# Solved: [email protected]



## vadasz (Oct 29, 2006)

Dear Tech Support Guy,

I'm getting a pop-up bubble that reads: System Alert: [email protected]

I tried running all my anti-spy/adware programs, and downloaded AVG antispyware. After running that and getting rid of two Trojans, it seemed all was well.

But in my Program Files, I found a folder for VideoKeyCodec, including iesplugin.dll and isaddon.dll.

I tried uninstalling this from Add/Remove Programs, and it said (after a reboot) that it was uninstalled, but the folder was still in teh Program Files. I tried deleting it, but it said I couldn't because isaddon.dll was in use by another program (as far as I know, no other programs were running).

After browsing some of the other posts, I've downloaded HijackThis and SmitfraudFix, but have not yet run them because I couldn't find exact directions.

Also, when I try to reboot in Safe Mode, the computer only brings to a screen asking about where to boot from, but without the Safe Mode option.

Is there anything to be done?

Thanks,
vadasz


----------



## vadasz (Oct 29, 2006)

Okay,

I ran HijackThis. Here's the log file.
Please keep in mind that for some reason I can't get the computer to reboot in Safe Mode--any advice.

Feeling desperate. Thanks,
vadasz

Logfile of HijackThis v1.99.1
Scan saved at 5:25:58 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VideoKeyCodec\isamonitor.exe
C:\Program Files\VideoKeyCodec\pmsngr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\VideoKeyCodec\pmmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VideoKeyCodec\isamini.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVD Burning\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\VideoKeyCodec\iesplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVD Burning\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


----------



## Flrman1 (Jul 26, 2002)

Hi vadasz

Welcome to TSG! 

* *Click here* to download SmitfraudFix.zip and save it to your desktop.

Unzip (extract) the contents of SmitfraudFix.zip to a new SmitfraudFix folder on your desktop.
Don't do anything with it yet. You'll run it later in safe mode.

*Note* : *process.exe* is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

* Download the free version of AVG Anti-Spyware 7.5 *here*.

Click on the "Download Now" button and save the setup file to your desktop.
Doubleclick on the avgas-setup file to begin the installation.
When the installation is complete, open AVG Anti-Spyware and update the definition files.
On the main screen click on the "*Update now*" link and the update should begin immediately.
If the update does not begin, select the "*Start Update*" button, the update will start and a progress bar will show the updates being installed.

When the update has completed select the "*Scanner*" icon at the top of the screen, then select the "*Settings*" tab.
Once in the Settings screen click on "*Recommended actions*" and then select "*Quarantine*".
Under "*Reports*"
Select "*Automatically generate report after every scan*"
Un-Select "*Only if threats were found*"

If you cannot download the updates, update manuallly according to the directions *here*.
If you do the manual update, look under "Full database" and click the "Download now" button.
*DO NOT* run a scan yet. You will do that later in safe mode.

* *Click here* for info on how to boot to safe mode if you don't already know how.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.

* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Run AVG Anti-Spyware:

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
It will then begin the scanning process, be patient it may take a while for the scan to complete.
When the scan is complete, you must select an action.
Select "*Apply all actions*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower left hand of the screen
Save the report as a text file and save it to your desktop.
Close AVG Anti-Spyware.

* Run the SmitfraudFix:

Open the *SmitfraudFix* folder again and double-click the *smitfraudfix.cmd* file.
Select option #2 - *Clean* by typing *2* and press "*Enter*" to delete the infected files.
You will receive this prompt:

"Registry cleaning - Do you want to clean the registry ?"

Answer "Yes" by typing *Y* and press "Enter" and it will begin cleaning the infection.
Next the tool will check to see if *wininet.dll* is infected. 
You may be prompted to replace the infected wininet.dll file if it is found.
Answer "Yes" by typing *Y* and press "Enter".
The tool may need to restart your computer to finish the cleaning process.
If it doesn't restart your computer automatically when it is finished, restart it back to Windows normally yourself.
A text file will appear onscreen, with results from the cleaning process.
Copy and paste the contents of that report into your next reply to this thread along with a new Hijack This log.
If the report doesn't open after you restart back to Windows normally, the report can be found at the root of the system drive, usually *C:\rapport.txt.*


----------



## vadasz (Oct 29, 2006)

Flrman1,

thanks for taking the time to address my problem.

Here are the results:

AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:	7:12:42 PM 10/29/2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-1454471165-448539723-725345543-500\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001639.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001709.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001726.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001751.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001762.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001786.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001799.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001811.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\VideoKeyCodec\iesplugin.dll -> Adware.ProtectionBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} -> Adware.VirusBurst : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\contrabandists -> Adware.VirusBurst : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001700.exe -> Downloader.Adload.s : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001508.exe -> Downloader.Adload.u : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001509.exe -> Downloader.Adload.u : Cleaned with backup (quarantined).
C:\Program Files\VideoKeyCodec\isamonitor.exe -> Downloader.Zlob.asl : Cleaned with backup (quarantined).
C:\Program Files\VideoKeyCodec\pmsngr.exe -> Downloader.Zlob.asl : Cleaned with backup (quarantined).
:mozilla.58:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.31:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.64:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.10:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.12:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.11:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.62:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.63:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.75:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.76:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.53:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{C2FF742C-D9CD-47F8-9852-6D6E7E4F2FD6}\RP26\A0001515.exe -> Trojan.VB.ajo : Cleaned with backup (quarantined).

::Report end

HijackThis Report:

Logfile of HijackThis v1.99.1
Scan saved at 7:29:30 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVD Burning\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVD Burning\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

SmitFraudFix Report:

SmitFraudFix v2.116

Scan done at 19:15:28.42, Sun 10/29/2006
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\VideoKeyCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

How's it look,
thanks again,
vadasz


----------



## Flrman1 (Jul 26, 2002)

* *Click here* to download ATF Cleaner by Atribune and save it to your desktop.

Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.

* Run Hijack This again and put a check by this entry. Close *ALL* windows except HijackThis and click "Fix checked"

*O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\VideoKeyCodec\isaddon.dll (file missing)*

* Restart your computer.

* Run ActiveScan online virus scan *here*

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

*Note:* You have to use Internet Explorer to do the online scan.

*Post a new HiJackThis log along with the results from ActiveScan*


----------



## vadasz (Oct 29, 2006)

Flrman1,

thanks again for your quick attention. Here are the results:

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 11:35:25 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVD Burning\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVD Burning\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF16054F-421B-4CA4-9517-239723231535}: NameServer = 195.228.240.249 195.228.242.180
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Activescan:

Incident Status Location

Adware:adware/ipbill Not disinfected Windows Registry 
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\aaronbett\Application Data\Mozilla\Firefox\Profiles\nbmz3g24.default\cookies.txt[.rn11.com/] 
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tvllxbat.default\cookies.txt[.statcounter.com/] 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe 
Possible Virus. Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\swsc.exe 
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]  
Possible Virus. Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.zip[SmitfraudFix/swsc.exe]

thanks again,
vadasz


----------



## Flrman1 (Jul 26, 2002)

* Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

* Go ahead and delete all the smitfraudfix files from your desktop.

How is everything now?

Let's do one more scan:

* Go here and do the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Click "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on "Click here to export the scan results"
Save the report to your desktop then come back here and *attach* it to your next reply along with a new Hijack This log..

Also let me know if everything is ok now.


----------



## vadasz (Oct 29, 2006)

Flrman1,

thanks again for your attention. Sorry for the long lag time between posts--I'm in a different time zone and was in bed by the time of your last post last night.

So, I can't find any trace of the codec pack that seemed to be the cause of the problem. There have been no more "warning" pop-ups, and IE is not trying to open all the time and send me to some page (as I think you figured, I generally use Firefox--I did use IE when you told me to).

The computer still seems to be a bit slower on start-up--but I wonder if this is because of the added adition of AVG 7.5. Having just downloaded it yesterday, I think it's running it's Real Time protection, which I've read elsewhere can slow things down. Is that accurate?

Anyway, you've helped a bunch and I am increadibly thankful.

Also, I hope I saved the BitDefender report accurately--it's awfully long. In fact, I need to post separately, so below please find the HijackThis report. I'll post the BitDefender report in another message.

thanks again,
vadasz

HijackThis Report:

Logfile of HijackThis v1.99.1
Scan saved at 9:35:19 AM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVD Burning\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVD Burning\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


----------



## vadasz (Oct 29, 2006)

Flrman1,

so, I am a bit worried I saved the BitDefender Report wrong somehow (it seemed pretty simple). It's apparently too long to post in one message to this forum (51485 characters),

so I'm going to cut it in half and put it into two posts. Below please find the first half.

Thanks again,
vadasz

BitDefender Online Scanner -Scan Report




*BitDefender 
Online Scanner*











*Scan report generated 
at: Mon, Oct 30, 2006 - 09:27:48*

 













*Scan 
path: *C:\;D:\;E:\;

























*Statistics*

 

Time



01:17:01



Files



215128



Folders



4795



Boot Sectors



2



Archives



6576



Packed Files



17100


 











*Results*

 

Identified Viruses



8



Infected Files



36



Suspect Files



0



Warnings



0



Disinfected



0



Deleted Files



70


 











*Engines Info*

 

Virus Definitions



479359



Engine build



AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)



Scan plugins



13



Archive plugins



38



Unpack plugins



6



E-mail plugins



6



System plugins



1


 











*Scan Settings*

 

First Action



Disinfect



Second Action



Delete



Heuristics



Yes



Enable Warnings



Yes



Scanned Extensions



*;



Exclude Extensions







Scan Emails



Yes



Scan Archives



Yes



Scan Packed



Yes



Scan Files



Yes



Scan Boot



Yes


 







 



*Scanned File*



* Status*



C:\Documents and Settings\Administrator\Desktop\AdobeCS2PremiumPlusDVD.v1.2-MANiacs\AdobeCS2PremiumPlusDVD.v1.2-MANiacs.iso=>QuickTime/QuickTime7ProCracking.exe=>(ZIP Sfx o)=>WINDOWS/system32/QuickTimeWebHelper.qtx



Infected with: Trojan.Pakes.BD



C:\Documents and Settings\Administrator\Desktop\AdobeCS2PremiumPlusDVD.v1.2-MANiacs\AdobeCS2PremiumPlusDVD.v1.2-MANiacs.iso=>QuickTime/QuickTime7ProCracking.exe=>(ZIP Sfx o)=>WINDOWS/system32/QuickTimeWebHelper.qtx



Disinfection failed



C:\Documents and Settings\Administrator\Desktop\AdobeCS2PremiumPlusDVD.v1.2-MANiacs\AdobeCS2PremiumPlusDVD.v1.2-MANiacs.iso=>QuickTime/QuickTime7ProCracking.exe=>(ZIP Sfx o)=>WINDOWS/system32/QuickTimeWebHelper.qtx



Deleted



C:\Documents and Settings\Administrator\Desktop\AdobeCS2PremiumPlusDVD.v1.2-MANiacs\AdobeCS2PremiumPlusDVD.v1.2-MANiacs.iso=>QuickTime/QuickTime7ProCracking.exe=>(ZIP Sfx o)



Updated



C:\Documents and Settings\Administrator\Desktop\AdobeCS2PremiumPlusDVD.v1.2-MANiacs\AdobeCS2PremiumPlusDVD.v1.2-MANiacs.iso=>QuickTime/QuickTime7ProCracking.exe



Update failed



C:\Documents and Settings\Administrator\My Documents\My Software\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].ISO=>CRACK/WPA KILL.EXE



Infected with: Virtool.Wpakill.A



C:\Documents and Settings\Administrator\My Documents\My Software\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].ISO=>CRACK/WPA KILL.EXE



Disinfection failed



C:\Documents and Settings\Administrator\My Documents\My Software\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].ISO=>CRACK/WPA KILL.EXE



Deleted



C:\Documents and Settings\Administrator\My Documents\My Software\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].ISO



Update failed



C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ADC0000.VBN=>(Quarantine-PE)



Infected with: Trojan.Clicker.Small.G



C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ADC0000.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ADC0000.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01200000.VBN=>(Quarantine-PE)



Infected with: Trojan.Clicker.Small.G



C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01200000.VBN=>(Quarantine-PE)



Disinfection failed



C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01200000.VBN=>(Quarantine-PE)



Deleted



C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80000.VBN=>(Quarantine-PE)

 
 


----------



## vadasz (Oct 29, 2006)

[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80003.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80003.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80003.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80004.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80004.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80004.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80005.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80005.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AA80005.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Pakes.AA

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AAC0002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Pakes.AA

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Pakes.AA

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00004.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Pakes.AA

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00004.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00005.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00005.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00005.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00006.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Pakes.AA

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB00006.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Pakes.AA

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Pakes.AA

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40003.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40003.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AB40003.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC80000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Pakes.AA

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC80000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC80001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC80001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AC80001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ACC0000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ACC0000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ACC0000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ACC0001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ACC0001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0ACC0001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AD00000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Pakes.AA

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AD00000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AD00001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.AT

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AD00001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AD00002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Downloader.Qoologic.G

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AD00002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AD00002.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Lipgame.F

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AF80000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B180000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Lipgame.F

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B180000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B180000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B1C0000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Trojan.Lipgame.F

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B1C0000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B1C0000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B640000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Dropped:Backdoor.Sdbot.XD

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B640000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B640000.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD00001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Infected with: Dropped:Backdoor.Sdbot.XD

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD00001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Disinfection failed

[/TD]
[/TR][TR]
[TD]

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DD00001.VBN=>(Quarantine-PE)

[/TD]
[TD]

Deleted

[/TD]
[/TR]
[/TABLE]
[/TD]

[TD]



[/TD]
[/TR]

[TR]
[TD]



[/TD]
[TD]



[/TD]
[TD]



[/TD]
[/TR]

[TR]
[TD]



[/TD]
[TD]



[/TD]
[TD]



[/TD]
[/TR]

[/TABLE]


----------



## Flrman1 (Jul 26, 2002)

You were supposed to attach the bitdefender log. Anyway nevermind that. I was able to reconstruct it. There was nothing in the scan to worry about.

You should be clean now! :up:

You could try disabling the AVG-Antispyware. It may be causing the extra boot time that you mentioned. Also I'll post a few things for you to do at the end of this reply that should help the overall performance of your pc.

* If I had you use Killbox to delete any files, go ahead and delete the C:\!Killbox folder then empty the Recycle Bin.

* *Check this out* for info on how to tighten your security settings and some good free tools to help prevent this from happening again.

* Go to *Windows update* and install all "High Priority Updates".

* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

Here are some routine maintenance practices that you should do on a regular basis to keep your machine running efficiently:

*Disk Cleanup:*

http://www.theeldergeek.com/disk_cleanup_utility.htm

*Defrag your HD:*

http://artsweb.bham.ac.uk/artsit/Info/Guides/GoodPractice/defrag-win2kxp.htm

*Run chkdsk:*

To use Chkdsk, click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

*Remove unnecessary startups*

This should be done through the System Configuration Utility. Go to Start > Run and type in *msconfig*.
Click OK or hit the Enter key.

Click on the "Startup" tab and remove the check by the items that you have determined are unnecessary. Click "Apply" then "Close"

You will be prompted to restart. Go ahead and restart.

Upon restart you will be confronted with a dialogue box warning about running in selective startup. Just ignore that message and put a check in the box by "Don't show me this message or launch the System Configuration Utility when Windows starts" and click "OK". You will not be bothered by the message again.

Keep in mind that some entries will be re-enabled in the startups each time you use that particular program. Therefore, you will have to find the option in that programs preferences that says something like "Load with Windows" or "Run when Windows Starts" and disable that option.

Go here for info on msconfig:

http://www.pacs-portal.co.uk/startup_index.htm

You can look up the startups at the following links to help determine what is needed and what is not:

http://computercops.biz/StartupList.html

http://www.bleepingcomputer.com/startups/

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

http://www.windowsstartup.com/wso/browse.php?l=8&start=50&end=75


----------



## Flrman1 (Jul 26, 2002)

Since this problem has been solved, I'm closing this thread. If you need it reopened please PM me or one of the other mods.

Anyone else with a similar problem please start a "New Thread".


----------

