Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Adware


  • This topic is locked This topic is locked
4 replies to this topic

#1 captamana

captamana

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Orange, California USA
  • Local time:05:36 PM

Posted 15 April 2007 - 05:47 PM

In my start up programs bar (bottom left of screen) a questionmark in a blue circle is flashing back and forth with a red circle and slash. This was placed on my computer yesterday (4/14/07) when I accidently clicked a link while in my space. Link came from someone who requested to be added to my friends list. Link looked like it was from My space but obviously wasn't. Link led to som PCadware/vires software. It also pops up a text baloon with a warning about adware.

I would appreciate any help you can offer. I have followed the instructions in your start here section and below is the log I ended up with.

Logfile of HijackThis v1.99.1
Scan saved at 3:22:57 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Administrator.CHRIS\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SelasI Class - {59F4F380-01A0-4083-9FA4-E3B827319F7E} - C:\WINDOWS\system32\vcbhoalt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [qhzcd5a1] RUNDLL32.EXE w12f7dd0.dll,n 001cd5a00000000e12f7dd0
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ItalU] C:\WINDOWS\system32\italfds.exe
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://casinoclassic.microgaming.com/casin...sic/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Thank you

Chris Bensono

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:36 AM

Posted 16 April 2007 - 01:41 AM

Hello,

I see you have PartyPoker installed.
If you didn't install it with intension to play with, I suggest you uninstall it, because in most cases, these programs are supported by malware, getting installed without asking for it and also lead you to sites where malware is lurking.
If you do play it, then leave it alone.


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: SelasI Class - {59F4F380-01A0-4083-9FA4-E3B827319F7E} - C:\WINDOWS\system32\vcbhoalt.dll
O4 - HKLM\..\Run: [qhzcd5a1] RUNDLL32.EXE w12f7dd0.dll,n 001cd5a00000000e12f7dd0
O4 - HKCU\..\Run: [ItalU] C:\WINDOWS\system32\italfds.exe
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download and install Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
  • I'll need a log afterwards of what has been found.
  • To get the log, Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Post the contents of the log in your next reply together with a new HijackThislog

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 captamana

captamana
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Orange, California USA
  • Local time:05:36 PM

Posted 16 April 2007 - 09:14 PM

:thumbsup:
You are a genius!!!!!

The pop ups and bogus icons are gone. Mission accomplished. What a wonderful service. You can count on my donation and I will spread the word.

Now, here are the logs you asked me to post:

SUPERAntiSpyware Scan Log
Generated 04/16/2007 at 06:37 PM

Application Version : 3.6.1000

Core Rules Database Version : 3220
Trace Rules Database Version: 1230

Scan type : Complete Scan
Total Scan Time : 00:46:40

Memory items scanned : 376
Memory threats detected : 1
Registry items scanned : 5228
Registry threats detected : 124
File items scanned : 42772
File threats detected : 52

Malware.SpyLocked
C:\WINDOWS\SYSTEM32\YGJUN.DLL
C:\WINDOWS\SYSTEM32\YGJUN.DLL
HKLM\Software\Classes\CLSID\{abef791f-947e-4cdf-83c3-e72a240afb67}
HKCR\CLSID\{ABEF791F-947E-4CDF-83C3-E72A240AFB67}
HKCR\CLSID\{ABEF791F-947E-4CDF-83C3-E72A240AFB67}\InProcServer32
HKCR\CLSID\{ABEF791F-947E-4CDF-83C3-E72A240AFB67}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{abef791f-947e-4cdf-83c3-e72a240afb67}
HKCR\CLSID\{ABEF791F-947E-4CDF-83C3-E72A240AFB67}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert#UninstallString
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\Ckbitnk
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\hTdbePyyti
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\InprocServer32
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\logcnnwmurtk
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\ProgID
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\Programmable
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\tbwfq
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\TypeLib
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\VersionIndependentProgID
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\wxzchZpcqZtt
HKCR\CLSID\{0B847A1A-A872-95FC-8E22-F8B4AE044657}\zMhmaUiw
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0\0
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0\0\win32
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0\FLAGS
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0\HELPDIR
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}\ProxyStubClsid
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}\ProxyStubClsid32
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}\TypeLib
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}\TypeLib#Version
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}\ProxyStubClsid
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}\ProxyStubClsid32
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}\TypeLib
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}\TypeLib#Version
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}\ProxyStubClsid
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}\ProxyStubClsid32
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}\TypeLib
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}\TypeLib#Version
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}\ProxyStubClsid
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}\ProxyStubClsid32
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}\TypeLib
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}\TypeLib#Version
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}\ProxyStubClsid
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}\ProxyStubClsid32
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}\TypeLib
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}\TypeLib#Version
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}\ProxyStubClsid
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}\ProxyStubClsid32
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}\TypeLib
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}\TypeLib#Version
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}\ProxyStubClsid
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}\ProxyStubClsid32
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}\TypeLib
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}\TypeLib#Version
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}\ProxyStubClsid
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}\ProxyStubClsid32
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}\TypeLib
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}\TypeLib#Version
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}\ProxyStubClsid
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}\ProxyStubClsid32
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}\TypeLib
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}\TypeLib#Version
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}\ProxyStubClsid
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}\ProxyStubClsid32
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}\TypeLib
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}\TypeLib#Version
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}\ProxyStubClsid
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}\ProxyStubClsid32
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}\TypeLib
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}\TypeLib#Version
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}\ProxyStubClsid
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}\ProxyStubClsid32
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}\TypeLib
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}\TypeLib#Version
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}\ProxyStubClsid
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}\ProxyStubClsid32
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}\TypeLib
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}\TypeLib#Version
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}\ProxyStubClsid
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}\ProxyStubClsid32
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}\TypeLib
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}\TypeLib#Version
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}\ProxyStubClsid
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}\ProxyStubClsid32
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}\TypeLib
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}\TypeLib#Version
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}\ProxyStubClsid
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}\ProxyStubClsid32
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}\TypeLib
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}\TypeLib#Version
C:\Program Files\SpywareLocked 3.4\ignored.lst
C:\Program Files\SpywareLocked 3.4\sd.ini
C:\Program Files\SpywareLocked 3.4\SpywareLock.exe
C:\Program Files\SpywareLocked 3.4
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1236\A0080857.LNK
C:\WINDOWS\Prefetch\SPYWARELOCK.EXE-113935E0.pf

Trojan.Media-Codec
HKLM\Software\Classes\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKCR\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKCR\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}\InprocServer32
HKCR\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\ISADD.DLL
HKCR\CLSID\{A6ACAE64-F798-4930-AD86-BD3FB32038DB}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Object\isamntr.exe ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.CHRIS\LOCAL SETTINGS\TEMP\TEMP.FRFDDF\ISAMNTR.EXE

Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}
HKCR\CLSID\{AED6F6A3-183C-488D-9F90-23DB99F56E7F}
HKCR\CLSID\{AED6F6A3-183C-488D-9F90-23DB99F56E7F}\InProcServer32
HKCR\CLSID\{AED6F6A3-183C-488D-9F90-23DB99F56E7F}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEPLXSS.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{aed6f6a3-183c-488d-9f90-23db99f56e7f}

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\ITALFDS.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ItalU
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ItalU#Path

Adware.Tracking Cookie
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@clicksor[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@www.spylocked[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@ads.realtechnetwork[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@network.realmedia[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@stats.privacyprotector[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@2.go.globaladsales[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@kanoodle[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@try.starware[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@www.redorbit[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@eyewonder[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@adecn[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@serving.rpowermedia[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@nextag[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@cpvfeed[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@ad[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@clicktorrent[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@vww.kanoodle[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@redorbit[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@ad1.clickhype[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@ad2.adecn[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@adinterax[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@regalinteractive[2].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@www.adtrak[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@anad.tacoda[1].txt
C:\Documents and Settings\Administrator.CHRIS\Cookies\administrator@ad.contentmedianetwork[1].txt

Malware.SpyDawn
HKCR\CLSID\{AED6F6A3-183C-488D-9F90-23DB99F56E7F}

Trojan.Security Toolbar
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Security Troubleshooting.url

Trojan.Downloader-VisCalc
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR.CHRIS\DESKTOP\BACKUPS\BACKUP-20070416-174431-744.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1238\A0081938.DLL

Adware.BusMaster/SafeSurfing
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1176\A0078009.DLL

Trojan.RieMon
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1237\A0081358.EXE

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1237\A0081359.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1237\A0081400.DLL

Malware.SystemDoctor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1237\A0081377.EXE

Malware.DriveCleaner
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1237\A0081378.EXE

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1237\A0081383.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1237\A0081401.EXE

Adware.AdRotate-Uninstaller
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1237\A0081384.EXE

Adware.AdRotate/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{678D58F0-4F61-4B46-A9A0-5C8E36A905D2}\RP1237\A0081399.DLL








Logfile of HijackThis v1.99.1
Scan saved at 7:00:22 PM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator.CHRIS\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://casinoclassic.microgaming.com/casin...sic/FlashAX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thank you again.

Chris

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:36 AM

Posted 17 April 2007 - 12:11 AM

Hello,

Your log looks clean again. Just one thing to perform though..

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:36 AM

Posted 26 April 2007 - 03:33 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users