An unwanted so called anti spyware program has entered my computer called "SpywareQuake" and I cannot remove it. It posts two flashing icons next to the clock and pops up every minute saying that I have been infected with 20 spyware items. I have deleted it in Add/Remove programs and scanned with Spybot Search and Distroy which finds a file called "Vcodec" in C:\WINDOWS\system32\ncompat.tlb and removes it. I have also deleted the file in My Computer/Program files/SpywareQuake. However each time I boot up its back again. It offers to scan my computer, which I have declined and sell me the full version. I'm using XP home.
Can anybody help please.:scratch:

Thanks. Keystagegolf

Hello.
Please see:
http://forums.spybot.info/showthread.php?t=3261


If you would like to be guided step by step through the cleanup by a helper see:
Before you post a log, and who will advise you. (http://forums.spybot.info/showthread.php?t=288)

Hello Tashi,

Thanks for the very clear instructions, I appear to be free of the "SpywareQuake" nasty so will not bother you with all the logs. However I am posting the last ActiveScan log which mentions a potentially unwanted tool:application/SpyFalcon- status not disinfected.
Is this something that needs taking care of? I'm a newbie as you will realise.
Appreciate your advice.
Keystagegolf :)


Incident Status Location

Adware:adware/securityerror Not disinfected C:\Documents and Settings\Ken Admin\Favorites\Antivirus Test Online.url
Potentially unwanted tool:Application/SpyFalcon Not disinfected C:\Documents and Settings\Ken Admin\Local Settings\Temp\sa5.exe
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Yumika\Cookies\yumika@64.62.232[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Yumika\Cookies\yumika@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Yumika\Cookies\yumika@dist.belnk[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Yumika\Cookies\yumika@winfixer[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Yumika\Cookies\yumika@xmts[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\smitRem.exe[Process.exe]
Spyware:spyware/web3000 Not disinfected C:\WINDOWS\hh.ico
Adware:adware/emediacodec Not disinfected C:\WINDOWS\system32\dfrgsrv.exe

Hi Keystagegolf
Delete these files
C:\WINDOWS\hh.ico
C:\WINDOWS\system32\dfrgsrv.exe
C:\Documents and Settings\Ken Admin\Favorites\Antivirus Test Online.url
Keep an eye out to see if they return over the next few days

Id still like to see a new Hijackthis log

Hello LonnyRJones,
Deleted in the order you advised. The first two were found and deleted, but the third one couldn't be found, although the computer referred itself to the second. If that means anything to you!
You didn't comment on the SpyFalcon tool, is it anything that should be deleted?

Appreciate any further advice. Thank you.
Keystagegolf

Here's a HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:40:58, on 28/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ken Admin\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: iFinger 2.1.lnk = C:\Program Files\iFinger\iFinger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hello
Potentially unwanted tool:Application/Processor Not disinfected C:\smitRem\Process.exe


That's a false possitive however you can delete smitrem.exe and the smitrem folder , its no longer needed.

Any current problems or questions ?

Hello,
Many thanks for your advice and time on my problem. Newbies like me really appreciate the effort experts like you give, to rid us of the nasty people out there. Thanks:bigthumb:

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.

Safe surfing
Lonny