Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I also encountered the same exact systems. Please help me. I know I can follow the advice from the other post, but I wouldn't know what do delete.
Should I post the log of Hijackthis?
LauraS
That's kind of wierd. I mispelled symptom and wrote system and it turned into a link for sun.com??? Oh well, I didn't to that.
LauraS
0 
I see it as text, systems :) Better post the hijackthis log.
Try scanning with these if you like before posting it:
ewido micro - http://download.ewido.net/ewido_micro.exe
ad-aware personal edition - http://www.download.com/3000-2144-10045910.htmlMake sure you update the scanners before scanning, ewido does that automatically when run :)
0
Here the log:
Logfile of HijackThis v1.99.1
Scan saved at 4:13:22 PM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1136443953\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ArcSoft\TotalMedia\TM Monitor.exe
C:\Program Files\WinZip\WZQKPICK.exe
c:\program files\common files\aol\1136443953\ee\services\antiSpywareApp\ver2_0_25_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1136443953\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SpywareQuake\SpywareQuake.exe
C:\Program Files\SpywareQuake\SpywareQuake.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\LAURAS~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe
C:\Documents and Settings\Laura Sixtos\Local Settings\Temp\wz6d58\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exeR3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136443953\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.exe" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TM Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia\TM Monitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
O16 - DPF: {5D66B431-8A5B-4ECA-AED6-6F4F411E1773} (AOLLaunch Class) - http://www.disneyblast.go.com/setup/activex/AOLLauncher.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094035800062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143045110723
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
0 0
You got quite a load of processes there:)
Before you do anything, please be sure you are using a Lucent modem, because if you don't have it, then please post again with your reply, so that I repost correct removal.Here we go:
Close all your programs.Run hijackthis and put a check next to these lines:
O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundAfter that click "fix checked" and close hijackthis.
*DO NOT RESTART*
Download and install Unlocker: http://ccollomb.free.fr/unlocker/
then click Start -> Run -> paste this: C:\Program Files\SpywareQuake\
and click OKRight-click on the file SpywareQuake.exe and select the menu option Unlocker
Select that file in the list, select kill process and try Unlock All
Now right-click on SpywareQuake.exe file -> Delete.If there is a problem deleting the file, Unlocker will ask you what action to take. Click on the drop down box that has "no action" selected, and choose to delete the file and confirm.
You should restart your pc now.
After the restart go to Start -> Run and type: C:\Program Files\
Press OK, find the folder SpywareQuake and remove it. If it can't be removed, Unlocker will prompt you yet again to delete the contents of the folder, hence make it easy to deleteUse Crap Cleaner to clear all the unnecessary files, like logs, and temporary files/folders: http://www.ccleaner.com
Post me the resulting hijackthis log :)
P.S. If you were using Windows messenger for yout Instant Messaging, use this instead: http://messenger.msn.com
0
Thanks ...no problem, savo. It's just that I thought you may have forgotten this post :-) The only thing we can do is wait for LauraS to post back. Have a good day.
i_XpUser
0
here we collected these spyware quake removal instructions from the hjt logs:
remove spyware quakeResponse Number 9 Response Number 10 Reply:
Hi,
Sorry I haven't been home to do any removing or respond. I turned off my modem while I was gone. I'm really not sure what a lucent modem is. I know I have dsl modem (speedstream)? I also have the wireless airlink.
Now I'm not sure which instructions to follow. www.2-spyware.com/spywarequake.html, Remove spywere at BleepingComputer.com or your advice above??
LauraS
Response Number 11 Response Number 12
Sponsored Link
Post LockedThis post is quite old and has been locked from receiving new replies. Please create a new posting instead.
Go to Security and Virus Forum Home
Sponsored links
Ads by Google
Results for: Help! Spyware Quake Trojan - AlsoSpyware QuakeSummary: I also got the spyware quake trojan along with something called "virus Blast". I tried almost everything i could find on the internet to get rid of it with no luck. If you have windows xp and have sys...
www.computing.net/answers/security/spyware-quake/18144.html
Spyware Quake and Anti Virus! Help.Summary: Ok, so, I got unlocker and ewido_micro and spyware doctor. I hope they can help... I delete the Spyware Quake, and it seems to come back all the time when I delete it, the Virus Alert! flashing thing ...
www.computing.net/answers/security/spyware-quake-and-anti-virus-help/18056.html
avoid Spyware QuakeSummary: Whatever you do, stay away from "Spyware Quake" -- it's more annoying than the Spyware it may or may not remove, and extremely difficult to get rid of -- it is very sneaky about reinstalling itself! ...
www.computing.net/answers/security/avoid-spyware-quake/18304.html
