//-----------------------------------------------------------------
//
// Product: BitDefender 9 Internet Security
// Version: 9.0
//
// Created on: 10/07/2006 01:33:40
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 3858
Files : 123223
Archives : 1229
Packed files : 7645
Identified viruses : 5
Infected files : 5
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 28
Scan time : 00:27:28
Scan speed (files/sec) : 74

Virus definitions : 428347
Scan plugins : 15
Archive plugins : 42
Unpack plugins : 5
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1152509620.log


Summary:

C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities\{02FE9487-AE43-4863-8B53-8C7A56EE622A}\Microsoft\Outlook Express\Sent Items.dbx=>(message 0)=>[Subject: Virus Report]=>(MIME part)=>eeppupp.dll Infected: Trojan.Downloader.Qoologic.G
C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities\{02FE9487-AE43-4863-8B53-8C7A56EE622A}\Microsoft\Outlook Express\Sent Items.dbx=>(message 0)=>[Subject: Virus Report]=>(MIME part)=>eeppupp.dll Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities\{02FE9487-AE43-4863-8B53-8C7A56EE622A}\Microsoft\Outlook Express\Sent Items.dbx=>(message 0)=>[Subject: Virus Report]=>(MIME part)=>eeppupp.dll Move failed
C:\Documents and Settings\Owner\.housecall\Quarantine\i3F.tmp.bac_a02132=>(Quarantine-4) Detected: Adware.Surfside.J
C:\Documents and Settings\Owner\.housecall\Quarantine\kqmuc.dll.bac_a02132=>(Quarantine-4) Detected: Adware.Targetserver.A
C:\Documents and Settings\Owner\.housecall\Quarantine\ucmoreiex[1].exe.bac_a02132=>(Quarantine-4) Detected: Adware.Ucmore.B
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U9URKXI3\sinstaller[1].exe Detected: Adware.Comet.G

Click here to download HijackThis by Merijn Bellekom. Doubleclick the file, click Unzip and extract the application to C:\HijackThis. Run it from there to scan your computer.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Save the log, Ctrl-A to Select All and post it here for examination. Don't fix anything yet as most of what it lists will be harmless.

Before, I was using BitDefender Virus Scanner...

As of using the HiJackThis! program...here's what it found....

------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:25:20 AM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Doesn't look too bad - do this for me. Download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. ewido will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions"
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

With Ewido here's what it found...

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:57:02 PM 7/10/2006

+ Scan result:



HKU\S-1-5-21-2052111302-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FDE0CB5-619F-4227-8961-F2D7ED15B88E} -> Adware.CramToolbar : No action taken.
HKU\S-1-5-21-2052111302-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.277:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.302:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.280:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.233:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.273:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.240:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\q48g3b18.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

This post has been edited by epilgren: Jul 10 2006, 01:02 PM

Again, not too bad. Please download Qoofix by Rubber Ducky to your desktop.

• Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive
• Close all windows and programs, including internet windows.
• Go to C:\Qoofix and open the folder, then double click on Qoofix.exe
• Click Begin Removal and wait for the scan to finish
• If Qoofix finds an infection, select yes to restart your computer
• You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt Copy and paste the contents of that report into your next reply here.

If this comes back clear then you are not infected. BitDefender is simply detecting the contents of a sent email called 'Virus Report' - go to that email in your sent box and delete it, then delete it from your deleted box. Let me know if BitDefender comes back clean after this.

Here's the results of Qoofix...
--------------------------------------
Qoofix v1.02 by http://www.malwarebytes.org
Scan started on [7/11/2006] at [7:52:00 AM]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
No Qoologic infected files found!
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [7/11/2006] at [7:53:02 AM]

Note: Some registry keys may have been removed.

...

After removing all e-mail messages from outlook express... and deleting the trash...here's what BitDefender found....
-------------------------


//-----------------------------------------------------------------
//
// Product: BitDefender 9 Internet Security
// Version: 9.0
//
// Created on: 11/07/2006 17:46:38
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 3905
Files : 126762
Archives : 1150
Packed files : 7840
Identified viruses : 5
Infected files : 5
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 26
Scan time : 00:30:28
Scan speed (files/sec) : 69

Virus definitions : 433304
Scan plugins : 15
Archive plugins : 42
Unpack plugins : 5
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1152654398.log


Summary:

C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities\{02FE9487-AE43-4863-8B53-8C7A56EE622A}\Microsoft\Outlook Express\Sent Items.dbx=>(message 0)=>[Subject: Virus Report]=>(MIME part)=>eeppupp.dll Infected: Trojan.Downloader.Qoologic.G
C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities\{02FE9487-AE43-4863-8B53-8C7A56EE622A}\Microsoft\Outlook Express\Sent Items.dbx=>(message 0)=>[Subject: Virus Report]=>(MIME part)=>eeppupp.dll Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities\{02FE9487-AE43-4863-8B53-8C7A56EE622A}\Microsoft\Outlook Express\Sent Items.dbx=>(message 0)=>[Subject: Virus Report]=>(MIME part)=>eeppupp.dll Move failed
C:\Documents and Settings\Owner\.housecall\Quarantine\i3F.tmp.bac_a02132=>(Quarantine-4) Detected: Adware.Surfside.J
C:\Documents and Settings\Owner\.housecall\Quarantine\kqmuc.dll.bac_a02132=>(Quarantine-4) Detected: Adware.Targetserver.A
C:\Documents and Settings\Owner\.housecall\Quarantine\ucmoreiex[1].exe.bac_a02132=>(Quarantine-4) Detected: Adware.Ucmore.B
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U9URKXI3\sinstaller[1].exe Detected: Adware.Comet.G


is there anything that can remove these adware programs and the trojan?...

Thanks in advance.

-Eric

The emails are still there but are harmless - you must have sent a file for analysis at some time. All the others except one are quarantined and are also harmless. Do this to remove the one in the temporary folder. Click here to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. You will be prompted to reboot, do so.

All done... thanks for all of your help... I've been trying to get rid of these for months. Let me know if there's anything else I should do.

-Eric

You're welcome - glad to help

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.