Fusion Dan
2006-04-20, 12:05
I have some items on my computer that I cannot get rid of.
I have been running Spybot S&D, and Adaware SE, in safe mode. Both locate Vcodec and Smitfraud, and say that they remove it successfully.
When I then open my computer in normal mode, I get pop-ups (some of which are embarrassing).
When I switched on my computer this morning Spybot ran before anything else had opened up. It found Vcodec, and said that it removed it. When windows fully opened up I had SpyQuake on my screen. I have seen SpyQuake before, and uninstalled it.
I shut down the computer; opened it in safe mode; uninstalled SpyQuake; ran Spybot (located and removed Vcodec; Smitfraud-C; SpyQuake); ran Adaware SE (found 13no critical objects, and removed them).
When I then restarted my computer a small red box keeps popping up in the bottom right of my screen, stating that a critical error has occurred, and that I should click in the box to install some antivirus software. I ignore this box, as am scared it may just be more evil...
I do not know what to do.
I have seen that people post HijackThis logs on here, so here is mine:
Logfile of HijackThis v1.97.7
Scan saved at 10:11:41, on 20/04/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mssearchnet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\MI05E6~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dan.FUSION\Desktop\HijackThis.exe
O2 - BHO: (no name) - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINNT\system32\hpD1AE.tmp
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Please can you help me, this problem is making work a nightmare...
Cheers
Dan :(
I have been running Spybot S&D, and Adaware SE, in safe mode. Both locate Vcodec and Smitfraud, and say that they remove it successfully.
When I then open my computer in normal mode, I get pop-ups (some of which are embarrassing).
When I switched on my computer this morning Spybot ran before anything else had opened up. It found Vcodec, and said that it removed it. When windows fully opened up I had SpyQuake on my screen. I have seen SpyQuake before, and uninstalled it.
I shut down the computer; opened it in safe mode; uninstalled SpyQuake; ran Spybot (located and removed Vcodec; Smitfraud-C; SpyQuake); ran Adaware SE (found 13no critical objects, and removed them).
When I then restarted my computer a small red box keeps popping up in the bottom right of my screen, stating that a critical error has occurred, and that I should click in the box to install some antivirus software. I ignore this box, as am scared it may just be more evil...
I do not know what to do.
I have seen that people post HijackThis logs on here, so here is mine:
Logfile of HijackThis v1.97.7
Scan saved at 10:11:41, on 20/04/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\mssearchnet.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\MI05E6~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dan.FUSION\Desktop\HijackThis.exe
O2 - BHO: (no name) - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINNT\system32\hpD1AE.tmp
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Please can you help me, this problem is making work a nightmare...
Cheers
Dan :(