Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Some unkown app

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Some unkown app

Unread postby templars » September 30th, 2006, 5:46 am

there's some app that runs itself every now and then. It shows up on menu bar and disappears very quickly. Can someone have a look in my HJT logfile? Thank you

Logfile of HijackThis v1.99.1
Scan saved at 10:45:31, on 30-09-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\system32\rclumad.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Arcade\PCMService.exe
C:\Programas\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Java\jre1.5.0_07\bin\jusched.exe
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programas\SpywareGuard\sgmain.exe
C:\Programas\SpywareGuard\sgbhp.exe
C:\Programas\acer\eRecovery\Monitor.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programas\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programas\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Programas\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Programas\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programas\HP\hpcoretech\hpcmpmgr.exe"
O4 - Startup: SpywareGuard.lnk = C:\Programas\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.metrodoporto.pt/mapa/mgaxctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programas\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\flexlm\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cluster Manager Service V2 (rcluma) - Unknown owner - C:\WINDOWS\system32\rclumad.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top
Advertisement
Register to Remove

Unread postby Linkmaster » October 1st, 2006, 10:10 am

Hi templars,

You may wish to print out a copy of these instructions to follow while you complete this procedure

Since it has been so long, lets begin by downloading and running a few programs to help clean things up :

Download ATF (Atribune Temp File) Cleaner© by Atribune

Download and Install Ewido Anti-Malware© by Ewido Networks

Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close Ewido Anti-Malware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Please disable Spyware Guard, as it may hinder the removal of some entries. You can re-enable it after you're clean.
Right click the running icon of Spywareguard, it will open the program.
Click Menu, File, Exit, and confirm the programs close.

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.

Firefox :
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run Ewido Anti-Malware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
Ewido will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close Ewido Anti-Malware

Reboot to Normal Mode

Run Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot, run HijackThis and post a fresh HijackThis Log, the Ewido Log, and the Virus Scan Log here

Thank You !!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Top

Unread postby templars » October 2nd, 2006, 12:49 pm

here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 17:45:01, on 02-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\Programas\Arcade\PCMService.exe
C:\Programas\ewido anti-spyware 4.0\guard.exe
C:\Programas\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\system32\rclumad.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Java\jre1.5.0_07\bin\jusched.exe
C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programas\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programas\SpywareGuard\sgbhp.exe
C:\Programas\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programas\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programas\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Programas\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Programas\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: SpywareGuard.lnk = C:\Programas\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.metrodoporto.pt/mapa/mgaxctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programas\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programas\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\flexlm\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cluster Manager Service V2 (rcluma) - Unknown owner - C:\WINDOWS\system32\rclumad.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 02, 2006 5:38:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/10/2006
Kaspersky Anti-Virus database records: 228139
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 256690
Number of viruses found: 2
Number of infected objects: 23 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:55:36

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\sptd5837.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\eRLog.ini Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\ZLT01eb0.TMP Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\ACER-99E7AE3A68.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\templars\ntuser.dat Object is locked skipped
C:\Documents and Settings\templars\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\templars\Definições locais\Temp\~DF20A6.tmp Object is locked skipped
C:\Documents and Settings\templars\Definições locais\Temp\~DF8888.tmp Object is locked skipped
C:\Documents and Settings\templars\Definições locais\Temp\~DF32F3.tmp Object is locked skipped
C:\Documents and Settings\templars\Definições locais\Temp\Free Download Manager\tic5.tmp Object is locked skipped
C:\Documents and Settings\templars\Definições locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\templars\Definições locais\Histórico\History.IE5\MSHist012006100220061003\index.dat Object is locked skipped
C:\Documents and Settings\templars\Definições locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\templars\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\templars\Definições locais\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\templars\Cookies\index.dat Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Programas\Symantec AntiVirus\SAVRT\0979NAV~.TMP Object is locked skipped
C:\Programas\Symantec AntiVirus\SAVRT\0952NAV~.TMP Object is locked skipped
C:\System Volume Information\_restore{C2B3D587-053E-4DF3-837B-F1C20F2030A7}\RP62\change.log Object is locked skipped
C:\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\download\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\download\SmitfraudFix.zip ZIP: infected - 1 skipped
D:\eMule\Temp\Virtually Jenna_CRACKED_(Finally).rar/VirtuallyJenna-2.017.002-cracked.exe/VirtuallyJenna-2.017.002-cracked-installer.msi/_6A5BC9DCF6308413044425600E433DB7/_A072FB71F98447849289D58C552E0E01 Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Virtually Jenna_CRACKED_(Finally).rar/VirtuallyJenna-2.017.002-cracked.exe/VirtuallyJenna-2.017.002-cracked-installer.msi/_6A5BC9DCF6308413044425600E433DB7 Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Virtually Jenna_CRACKED_(Finally).rar/VirtuallyJenna-2.017.002-cracked.exe/VirtuallyJenna-2.017.002-cracked-installer.msi Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Virtually Jenna_CRACKED_(Finally).rar/VirtuallyJenna-2.017.002-cracked.exe Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Virtually Jenna_CRACKED_(Finally).rar RAR: infected - 4 skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\hen3_2_017\HentaIIInstall-2.017.004-cracked.exe/HentaIIInstall-2.017.004-cracked.msi/_0B1EEC383B1CB487741BB95785C442D6/_EB0D8D3F7FE34FE196759CEC3A299ADD Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\hen3_2_017\HentaIIInstall-2.017.004-cracked.exe/HentaIIInstall-2.017.004-cracked.msi/_0B1EEC383B1CB487741BB95785C442D6 Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\hen3_2_017\HentaIIInstall-2.017.004-cracked.exe/HentaIIInstall-2.017.004-cracked.msi Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\hen3_2_017\HentaIIInstall-2.017.004-cracked.exe RAR: infected - 3 skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\hen3_2_017\HentaIIInstall-2.017.004-cracked.exe PE_Patch: infected - 3 skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\svil2_017\3DSexVillaInstall-2.017.001-cracked.exe/data.rar/3DSexVillaInstall-2.017.001-cracked.msi/_104174FB6A1CB19FF2EE2FAF4605491E/_D72E596848764E2BAB3661F8B1EB4380 Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\svil2_017\3DSexVillaInstall-2.017.001-cracked.exe/data.rar/3DSexVillaInstall-2.017.001-cracked.msi/_104174FB6A1CB19FF2EE2FAF4605491E Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\svil2_017\3DSexVillaInstall-2.017.001-cracked.exe/data.rar/3DSexVillaInstall-2.017.001-cracked.msi Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\svil2_017\3DSexVillaInstall-2.017.001-cracked.exe/data.rar Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\svil2_017\3DSexVillaInstall-2.017.001-cracked.exe RarSFX: infected - 4 skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\vjen2_017\VirtuallyJenna-2.017.002-cracked.exe/VirtuallyJenna-2.017.002-cracked-installer.msi/_6A5BC9DCF6308413044425600E433DB7/_A072FB71F98447849289D58C552E0E01 Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\vjen2_017\VirtuallyJenna-2.017.002-cracked.exe/VirtuallyJenna-2.017.002-cracked-installer.msi/_6A5BC9DCF6308413044425600E433DB7 Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\vjen2_017\VirtuallyJenna-2.017.002-cracked.exe/VirtuallyJenna-2.017.002-cracked-installer.msi Infected: Trojan-PSW.Win32.QQPass.ly skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\vjen2_017\VirtuallyJenna-2.017.002-cracked.exe RAR: infected - 3 skipped
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\vjen2_017\VirtuallyJenna-2.017.002-cracked.exe PE_Patch: infected - 3 skipped

Scan process completed.



---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:19:39 02-10-2006

+ Scan result:



D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A.rar/hen3_2_017\HentaII3D-017-004-(AMD-ONLY!)-hotfix\HentaII3D-017.004-start.exe -> Trojan.QQPass.ly : Cleaned with backup (quarantined).
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A.rar/svil2_017\3DSexVilla-017-001-(AMD-ONLY!)-hotfix\3DSexVilla-017-001-start.exe -> Trojan.QQPass.ly : Cleaned with backup (quarantined).
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\hen3_2_017\HentaII3D-017-004-(AMD-ONLY!)-hotfix\HentaII3D-017.004-start.exe -> Trojan.QQPass.ly : Cleaned with backup (quarantined).
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\svil2_017\3DSexVilla-017-001-(AMD-ONLY!)-hotfix\3DSexVilla-017-001-start.exe -> Trojan.QQPass.ly : Cleaned with backup (quarantined).


::Report end
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top

Unread postby Linkmaster » October 2nd, 2006, 7:52 pm

Your infection is due to cracked software on your machine!!
Unless you are willing to remove all cracked software I will not proceed with your fix !
If you would like you can contact a Moderator or Administrator for more explanation !

Thank you !
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Top

Unread postby templars » October 3rd, 2006, 3:19 am

I've already removed it a long time ago. Only the installation files weren't!

As so, I removed the following files

D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A.rar/hen3_2_017\HentaII3D-017-004-(AMD-ONLY!)-hotfix\HentaII3D-017.004-start.exe -> Trojan.QQPass.ly : Cleaned with backup (quarantined).
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A.rar/svil2_017\3DSexVilla-017-001-(AMD-ONLY!)-hotfix\3DSexVilla-017-001-start.exe -> Trojan.QQPass.ly : Cleaned with backup (quarantined).
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\hen3_2_017\HentaII3D-017-004-(AMD-ONLY!)-hotfix\HentaII3D-017.004-start.exe -> Trojan.QQPass.ly : Cleaned with backup (quarantined).
D:\eMule\Temp\Cracked Thrixxx Games - 3D Sex Villa 2.017.001 & Hentaii 3D 2.017.004 & Virtually Jenna 2.017.002 Incl A\svil2_017\3DSexVilla-017-001-(AMD-ONLY!)-hotfix\3DSexVilla-017-001-start.exe -> Trojan.QQPass.ly : Cleaned with backup (quarantined).

Can you help me now?
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top

Unread postby templars » October 3rd, 2006, 3:24 am

Sorry for double post, but I actually removed the complete folder where those files were.
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top

Unread postby Linkmaster » October 3rd, 2006, 8:56 am

OK, thanks !

Since the last post Ewido has changed
Uninstall Ewido from your pc (answer yes to also removing the quarantined files as well)

Download and Install AVG Anti-Spyware© by Grisoft

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware

Reboot to Normal Mode

Please run Panda's ActiveScan and perform a full system scan.
Once you are on the Panda site click the Scan your PC button (be sure to disable your popup blocker first )
A new window will open...click the big Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
Click on Local Disks to start the scan
Click on see report Then click Save report

Post a fresh HijackThis log, the AVG AntiSoyware log and the Panda Actibve Scan log here

Does the app still show up in the menu bar now ??
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Top

Unread postby templars » October 3rd, 2006, 5:12 pm

I don't know if the app is still running because i haven't been using this pc.

Here are the logs

Panda:


Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\download\SmitfraudFix.zip[SmitfraudFix/Process.exe]


avg:
---------------------------------------------------------
AVG Anti-Spyware - Relatório de verificação
---------------------------------------------------------

+ Criação: 19:31:27 03-10-2006

+ Resultado da verificação:



:mozilla.14:C:\Documents and Settings\templars\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\cookies.txt -> TrackingCookie.Clickzs : Limpo.
:mozilla.15:C:\Documents and Settings\templars\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\cookies.txt -> TrackingCookie.Clickzs : Limpo.
:mozilla.33:C:\Documents and Settings\templars\Application Data\Mozilla\Firefox\Profiles\leriqk4z.default\cookies.txt -> TrackingCookie.Weborama : Limpo.
D:\System Volume Information\_restore{C2B3D587-053E-4DF3-837B-F1C20F2030A7}\RP62\A0009805.exe -> Trojan.QQPass.ly : Limpo com backup (em quarentena).
D:\System Volume Information\_restore{C2B3D587-053E-4DF3-837B-F1C20F2030A7}\RP62\A0009806.exe -> Trojan.QQPass.ly : Limpo com backup (em quarentena).


::Fim do relatório

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 22:11:55, on 03-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programas\AVG Anti-Spyware 7.5\guard.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Programas\Synaptics\SynTP\SynTPLpr.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
C:\Programas\Arcade\PCMService.exe
C:\Programas\Launch Manager\QtZgAcer.EXE
C:\Programas\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\system32\rclumad.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programas\Symantec AntiVirus\Rtvscan.exe
C:\Programas\Java\jre1.5.0_07\bin\jusched.exe
C:\Programas\SpywareGuard\sgmain.exe
C:\Programas\SpywareGuard\sgbhp.exe
C:\Programas\acer\eRecovery\Monitor.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HJT\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 http://www.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programas\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programas\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programas\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Programas\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Programas\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programas\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programas\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: SpywareGuard.lnk = C:\Programas\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.metrodoporto.pt/mapa/mgaxctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programas\CATIAV5\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programas\MATLAB701\webserver\bin\win32\matlabserver.exe
O23 - Service: NILM License Manager (NILM License manager) - Macrovision Corporation - C:\flexlm\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cluster Manager Service V2 (rcluma) - Unknown owner - C:\WINDOWS\system32\rclumad.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programas\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top

Unread postby Linkmaster » October 3rd, 2006, 9:04 pm

Is the app popping up any more ??

Your log looks clean !!

Just one more thing :
**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot

How is your system running now ??

Here are a few tools that I recommend for protecting your system and reduce the risk of infection again !!

Please note that as long as you use any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
Additional information on the safety of Peer to Peer programs themselves is here : Clean/Infected P2P Programs

Real Time Prevention
SpywareBlaster© by Javacool Software
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page
IESpyad© by EHowes : This will add several hundred Restricted Sites to the Restricted Site Zone in IE.

File Cleaners (temp, prefetch, cookie, etc)
2000/XP Only
ATF (Atribune Temp File) Cleaner© by Atribune
All Windows
CCleaner© by CCleaner.com

Spyware Scanners:
Ad-aware SE© by Lavasoft : Provides protection and removal of trojans, dialers, malware, browser hijackers, and tracking components
Spybot - Search & Destroy© by Safer Networking : Detects and removes spyware of different kinds from your computer

Good Free Antivirus Programs:
AVG© by Grisoft
AntiVir© by H+BEDV Datentechnik GmbH
Avast© by ALWIL Software
NOTE:Remember always have just 1 antivirus program running at a time. Having more than one running causes a conflict between the programs !! You can use one as a backup to run manually

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks
Windows Update

Firewalls:
If you have an "always on" internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
Free Personal Firewalls :
ZoneAlarm Firewall© by Zone Labs
Sunbelt Kerio Personal Firewall© by Sunbelt
Outpost Firewall Free© by Agnitum Ltd
Jetico Personal Firewall© by Jetico, Inc.

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Using these tools and keeping them updated will reduce the risk of future infections!!

Do you have any questions??
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Top

Unread postby templars » October 4th, 2006, 4:24 am

I think the app isn't running anymore...

Thank you for your time!
templars
Regular Member
 
Posts: 48
Joined: July 4th, 2006, 1:55 pm
Top

Unread postby Linkmaster » October 4th, 2006, 8:22 am

You are very Welcome !!
User avatar
Linkmaster
MRU Honors Grad Emeritus
 
Posts: 822
Joined: October 7th, 2005, 5:57 am
Location: Arkansas, USA
Top

Unread postby Nellie2 » October 5th, 2006, 5:41 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

The help you receive here is free but you can help support this site from this link if you wish:
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 145 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index