Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Privacy Center


  • This topic is locked This topic is locked
1 reply to this topic

#1 sparrowdclxvi

sparrowdclxvi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 28 July 2009 - 01:52 PM

A friend of mine has the Privacy Center virus on their PC. I've followed this post to remove it, but that hasn't worked. Below are the steps I've followed.

1. Download MBAM and run a quick scan. This brought up a number of items to be removed. I removed them all and restarted, but PC was still there.
2. I ran a full scan that evening when I went to bed. The next morning the computer had hibernated, so I woke it up, but there was no sign of the MBAM session.
3. I changed the power settings and reran the full scan. 1 item appeared in the scan quite quickly. However, I left it to run and the screensaver kicked in. When I entered the password to log in again, the MBAM session was again missing.
4. I ran another quick scan and this found 1 item. I removed this and restarted the computer, but PC is still there.
5. I ran a full scan with Norton AntiVirus which my friend downloaded. The virus definitions are 152 days out of date, but for obvious reasons I'm not connecting it to my network to update them. Norton found nothing at all.
6. I downloaded and ran the DDS scipt (see below and attached). There was one message at the end of the DOS Session as follows:
Access is denied.
EDS.EXE: can't read temp00: Permission denied

I'm stuck now. In the post mentioned above, there is a list of directories/registry keys. Of these, C:\Program Files\Privacy Center still exists, but none of the %UserProfile% items are there.
None of the listed registry settings are there, but there is a HKLM\Software\PrivacyCenter key.

If you need any other information, please let me know.

Thanks for your help.

Alex

DDS.txt

DDS (Ver_09-06-26.01) - FAT32x86
Run by Mark at 18:54:48.10 on 28/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.565 [GMT 1:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PrivacyCenter\protector.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Documents and Settings\Mark\Desktop\dds.scr
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\V0380Mon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_10\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [EPM-DM] c:\acer\epm\epm-dm.exe
mRun: [ePowerManagement] c:\acer\epm\ePM.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\program files\acer\erecovery\Monitor.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [V0380Mon.exe] c:\windows\V0380Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_10\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [PrivacyCenter] c:\program files\privacycenter\protector.exe -startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-7-27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-7-27 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-7-27 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090715.003\IDSXpx86.sys [2009-7-27 276344]
R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-6-7 4096]
R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-6-7 78208]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-7-27 115560]
R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-6-7 7296]
R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-6-7 4010]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-7-27 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090226.034\NAVENG.SYS [2009-7-27 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090226.034\NAVEX15.SYS [2009-7-27 876144]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-9-18 31616]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [2006-7-14 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [2006-7-14 23296]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2006-7-27 9344]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2006-9-16 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [2006-9-16 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [2006-9-16 87456]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2006-6-7 30336]
S3 V0380Afx;Creative Camera VF0380 Audio Effects Driver;c:\windows\system32\drivers\V0380Afx.sys [2008-9-18 142656]
S3 V0380Aud;Creative Camera VF0380 Noise Cancellation APO;c:\windows\system32\drivers\V0380Aud.sys [2008-9-18 94976]
S3 V0380Dev;Creative Camera VF0380 Driver;c:\windows\system32\drivers\V0380Vid.sys [2008-9-18 273152]
S3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;c:\windows\system32\drivers\V0380Vfx.sys [2008-9-18 7168]

=============== Created Last 30 ================

2009-07-27 21:27 <DIR> --d----- c:\docume~1\mark\applic~1\Malwarebytes
2009-07-27 21:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 21:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-27 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-27 21:27 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 20:16 <DIR> --d--r-- c:\program files\Norton Support
2009-07-27 19:16 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-07-27 19:16 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-07-27 19:16 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-07-27 19:16 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-07-27 19:16 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-07-27 19:16 <DIR> --d----- c:\program files\Symantec
2009-07-27 19:16 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-07-27 19:15 <DIR> --d----- c:\windows\system32\drivers\NAV
2009-07-27 19:15 <DIR> --d----- c:\program files\Norton AntiVirus
2009-07-27 19:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-07-27 19:12 <DIR> --d----- c:\program files\NortonInstaller
2009-07-27 19:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-07-27 17:44 <DIR> --d----- c:\program files\PrivacyCenter
2009-07-27 17:44 <DIR> --d----- c:\docume~1\mark\applic~1\none
2009-07-21 20:29 <DIR> --dsh--- C:\FOUND.009
2009-07-16 20:19 424 a------- C:\Yahoo.LNK
2009-07-16 19:54 613 a------- C:\Application - Family and Community Manager.LNK
2009-07-16 19:35 218 a------- C:\Family Worker Advert, JobSpec&JobDescription.doc.url
2009-07-16 19:35 164 a------- C:\08874734.doc on www.warwickshire.gov.uk.url
2009-07-12 20:16 767 a------- C:\COMPANY PROSPECTUS.LNK
2009-07-11 20:56 767 a------- C:\Mark CV Head Coach.LNK
2009-07-02 22:42 927 a------- C:\Connect Golf Coaching Web page draft 2nd July 2009.LNK
2009-07-02 21:40 419 a------- C:\Der_perfekte_Winkel.LNK
2009-07-01 20:17 528 a------- C:\Welbs'_personal_statement.LNK
2009-06-30 22:45 737 a------- C:\Summer Camps.LNK
2009-06-30 21:27 538 a------- C:\Learning_Mentor_J_D_10.6.09.LNK
2009-06-30 21:25 483 a------- C:\Application_Form.LNK
2009-06-30 21:07 543 a------- C:\Learning_Mentor_P_S__10.6.09.LNK
2009-06-30 21:06 493 a------- C:\Email_Lauren_Welby.LNK
2009-06-29 21:28 214 a------- C:\Cluster_Co-ordinator_Person_Spec[1][1].doc.url
2009-06-29 21:28 164 a------- C:\59074807.doc on www.warwickshire.gov.uk.url
2009-06-29 21:06 958 a------- C:\ACEacademy-COMING UP Poster.LNK
2009-06-29 21:06 748 a------- C:\Academy Stationary.LNK
2009-06-28 20:39 747 a------- C:\Jobs 28 June-1.LNK
2009-06-28 20:35 444 a------- C:\Academy Template - Spain.LNK
2009-06-28 20:12 449 a------- C:\Initial Questions - Spain.LNK
2009-06-28 19:58 471 a------- C:\Events Stationary.LNK
2009-06-28 19:53 737 a------- C:\Jobs 28 June.LNK

==================== Find3M ====================

2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 15:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 20:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 16:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2008-11-30 00:08 72,248 a------- c:\docume~1\mark\applic~1\GDIPFONTCACHEV1.DAT
2006-07-21 11:28 358 a------- c:\docume~1\mark\applic~1\wklnhst.dat
2008-09-18 20:10 75 ---shr-- c:\windows\CT4CET.bin
2006-11-11 12:01 1,890 a--sh--- c:\windows\system32\KGyGaAvL.sys
2006-07-20 08:55 56 ---shr-- c:\windows\system32\0B045B0294.sys
2008-09-05 18:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat

============= FINISH: 18:55:53.50 ===============

Attached Files


Edited by sparrowdclxvi, 28 July 2009 - 01:54 PM.


BC AdBot (Login to Remove)

 


#2 sparrowdclxvi

sparrowdclxvi
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 03 August 2009 - 12:03 PM

Now being helped on Spybot forums. Please close this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users