Sys.exe

[__Coder___]

Ok, As it was getting confusing for you guys, I've made a new topic here.
I'll be posting my HJT Log right after this post, Guys just check and tell me whats is really going wrong.

Moreover, today while i was searching Sys.exe on my laptop, i found i have a copy this file on every drive.
All these files are identical in size.

C:\Program files\Internet Explorer\Stm.exe is another Suspicious file.

P3@C3

[__Coder___]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:33:13, on 5/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BILSYNCCHAT\bin\tgsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\admin\Desktop\SmitfraudFix\Policies.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - D:\New Folder\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {80454064-54FC-49E4-AEAC-40E1E5B529C3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [avp6_post_install] msiexec.exe /i"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\english\kav.en.msi"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SystemManger] C:\Program Files\Internet Explorer\iexplorer.exe
O4 - Startup: taksman.exe
O4 - Startup: taskmgr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\New Folder\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - D:\New Folder\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\SASWINLO.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (nxpclient) (sprtsvc_nxpclient) - SupportSoft, Inc. - C:\Program Files\Airtel\NetXpert\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (bilsyncchat) (tgsrvc_bilsyncchat) - SupportSoft, Inc. - C:\Program Files\BILSYNCCHAT\bin\tgsrvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7680 bytes

[Omid Farhang]

do a scan via a bootable AntiVirus disc to remove active and/or hidden viruses:
The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from here. You can learn how to use it from Here.
also, if you want to burn that disc yourself with your own burning tool (Such as Nero or…), you can download the Image File (.iso) from Here.
After burn it to disc, use it to boot your computer and do a full scan and remove anything that it find.

and then Download, install and update these programs:

Malwarebytes Antimalware: http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware: http://www.superantispyware.com/
SpyBot S&D: http://www.spybot.info/

scan your computer using them, also try to immunize your windows using SpyBot S&D. During installation of SpyBot S&D disable all residents.


Update your windows to service Pack 3 and also keep your computer fully patched/up-to-date  http://update.microsoft.com/microsoftupate

upgrade your internet explorer to version 8 even if it's not your main browser.

and since there are so missing file in your computer:
after a long time that you use your computer or when you install and un-install many program, or even sometimes after removing some malware in your computer. these steps can slow down your computer a bit. there are some usual steps that can help you:

Defragment Hard Drive: you can use "Auslogics Disk Defrag", it's freeware and you can get it from Here

Clean-up Hard Drive: empty temp folders periodically can be useful, there are a program called CCleaner that can do it for you easily and it’s freeware, you can get it from Here

Clean-up Registry: “Auslogics Registry Cleaner” would remove invalid and those keys that are not needed safely and without any risk. It would fix many problems and of course make your windows a few faster.  get it from Here

Defragment Registry: Keeping the registry as compact as possible means better computer performance. As a result, the Registry becomes compact and small, greatly improving your computer performance. “Auslogics Registry Defrag” can do it for you, you can use this as a long time free trial without any problem, get it from Here

[CharleyO]

***

An analysis of your HJT log shows the following problems :

Platform: Windows XP SP2 (WinNT 5.01.2600)
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.

It seems that you don't use an anti-virus scanner or your scanner is not active. Only an anti-virus scanner can protect you against new viruses.

We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall.

C:\Program Files\BILSYNCCHAT\bin\tgsrvc.exe
Entry rated questionable by HJT. It is a Repair Service belonging to SupportSoft Repair Service.
http://www.file.net/process/tgsrvc.exe.html
It does not need to be running at startup.
http://www.backgroundtask.eu/Systeemtaken/Taakinfo.php?ID=18374

C:\Program Files\Internet Explorer\iexplorer.exe
BAD entry that must be fixed!
http://www.file.net/process/iexplorer.exe.html

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Unnecessary (deactivated) entry that can be fixed - Yahoo Companion.

O2 - BHO: (no name) - {80454064-54FC-49E4-AEAC-40E1E5B529C3} - (no file)
Unknown application. Unnecessary (deactivated) entry that can be fixed.

O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
Unnecessary (deactivated) entry that can be fixed. FindeXer.dll - FindeXer, hxxp://tomseffect.com Explorer Bar

O4 - HKCU\..\Run: [SystemManger] C:\Program Files\Internet Explorer\iexplorer.exe
BAD entry that must be fixed!
http://www.file.net/process/iexplorer.exe.html

O4 - Startup: taksman.exe
BAD entry that must be fixed. Associated Malware Groups - Worm, System Back Door, Cloaked Malware
http://www.prevx.com/filenames/X43346932334173324-1559271512/TAKSMAN.EXE.html
http://www.threatexpert.com/files/taksman.exe.html

O4 - Startup: taskmgr.exe
Questionable entry. Why is Task Manager running at startup?

O23 - Service: SupportSoft Repair Service (bilsyncchat) (tgsrvc_bilsyncchat) - SupportSoft, Inc. - C:\Program Files\BILSYNCCHAT\bin\tgsrvc.exe
Entry rated questionable by HJT. It is a Repair Service belonging to SupportSoft Repair Service.
http://www.file.net/process/tgsrvc.exe.html
It does not need to be running at startup.
http://www.backgroundtask.eu/Systeemtaken/Taakinfo.php?ID=18374


Overview of running tasks:

smss.exe   
System task   
Session Manager Subsystem

winlogon.exe   
System task   
Microsoft Windows Logon Process

services.exe   
System task   
Windows Service Controller

lsass.exe   
System task   
Local Security Authority Service

svchost.exe   
System task   
Microsoft Service Host Process

svchost.exe   
System task   
Microsoft Service Host Process

btwdins.exe   
System task   
Microsoft Bluetooth Service

wltrysvc.exe   
Application   
Broadcom Corporation Wireless Network Tray Applet

bcmwltry.exe   
Driver   
bcmwltry

spoolsv.exe   
System task   
Microsoft Printer Spooler Service

agrsmsvc.exe   
Driver   
Modem Service

cisvc.exe   
System task   
Microsoft Index Service Helper

ekrn.exe   
Virusscan   
ESET_Smart_Security

PnkBstrA.exe   
Suspicious task   
pnkbstra.exe

sprtsvc.exe   
Backgroundtask   
SupportSoft Agent Service

svchost.exe   
System task   
Microsoft Service Host Process

tgsrvc.exe   
Backgroundtask   
Repair Service

wscntfy.exe   
System task   
Microsoft Windows Security Center

Explorer.EXE   
System task   
Microsoft Windows Explorer

egui.exe   
Virusscan   
NeExtender GUI client

ctfmon.exe   
System task   
Alternative User Input Services

GoogleToolbarNotifier.exe   
Backgroundtask   
GoogleToolbarNotifier

TeaTimer.exe   
Application   
Spybot S&D Realtime Scanner

svchost.exe   
System task   
Microsoft Service Host Process

Policies.exe   
Unknown task   
Unknown task

firefox.exe   
Application   
Mozilla Firefox

cidaemon.exe   
System task   
Microsoft Indexing Service

iexplorer.exe   
Adware   
AdClicker parasite

NOTEPAD.EXE   
Application   
Windows Notepad

NOTEPAD.EXE   
Application   
Windows Notepad

HijackThis.exe   
Application   
Merijn Hijackthis

2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)   
Unknown task   
Unknown task

AcroIEHelper.dll   
Backgroundtask   
Adobe Acrobat Reader Helper

KeyScramblerIE.dll   
Unknown task   
Unknown task

SDHelper.dll   
Unknown task   
Unknown task

GRA8E1~1.DLL   
Unknown task   
Unknown task

ssv.dll   
Driver   
Java Module

2 - BHO: (no name) - {80454064-54FC-49E4-AEAC-40E1E5B529C3} - (no file)   
Unknown task   
Unknown task

GoogleToolbar.dll   
Unknown task   
Unknown task

swg.dll   
Backgroundtask   
Browser Helper Object

fastsearch_219B3E1547538286.dll   
Unknown task   
Unknown task

2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)   
Unknown task   
Unknown task

GoogleToolbar.dll   
Unknown task   
Unknown task

"   
Unknown task   
Unknown task

" /hide /waitservice   
Unknown task   
Unknown task

"   
Unknown task   
Unknown task

ctfmon.exe   
System task   
Alternative User Input Services

GoogleToolbarNotifier.exe   
Backgroundtask   
GoogleToolbarNotifier

TeaTimer.exe   
Application   
Spybot S&D Realtime Scanner

iexplorer.exe   
Adware   
AdClicker parasite

4 - Startup: taksman.exe   
Unknown task   
Unknown task

4 - Startup: taskmgr.exe   
Unknown task   
Unknown task

GPhotos.scr/200   
Unknown task   
Unknown task

EXCEL.EXE/3000   
Suspicious task   
EXCEL.EXE/3000

btsendto_ie_ctx.htm   
Unknown task   
Unknown task

ssv.dll   
Driver   
Java Module

ssv.dll   
Driver   
Java Module

ONBttnIE.dll   
Unknown task   
Unknown task

ONBttnIE.dll   
Unknown task   
Unknown task

KeyScramblerIE.dll   
Unknown task   
Unknown task

KeyScramblerIE.dll   
Unknown task   
Unknown task

REFIEBAR.DLL   
Application   
Microsoft Office Research Assistant Module

btsendto_ie.htm   
Unknown task   
Unknown task

btsendto_ie.htm   
Unknown task   
Unknown task

SDHelper.dll   
Unknown task   
Unknown task

SDHelper.dll   
Unknown task   
Unknown task

msmsgs.exe   
Application   
MSN Messenger

msmsgs.exe   
Application   
MSN Messenger

nwprovau.dll   
Backgroundtask   
nwprovau.dll

16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://nxpchat.airtelbroadband.in/sdccommon/download/tgctlcm.cab   
Unknown task   
Unknown task

Yinsthelper.dll   
Unknown task   
Unknown task

GR99D3~1.DLL   
Unknown task   
Unknown task

SASWINLO.DLL   
Unknown task   
Unknown task

agrsmsvc.exe   
Driver   
Modem Service

btwdins.exe   
System task   
Microsoft Bluetooth Service

EHttpSrv.exe   
Unknown task   
Unknown task

ekrn.exe   
Virusscan   
ESET_Smart_Security

GoogleUpdaterService.exe   
Backgroundtask   
Service Component

PnkBstrA.exe   
Suspicious task   
pnkbstra.exe

pctsAuxs.exe (file missing)   
Unknown task   
Unknown task

pctsSvc.exe (file missing)   
Unknown task   
Unknown task

sprtsvc.exe   
Backgroundtask   
SupportSoft Agent Service

ssrc.exe   
Unknown task   
Unknown task

tgsrvc.exe   
Backgroundtask   
Repair Service

wltrysvc.exe   
Application   
Broadcom Corporation Wireless Network Tray Applet


Your computer seems to have remains of more than one av scanner.


***

[Omid Farhang]

also, in my opinion it's better you:

replace your eset by avast! antivirus for a better protection.
uninstall eset and install avast! home edition.

SpyBot S&D resident (TeaTimer.exe) has so much impact on your computer performance, go to SpyBot S&D advanced mode and disable it.

[__Coder___]

Help of your guys is highly appreciated.

I'll make sure i'll follow all steps, as you have stated. And Will Submit my New HJT Log.

Thankyou Everyone.

[Omid Farhang]

you're welcome

[KAZMANIA]

Hi Coder.

I think 'we' may have solved my problem. I deleted the file on the c:\ and performed a sys restore. So far everything is working. Even my mouse pointer! and i can open the hard drive. but all my bookmarks are gone..  does anyone on here know how i could get them back??

Hope this helps...