hello and thank you in advance for your time. i know very little about computers so i hope someone can help me. im not sure what to do from this point.
somehow, i received a notice from a program called quake something. it said that my computer is infected and needs to be cleaned . it puts an icon in the task bar. once discovered, i disconnected from the internet and rebooted my computer into safe mode. i reconnected to internet and went on google and found a link to here. the following are the logs requested.
i have to post in several steps because of the 20,000 character limit

:scratch:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 04/18/2006
The current time is: 7:25:18.25
Running from
C:\Documents and Settings\Administrator\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
Security Toolbar
~~~ Shortcuts ~~~
Online Security Guide.url
Online Security Guide.url
Security Troubleshooting.url
Security Troubleshooting.url
~~~ Favorites ~~~
~~~ system32 folder ~~~
mssearchnet.exe
ncompat.tlb
nvctrl.exe
hp***.tmp
~~~ Icons in System32 ~~~
ot.ico
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1100 'explorer.exe'
Killing PID 1100 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)

:scratch:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 8:04:04 AM, 4/18/2006
+ Report-Checksum: AE13108C
+ Scan result:
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.7:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.32:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.37:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.42:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.43:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.45:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.46:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.50:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.51:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.52:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.53:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.54:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.62:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.72:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.88:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.89:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.91:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.93:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.94:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.96:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.99:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.111:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.123:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.132:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.151:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.154:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.166:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.167:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.168:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.169:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.174:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.177:C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wfmyemdpscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wgmiogcpacp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjkycidjcep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjkyglczebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjkyokczkgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjkyspc5olq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjl4ojdjaeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjlokhdjkfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjmielczmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjmywmc5ieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjnyakdpmep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@e-2dj6wjnygkdpsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\MG\Cookies\mg@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\MG\Local Settings\Temp\bjmfpbid.exe -> Trojan.Dialer.ay : Cleaned with backup


::Report End

:scratch:
hijack
Logfile of HijackThis v1.99.1
Scan saved at 3:29:36 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpB8F5.tmp (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\SpywareQuake.exe /h
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.52.downloads.estara.com./as/OneCCDM.php?template=58359&sessionid=1091826883_66.155.171.52_47390&=&req=1138051864921OneCC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

:confused:
please advise how i can get you the info from the spybot log... it is 78kb and the fourm will not let me upload a file that size. i would probably have to break it up into 4 or 5 post to get it on here.

also, please let me know if you need any other info and what i should do from here.... i think i am going to go into withdrawls because i cant get my online gaming fix till this is corrected :rotfl:

thanks again

Hello and sorry for the wait.

If you are still in need of assistance please go here and post a link back to this topic to flag a helper.

If you have waited three days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836) :)

hi computer dummy,

looks like you followed the "self help" guide for:

Names you may see for this infection:
AntiVirusGold
PSGuard
RazeSpyware
Security IGuard
Search Maid
SpySheriff
SpyTrooper
Spywarestrike
SystemWarning
Virtual Maid
W32.Sinnaka.A@mm
WinHound
----------------------------
not this one:

if you have the SpywareQuake/SpywareFalcon HiJack see here for removal instructions:

http://forums.spybot.info/showthread.php?t=3261

hows it going on that end? still have the problem?

hello shelf life
thank you for your time.... i have not done anything on this end because i am not sure what to do. i am using my computer in safe mode and tried to run the roguescanfix and got this log:

Script started at 7:06:40 PM, on 4/22/2006

Option pause between commands: 100 ms
Failed: FileDelete C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\QuickLaunch\SpyFalcon*.* (operation failed)
Failed: FileDelete C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\QuickLaunch\SpywareQuake*.* (operation failed)
Failed: FolderDelete C:\Program Files\spyfalcon (folder not found)
Failed: FolderDelete C:\Documents and Settings\Administrator\Start Menu\Programs\SpyFalcon (folder not found)
Failed: FolderDelete C:\Documents and Settings\Administrator\Start Menu\Programs\SpywareQuake (folder not found)
Failed: FolderDelete C:\Program Files\SpywareQuake (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\1024 (folder not found)
Script completed.

should i be trying to run the program in regular windows instead of safe mode?

hi computer dummy,

the roguescanfix runs in normal mode:

* Download this tool called roguescanfix and save it to your desktop:
* www.martijnc.be/tools/roguescanfix.exe
* Double click roguescanfix.exe to install it.
* This will add a folder called roguescanfix to your desktop
* Double-click on the roguescanfix folder and then double-click on Run.bat. Please note that when the Run.bat starts it will download a program from the Internet that it needs to use during the cleanup. If your firewall gives an alert about this, please allow the download.exe or run.bat program to access the Internet.
* When you start the Run.bat program your desktop will disappear which is normal so you do not need to be concerned. It will then start the SpywareQuake uninstallation program. When that program starts, click on the Uninstall button. When it has finished uninstalling, you can then press the OK button to finish the uninstalling of SpywareQuake.
* When this program is finished, and it was able to delete all the files, you will see a small prompt that says Completed script execution. Simply press the OK button. It will then open the Brute Force Uninstaller program. You can simply press the Exit button.
* If there were more files that needed to be deleted, the program will prompt you to reboot your computer. Press the Yes button and allow the computer to reboot.


C. Next, reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, begin tapping F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


D. Run smitRem

1. Open the smitRem folder
2. Double-click the RunThis.bat file to start the tool
3. Follow the prompts on screen.
4. Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.

Open Ewido while still in safe mode.

1. Click on scanner.
2. Click on Complete System Scan and the scan will begin.
3. If Ewido finds anything, it will pop up a notification. You can select "remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
4. Once the scan has completed, there will be a button located on the bottom of the screen named Save report
5. Click Save report.
6. Ewido automatically saves the report here on every scan:
(default program installation folder)
C:\Program Files\ewido\security suite\Reports

Now close Ewido AntiMalware

reboot computer normally, do a online scan here:
http://www.pandasoftware.com/products/activescan.htm

i think it is gone but the name is still showing up according to panda:


Incident Status Location

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt[.ct.360i.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\Cache\633285D9d01[Process.exe]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\MG\Application Data\Mozilla\Firefox\Profiles\wgfyo3mi.default\cookies.txt[]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MG\Cookies\mg@atdmt[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MG\Desktop\SmitfraudFix.zip[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MG\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MG\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\MG\smitRem\Process.exe
Adware:Adware/SpywareQuake Not disinfected C:\RECYCLER\S-1-5-21-1509288252-3849320955-1195633150-500\Dc1.com\SpywareQuake.exe

should i manually delete the file? do you need to see other logs to determine if my puter is clean?
thank you

hi computer dummy,

that C:\RECYCLER\ is your recycle bin. just empty it. why not post one more hjt log, then we will make new restore points and you should be good to go.

Logfile of HijackThis v1.99.1
Scan saved at 12:46:26 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hpB8F5.tmp (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.52.downloads.estara.com./as/OneCCDM.php?template=58359&sessionid=1091826883_66.155.171.52_47390&=&req=1138051864921OneCC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.4players.de/LaunchGame.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

hi computer dummy,

you did a good job. log looks good.
if everything is ok i leave you with some reference material:

Be careful of what you download, and where you download it from. Many programs come bundled with extra software.You may be installing more than you think. Make sure you understand what it is you will be downloading and installing to your computer. Visit the makers website, learn more about the program, Does the program you want come bundled with other "3rd party" programs? What do the 3rd party programs do? Will they deliver ads? Track your surfing habits?. Read the EULA agreement, you know, that paragraph of stuff you "agree to" before the software installs? If you search hard enough you can always find a "clean" alternative to any software. Stay away from warez and crack sites. Becarful what you download from file sharing networks. If you are not sure, scan it with your Antivirus app. A small file (in KB) is probably not what you think it is. DO YOU TRUST THE SOURCE?

Make sure you keep your Windows OS current by visiting Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp)
occasionaly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

Adjust your browser settings: Change your(active x) settings in IE. With IE open go to tools, internet options, security tab. Click on the internet globe, then custom level. Set the first option "download signed active x controls" to prompt, the next two to disable. Read more:
Internet Explorer Privacy & Security Settings (https://netfiles.uiuc.edu/ehowes/www/btw/ie/ie-opts.htm)
Working with Internet Explorer 6 Security (http://www.microsoft.com/windows/ie/using/howto/security/settings.mspx)
Many exploits are directed at Internet Explorer, you dont have to use it. Try a different browser. You can have and use more than one browser on your computer.
Like Firefox (http://www.mozilla.org/products/firefox/),


Install a Firewall:A firewall will control what comes in from the internet and what leaves your computer to the internet. A firewall will also alert you when a application trys to connect to the internet from your computer, this is a good way to catch crapware or trojans, trying to connect out bound from your computer- whats that and why does it need a internet connection? You can deny it access it until more investigation is done. Zone Alarm is a free and easy to use firewall, that will provide in and outbound protection. Microsoft XP firewall only provides inbound protection. SP2 adds in and out bound protection which is better than nothing, but is not as robust as third party firewalls, Be sure to run only >one< firewall.If you use another, be sure to disable XP's built in firewall. If you use Zone Alarm learn what needs/uses your internet connection. If something unusal or out of the ordinary "asks" deny it access until more investigation is done.
Zone Alarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=dbtopnav_zass)
OutPost Lite (http://www.agnitum.com/products/outpostfree/download.php)

Outlook Express with the default settings is not secure. It will run scripts, download images etc, just like a browser. You dont have to use it.
look here (http://www.codecutters.org/outlook/)
and here (http://www.tames.net/security/oesettings.htm)
Or try Pegasus Mail, safer by default,no tweaking needed. (http://www.pmail.com/)

Make sure you have and keep updated Antivirus software
Free for home users:
avast! 4 Home Edition Download (http://www.avast.com/eng/free_virus_protectio.html)
AVG free version 7.0 (http://free.grisoft.com/freeweb.php/doc/2/)
AntiVir Personal Edition (http://www.free-av.com/)

Download one or two of these, install and update before using:(if these are constantly finding malware, then you need to make changes to your browser and or your habits)
CounterSpy (http://www.sunbelt-software.com/)Free trial version
Spybot Search and destroy (http://www.safer-networking.org/en/index.html)
Ad-Aware SE Personal edition (http://www.lavasoft.de/)
Microsoft Windows Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
Becarful with spyware "removers and scanners"-- there are many "rogue/suspect" (http://www.spywarewarrior.com/rogue_anti-spyware.htm) programs that "claim to remove" spyware.Check here first.

AntiTrojan software to fill in the gap:
a2 free (http://www.emsisoft.com/en/software/free/)
Ewido Anti-Malware (http://www.ewido.net/en/)
Trojan Hunter (30 day trial version) (http://www.misec.net/)
Tauscan trial version (http://www.agnitum.com/products/tauscan/)

Other programs to consider:
Process Guard (http://www.diamondcs.com.au/processguard/) stop events/processes with user intervention
SpywareBlaster (http://www.bleepingcomputer.com/forums/index.php?showtutorial=49) add security to IE
IE-SPYAD (https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD) adds adware peddlers sites/domains to IE restricted zone
CleanUp (http://www.stevengould.org/software/CleanUp/index.html) cleans out temp files,history, autoforms etc
ATF cleaner (W2K,XP only) (http://www.atribune.org/content/view/25/2/) cleans out temp files, history etc

Learn More:
Browser Checkup (http://www.jasons-toolbox.com/BrowserSecurity/)
Parasite Free (http://www.doxdesk.com/parasite/prevention.html)
Safe Hex (http://www.claymania.com/safe-hex.html)
Shelf Lifes page (http://security-central.us/SafeHex/index.htm)
Home Computer Security (http://www.cert.org/homeusers/HomeComputerSecurity/)

thank you shelf life for taking the time to help me get things straightened out and thank you for the above information, im going to check out some of the sites.:bigthumb: