Computing.Net > Forums > Security and Virus > Security and Virus

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Security and Virus

Reply to Message Icon
Original Message
Name: magal
Date: December 30, 2003 at 15:23:40 Pacific
Subject: Security and Virus
OS: win xp
CPU/Ram: amd 512
Comment:

Does anyone have any idea about systemie.exe cause I believe it might be preventing my computer from shutting down. When I shut down a message pops up that says "systemie.exe failed to initialize because windows is shutting down" and my computer just doesn't shut down. Someone told me that could be a hijack problem. I hope you coud help me.
Logfile of HijackThis v1.97.7
Scan saved at 6:14:16 PM, on 12/30/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\Bin\iPodWatcher.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\iPod\Bin\iPodSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost32.exe
C:\WINDOWS\System32\sw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Renato\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iPodWatcher] C:\Program Files\iPod\Bin\iPodWatcher.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [P2P Networking2] C:\WINDOWS\System32\P2P Networking\P2P Networking2.exe /AUTOSTART
O4 - HKLM\..\Run: [MS Windows Startup] svchost32.exe
O4 - HKLM\..\Run: [Configuration Loader] sw32.exe
O4 - HKLM\..\Run: [Microsoft .NET Confingurator] msnconf.exe
O4 - HKLM\..\Run: [Microsoft Hosting Services] c:\svchost.exe
O4 - HKLM\..\RunServices: [MS Windows Startup] svchost32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] sw32.exe
O4 - HKLM\..\RunServices: [Microsoft .NET Confingurator] msnconf.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5...b?1072417977903
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7980.8454861111
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7DA5BD9-E32A-4ABF-863E-FD86A3924EEA}: NameServer = 151.201.0.39 151.201.0.38



Report Offensive Message For Removal


Response Number 1
Name: iceblue
Date: December 30, 2003 at 17:12:44 Pacific
Reply: (edit)

systemie.exe fix
Thanks on this one to Mosaic1.

"To remove this pest copy the contents of the Quote below to Notepad. Name the file as Fix.reg Save as all files. Double click on Fix.reg to enter into the registry and prevent this from starting at next boot.

QUOTE
REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D1228C9-F556-4158-BC0B-D3FF4F3F3E1B}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad"systemie"=-

Reboot.

Find and remove these files:
systemie.exe
sysie.dll
systemie.dll
systemie.dat

After it is removed you will need to change any passwords and all passwords or sensitive infomration you may have typed into a form. This is a Keylogger and that information was sent to the hacker."

Good luck,
Hth
*original reply from Tony Klein
iceblue


Report Offensive Follow Up For Removal

Response Number 2
Name: iceblue
Date: December 30, 2003 at 19:09:48 Pacific
Reply: (edit)

Following on after that process; rescan with HjT and repost the new log to remove the remaining problems.

iceblue


Report Offensive Follow Up For Removal







Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Security and Virus

Comments:
            
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Have you ever used OpenOffice?

Yes, as my main suite.
Yes, occationally.
Yes, but only once.
No, never.


View Results

Poll Finishes In 5 Days.
Discuss in The Lounge


use of disk defragmenter?

Recording data

Share Interet XP to 2000

Bootable cd and start SIW

western digital 80GB HD problem.

All Posts Awaiting Replies