missing)
O20 - AppInit_DLLs: c:\windows\system32\smserher.dll,C:\PROGRA~1\sQusi\SQUSIT~1\sQusi20Stb.dll


Close all programs except HijackThis and click on Fix checked.

Step 3

Navigate to the following files/folders using Windows Explorer and delete them when found:

C:\Program Files\BitAccelerator\ <-- Folder
C:\Program Files\ConnectionServices\ <-- Folder

Step 4

In your next reply, please post:

  • a new HijackThis log
  • How is your computer running now?


#9 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 11 December 2007 - 06:21 AM

Are you still with me?

#10 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 14 December 2007 - 05:47 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users