I am seriously hoping that you can help us, my husbands pc got this pop up window 2 days ago saying that he had infections and trying to steer us to purchase their software
we ran AVG, A2 both found nothing
we then ran spybot search and destroy, which said that it found a few things and dealt with them but still it did not rid us of it
we have since ran Ewido and adaware se, still to no avail
we have followed instructions re: performing the scans in safe mode, they all say that they have found stuff and that they have removed it but none of it is this spyware quake that we are plagued with
one of the programs we were recommended to try was smitrem, we did and are now not sure this was good as other programs see it as potential risk??
on every boot up we get a windows installer box, if we click cancel then the spywarequake 2.0 program does not install itself but we still get the pop up window saying we are infected.
windows defender has detected this program trying to change autostart/runkeys and has said it has blocked it but still we are plagued.
have ran an activescan and its report is as follows
Incident Status Location
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Ky McKenzie\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Ky McKenzie\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected F:\Documents and Settings\Ky McKenzie\Local Settings\Application Data\Mozilla\Firefox\Profiles\4a8llly4.default\Cache\3EFBEAA3d01[Process.exe]
and the hijack this report is as follows
Logfile of HijackThis v1.99.1
Scan saved at 00:44:30, on 27/03/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\ewido anti-malware\ewidoctrl.exe
F:\Program Files\ewido anti-malware\ewidoguard.exe
F:\WINDOWS\System32\snmp.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\WINDOWS\System32\ctfmon.exe
F:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\DOCUME~1\KYMCKE~1\LOCALS~1\Temp\Rar$EX01.438\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] F:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
am really hoping one of you in the know guys can help, otherwise the only solution we can see is to wipe the hard drive and reinstall which would mean he will lose a lot of stuff that although not the end of the world to lose as nothing really is, we would rather not lose it.
Many thanks in advance
Cheyenne and Akyra