Black "i" in yellow triangle on taskbar. It pop-up say spyware software for sale. It tell me you've been infect by unknown trojan trojan. Ad-Aware, Spybot and SpySweeper remove Trojan-Downloader-Zlob, Virus fakealert, spyware.cyberlog-x and Win32.Trojan.Downloader but it is still in! I discovered goldcodec.exe in add & remove program: My dad say he accident went to hxxp://www.goldcodec.com, he is idiot. Admin Edit: URL munged

I found 5,
isamonitor.exe
pmmon.exe
pmsngr.exe
isamini.exe
iesplugin.exe <--- Removal was successful but remain 4 in Task Manager.

What do i should?

Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, November 24, 2006 11:59:05 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:Se1R134 20.11.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11/24/2006 11:59:05 AM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1820
ThreadCreationTime : 11/24/2006 7:05:25 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 316
ThreadCreationTime : 11/24/2006 7:05:27 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 11/24/2006 7:05:29 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1028
ThreadCreationTime : 11/24/2006 7:05:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1096
ThreadCreationTime : 11/24/2006 7:05:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 648
ThreadCreationTime : 11/24/2006 7:05:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 11/24/2006 7:05:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 264
ThreadCreationTime : 11/24/2006 7:05:45 PM
BasePriority : Normal
FileVersion : 1.1.1347.0
ProductVersion : 1.1.1347.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1272
ThreadCreationTime : 11/24/2006 7:05:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1948
ThreadCreationTime : 11/24/2006 7:05:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1676
ThreadCreationTime : 11/24/2006 7:06:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 700
ThreadCreationTime : 11/24/2006 7:06:04 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [eebsvc.exe]
FilePath : C:\Program Files\EPSON\ESM2\
ProcessID : 800
ThreadCreationTime : 11/24/2006 7:06:11 PM
BasePriority : Normal


#:14 [acsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 1352
ThreadCreationTime : 11/24/2006 7:06:12 PM
BasePriority : Normal


#:15 [isafe.exe]
FilePath : C:\Program Files\Yahoo!\Antivirus\
ProcessID : 1592
ThreadCreationTime : 11/24/2006 7:06:12 PM
BasePriority : Normal
FileVersion : Version 11.0.7.4
ProductVersion : Version 11.0.7.4
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA ISafe Service
InternalName : ISafe
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : ISafe.exe

#:16 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1804
ThreadCreationTime : 11/24/2006 7:06:13 PM
BasePriority : Normal
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
ProductName : Modem
FileDescription : User-Level Modem Service
InternalName : slserv
LegalCopyright : Copyright © 1999-2000
OriginalFilename : slserv.exe

#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2004
ThreadCreationTime : 11/24/2006 7:06:13 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1668
ThreadCreationTime : 11/24/2006 7:06:16 PM
BasePriority : Normal
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:19 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1132
ThreadCreationTime : 11/24/2006 7:06:30 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:20 [spysweeper.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 1332
ThreadCreationTime : 11/24/2006 7:06:34 PM
BasePriority : Normal
FileVersion : 3,2,3,2125
ProductVersion : 3, 2
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Engine
LegalCopyright : Copyright © 2002 - 2006, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe

#:21 [mspmspsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 324
ThreadCreationTime : 11/24/2006 7:06:47 PM
BasePriority : Normal
FileVersion : 7.01.00.3055
ProductVersion : 7.01.00.3055
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:22 [vetmsg.exe]
FilePath : C:\Program Files\Yahoo!\Antivirus\
ProcessID : 1160
ThreadCreationTime : 11/24/2006 7:06:49 PM
BasePriority : Normal
FileVersion : Version 11.0.7.4
ProductVersion : Version 11.0.7.4
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA Antivirus Realtime Messaging Service
InternalName : vetmsg
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : vetmsg.exe

#:23 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 1780
ThreadCreationTime : 11/24/2006 7:06:52 PM
BasePriority : Normal
FileVersion : 2005.1.00.111
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:24 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 4020
ThreadCreationTime : 11/24/2006 7:08:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:25 [digservices.exe]
FilePath : C:\Program Files\ESPNRunTime\
ProcessID : 3548
ThreadCreationTime : 11/24/2006 7:13:09 PM
BasePriority : Idle
FileVersion : 1.0.0.0016
ProductVersion : 1.0.0.0016
ProductName : DIGServices
CompanyName : Walt Disney Internet Group
FileDescription : DIGServices
LegalCopyright : Copyright © 2004, Walt Disney Internet Group.
OriginalFilename : DIGServices.exe

#:26 [cavtray.exe]
FilePath : C:\Program Files\Yahoo!\Antivirus\
ProcessID : 3768
ThreadCreationTime : 11/24/2006 7:13:11 PM
BasePriority : Normal
FileVersion : Version 11.0.7.4
ProductVersion : Version 11.0.7.4
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA Antivirus System Tray Application
InternalName : CAVTray
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : CAVTray.exe

#:27 [cavrid.exe]
FilePath : C:\Program Files\Yahoo!\Antivirus\
ProcessID : 1744
ThreadCreationTime : 11/24/2006 7:13:14 PM
BasePriority : Normal
FileVersion : Version 11.0.7.4
ProductVersion : Version 11.0.7.4
ProductName : Computer Associates Antivirus
CompanyName : Computer Associates International, Inc.
FileDescription : CA Antivirus Realtime Infection Report
InternalName : CAVRid
LegalCopyright : © 2004 Computer Associates International, Inc.
LegalTrademarks : Trademark of Computer Associates International, Inc.
OriginalFilename : CAVRid.exe

#:28 [isamini.exe]
FilePath : C:\Program Files\Gold Codec\
ProcessID : 2964
ThreadCreationTime : 11/24/2006 7:13:14 PM
BasePriority : Normal


#:29 [yop.exe]
FilePath : C:\PROGRA~1\Yahoo!\YOP\
ProcessID : 2324
ThreadCreationTime : 11/24/2006 7:13:18 PM
BasePriority : Normal
FileVersion : 2006, 7, 20, 1
ProductVersion : 1, 0, 0, 409
ProductName : Dashboard Module
CompanyName : Yahoo! Inc.
FileDescription : Dashboard Module
InternalName : Dashboard
LegalCopyright : Copyright 2006, Yahoo! Inc.
OriginalFilename : Dashboard.exe

#:30 [onetou~2.exe]
FilePath : C:\PROGRA~1\VISION~2\
ProcessID : 2800
ThreadCreationTime : 11/24/2006 7:13:21 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : OneTouch Monitor
CompanyName : Visioneer
FileDescription : OneTouch Monitor
InternalName : OneTouchMon
LegalCopyright : Copyright © 1999
OriginalFilename : OneTouchMon.exe

#:31 [wkufind.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 3268
ThreadCreationTime : 11/24/2006 7:13:22 PM
BasePriority : Normal
FileVersion : 7.00.0716.0
ProductVersion : 7.00.0716.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2002 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:32 [incd.exe]
FilePath : C:\Program Files\ahead\InCD\
ProcessID : 3520
ThreadCreationTime : 11/24/2006 7:13:22 PM
BasePriority : Normal
FileVersion : 3.20.1
ProductVersion : 3.20.1
ProductName : InCD
CompanyName : Copyright © ahead software gmbh and its licensors
FileDescription : InCD CD-RW UDF Tools
InternalName : InCD
LegalCopyright : Copyright © ahead software gmbh and its licensors
OriginalFilename : InCD.EXE
Comments : CD-RW UDF Tools

#:33 [ybrwicon.exe]
FilePath : C:\PROGRA~1\Yahoo!\browser\
ProcessID : 3800
ThreadCreationTime : 11/24/2006 7:13:23 PM
BasePriority : Normal
FileVersion : 2006, 7, 21, 1
ProductVersion : 1, 0, 0, 1
ProductName : Yahoo! Inc. YBrwIcon
CompanyName : Yahoo! Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
LegalCopyright : Copyright © 2003-2006 Yahoo! Inc.
OriginalFilename : YBrwIcon.exe

#:34 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 4000
ThreadCreationTime : 11/24/2006 7:13:24 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:35 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1004
ThreadCreationTime : 11/24/2006 7:13:25 PM
BasePriority : Normal
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:36 [spysweeperui.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 2204
ThreadCreationTime : 11/24/2006 7:13:25 PM
BasePriority : Normal
FileVersion : 5,2,3,2125
ProductVersion : 5, 2
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Client Executable
LegalCopyright : Copyright © 2002 - 2006, All Rights Reserved.
OriginalFilename : SpySweeper.exe

#:37 [ppwebcap.exe]
FilePath : C:\PROGRA~1\VISION~1\PAPERP~1\
ProcessID : 3044
ThreadCreationTime : 11/24/2006 7:13:28 PM
BasePriority : Normal
FileVersion : 6.1
ProductVersion : 6.1
ProductName : PaperPort
CompanyName : Visioneer, Inc.
FileDescription : Visioneer Web Capture
InternalName : PPWebCap
LegalCopyright : Copyright © 1993-1998 Visioneer, Inc.
OriginalFilename : PPWebCap.exe

#:38 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 3704
ThreadCreationTime : 11/24/2006 7:13:30 PM
BasePriority : Normal


#:39 [bigfix.exe]
FilePath : C:\Program Files\BigFix\
ProcessID : 3228
ThreadCreationTime : 11/24/2006 7:13:37 PM
BasePriority : Normal
FileVersion : 1, 7, 6, 0
ProductVersion : 1, 7, 6, 0
ProductName : BigFix
CompanyName : BigFix Inc.
FileDescription : BigFix Client Application
InternalName : BigFix
LegalCopyright : Copyright © 2002
OriginalFilename : BigFix.exe

#:40 [stms.exe]
FilePath : C:\Program Files\EPSON\ESM2\
ProcessID : 2996
ThreadCreationTime : 11/24/2006 7:13:52 PM
BasePriority : Normal
FileVersion : 1, 4, 0, 2
ProductVersion : 2, 0, 0, 0
ProductName : EPSON Status Monitor 2
CompanyName : SEIKO EPSON CORPORATION
FileDescription : Background Monitoring
InternalName : STMS
LegalCopyright : Copyright © SEIKO EPSON CORP. 1997
OriginalFilename : STMS.EXE

#:41 [wzqkpick.exe]
FilePath : C:\Program Files\WinZip\
ProcessID : 2528
ThreadCreationTime : 11/24/2006 7:14:06 PM
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6224)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:42 [trueassistant.exe]
FilePath : C:\Program Files\TrueAssistant\
ProcessID : 3232
ThreadCreationTime : 11/24/2006 7:14:29 PM
BasePriority : Normal
FileVersion : 2, 1, 3, 3
ProductVersion : 2, 1, 3, 3
ProductName : TrueAssistant
CompanyName : Esaya, Inc.
FileDescription : TrueAssistant
InternalName : TrueAssistant
LegalCopyright : Copyright © 2003
OriginalFilename : TrueAssistant.exe

#:43 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2508
ThreadCreationTime : 11/24/2006 7:15:03 PM
BasePriority : Normal
FileVersion : 8,1,0,0
ProductVersion : 8,1,0,0
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger Tray
LegalCopyright : © 1998-2006 Yahoo! Inc. All rights reserved.

#:44 [ycommon.exe]
FilePath : C:\PROGRA~1\Yahoo!\browser\
ProcessID : 1864
ThreadCreationTime : 11/24/2006 7:16:21 PM
BasePriority : Normal
FileVersion : 2006, 3, 2, 1
ProductVersion : 3, 5, 0, 0
ProductName : YCommon Exe Module
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
LegalCopyright : Copyright 2003-2006 Yahoo! Inc.
OriginalFilename : YCommon.EXE

#:45 [ssu.exe]
FilePath : C:\Program Files\Webroot\Spy Sweeper\
ProcessID : 3060
ThreadCreationTime : 11/24/2006 7:19:32 PM
BasePriority : Normal


#:46 [pmmon.exe]
FilePath : C:\Program Files\Gold Codec\
ProcessID : 1436
ThreadCreationTime : 11/24/2006 7:44:26 PM
BasePriority : Normal


#:47 [isamonitor.exe]
FilePath : C:\Program Files\Gold Codec\
ProcessID : 2860
ThreadCreationTime : 11/24/2006 7:44:30 PM
BasePriority : Normal


#:48 [pmsngr.exe]
FilePath : C:\Program Files\Gold Codec\
ProcessID : 1772
ThreadCreationTime : 11/24/2006 7:44:34 PM
BasePriority : Normal


#:49 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1732
ThreadCreationTime : 11/24/2006 7:49:45 PM
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:50 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2408
ThreadCreationTime : 11/24/2006 7:51:02 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Disk Scan Result for C:\DOCUME~1\JOSEGO~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : C:\Documents and Settings\Jose Gonzalez\recent
Description : list of recently opened documents



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

12:10:46 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:40.625
Objects scanned:100757
Objects identified:0
Objects ignored:0
New critical objects:0

Hi, calimike.

I suggest you copy the instructions to your desktop or print them as you will not have access to the internet while conducting the cleanup.

A. Please download/set up the following files:

1. Download SmitfraudFix (© S!Ri) to your Desktop from http://siri.urz.free.fr/Fix/SmitfraudFix.zip . Extract all the files to your Desktop and a folder named SmitfraudFix will be created on your Desktop.
2. Please download ATF Cleaner by Atribune from http://www.atribune.org/public-beta/ATF-Cleaner.exe . Save it to your Desktop.
3. Download and install AVG Anti-Spyware 7.5 and set it up as follows:
   1. After download, double-click on the file to launch the install process.
   2. Choose a language, click "OK" and then click "Next".
   3. Read the "License Agreement" and click "I Agree".
   4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
   5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking the icon on your desktop or in the system tray.
   6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
   7. Right-click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
   8. Go to Start > Run and type: services.msc
      • Press "OK".
      • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
      • When you find the guard service, double-click on it.
      • In the Properties Window > General Tab that opens, click the "Stop" button.
      • From the drop-down menu next to "Startup Type", click on "Manual".
      • Now click "Apply", then "OK" and close the Services window.
   9. Select the "Update" button and click "Start update". Wait until you see the "Update successful message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

B. Run ATF Cleaner

1. Double-click ATF-Cleaner.exe to run the program.
2. Click Select All found at the bottom of the list.
3. Click the Empty Selected button.
4. Click Exit on the Main menu to close the program.

C. Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe Mode.
6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

D. Scanning and system cleaning with AVG Anti-Spyware.

1. Click on the "Scanner" button and choose the "Settings" tab.
   1. Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
   2. Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
   3. Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
   
   IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
   
5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

E. Open the SmitfraudFix folder

1. Double-click smitfraudfix.cmd file to start the tool.
2. Select option #2 - Clean by typing 2 and press Enter.
   Warning : running option #2 on a uninfected computer will remove your Desktop background.
3. Wait for the tool to complete and disk cleanup to finish.
4. You will be prompted : "Registry cleaning - Do you want to clean the registry?"
   1. Answer Yes by typing Y
   2. Hit Enter.
5. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll.
   1. Answer Yes to the question "Replace infected file?" by typing Y
   2. Hit Enter.
6. A reboot may be needed to finish the cleaning process. If your computer does not restart automatically please do it yourself manually.
7. Restart in Safe Mode as instructed above.
8. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

If you are still having problems after doing the above, post a NEW TOPIC in the HijackThis forum with the above logs and a fresh HijackThis log. Include a link to this thread.