help, ton of spyware, wont go away!

[ximsocool]

i tired ewido, ad aware, and AVG but i still have a ton of spyware and its very annoying.. help!


please..


Logfile of HijackThis v1.99.1
Scan saved at 12:57:55 AM, on 6/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\55621488.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\de9c34c3.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\RACLE~1\mshta.exe
C:\WINDOWS\system32\?ecurity\m?iexec.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/MD/?func=newreg&lan...0409&os=5&src=1
R3 - URLSearchHook: (no name) - {578E5105-BBEE-E049-C89B-93FC5A80E6C4} - C:\WINDOWS\system32\vokp.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {578E5105-BBEE-E049-C89B-93FC5A80E6C4} - C:\WINDOWS\system32\vokp.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Sunkist2k] c:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [55621488.exe] C:\WINDOWS\system32\55621488.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [de9c34c3.exe] C:\WINDOWS\system32\de9c34c3.exe
O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [55621488.exe] C:\Documents and Settings\Patrick\Local Settings\Application Data\55621488.exe
O4 - HKCU\..\Run: [Usrr] "C:\PROGRA~1\COMMON~1\RACLE~1\mshta.exe" -vt yazr
O4 - HKCU\..\Run: [Drg] C:\WINDOWS\system32\?ecurity\m?iexec.exe
O4 - HKCU\..\Run: [de9c34c3.exe] C:\Documents and Settings\Patrick\Local Settings\Application Data\de9c34c3.exe
O4 - Startup: .protected
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: .protected
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: pushow92.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[ximsocool]

bump

[guestolo]

Decide which Anti-Virus software you like the best and uninstall the other
I see AVG and Symantec's
Having more than one active AV running background protection can do more harm than good
Causing conflicts with each other and operating system instabilities

Reboot the computer afterwards

Back in Windows
I need to see a couple logs

Please Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[color=\"#3366FF\"]Note[/color] : [color=\"#FF0000\"]process.exe[/color] [color=\"#3366FF\"]is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.[/color]

Also, Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs
If you get a prompt from your Anti-Virus, please ALLOW this script too run
We are just collecting information

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

[ximsocool]

smitfraud--------------------
SmitFraudFix v2.61

Scan done at 23:15:08.93, Thu 06/15/2006
Run from C:\Documents and Settings\Patrick\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp?.tmp FOUND !
C:\WINDOWS\system32\ld?.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\rmzdzx.dll FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrick\Application Data

C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake.com 2.1.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\Patrick\STARTM~1\SpywareQuake.com 2.1.lnk FOUND !
C:\DOCUME~1\Patrick\STARTM~1\Programs\SpywareQuake.com FOUND !
C:\DOCUME~1\Patrick\STARTM~1\Programs\Startup\.protected FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Patrick\FAVORI~1

C:\DOCUME~1\Patrick\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\Patrick\Desktop\SpywareQuake.com.lnk FOUND !
C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpywareQuake.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5aaf6542-f4ba-4df4-873d-4902ecbe794c}"="antitragus"

[HKEY_CLASSES_ROOT\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\asxbbx.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{5aaf6542-f4ba-4df4-873d-4902ecbe794c}\InProcServer32]
@="C:\WINDOWS\system32\asxbbx.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9ae613a2-a13b-4379-8d0e-86a1a78476ec}"="corindon"

[HKEY_CLASSES_ROOT\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{9ae613a2-a13b-4379-8d0e-86a1a78476ec}\InProcServer32]
@="C:\WINDOWS\system32\rmzdzx.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





installedprgrams------------------------------------
INSTALLED SOFTWARE (150) - COMPUTER - 6/15/2006 11:17:15 PM

3ivx D4 4.5.1 (remove only)   Ver: 4.5.1
Ad-Aware SE Personal   Ver: 1.06
Adobe Acrobat 5.0   Ver: 5.0
Adobe Bridge 1.0   Ver: 001.000.003   Installed: 4/27/2006
Adobe Common File Installer   Ver: 1.00.0000   Installed: 4/27/2006
Adobe Help Center 1.0   Ver: 001.000.000   Installed: 4/27/2006
Adobe Photoshop CS2   Ver: 9.0
Adobe Photoshop CS2   Ver: 9.0   Installed: 4/27/2006
Adobe Stock Photos 1.0   Ver: 1.0.5   Installed: 4/27/2006
America Online (Choose which version to remove)   
AOL Coach Version 1.0(Build:20030807.3)   
AOL Instant Messenger   
Badder Adder   
BigFix   
CC_ccStart   Ver: 2.0.0.635   Installed: 1/4/2003
ccCommon   Ver: 2.0.0.635   Installed: 1/4/2003
CleanUp!   
CompuServe   
ewido anti-malware   
Google Earth   Ver: 3.0.0762   Installed: 5/17/2006
Guitar Pro 5.0   
HijackThis 1.99.1   Ver: 1.99.1
ICQ   
Indeo® XP Software   
IOI Multimedia Card Reader   Ver: 1.03   Installed: 1/4/2003
IOI Multimedia Card Reader   Ver: 1.03   Installed: 1/4/2003
iTunes   Ver: 6.0.4.2   Installed: 6/9/2006
iTunes   Ver: 6.0.4.2   Installed: 6/9/2006
J2SE Runtime Environment 5.0 Update 3   Ver: 1.5.0.30   Installed: 4/24/2006
J2SE Runtime Environment 5.0 Update 6   Ver: 1.5.0.60   Installed: 4/25/2006
Java 2 Runtime Environment Standard Edition v1.3.1   
Java 2 Runtime Environment Standard Edition v1.3.1_02   
Learn2 Player (Uninstall Only)   
Lexmark Photo Center   Ver: 1.05   Installed: 4/14/2006
Lexmark Photo Center   Ver: 1.05   Installed: 4/14/2006
Lexmark Z700-P700 Series   
LimeWire PRO 4.10.9   Ver: 4.10.9
LiveReg (Symantec Corporation)   Ver: 2.4.2.2295
LiveUpdate 1.90 (Symantec Corporation)   Ver: 1.90.14.0
Macromedia Dreamweaver 8   Ver: 8.0.0.2734   Installed: 4/30/2006
Macromedia Extension Manager   Ver: 1.7.240   Installed: 4/30/2006
Macromedia Fireworks 8   Ver: 8.0.0.777   Installed: 4/30/2006
Macromedia Flash 8   Ver: 8.00.0000   Installed: 4/30/2006
Macromedia Flash 8 Video Encoder   Ver: 1.00.0000   Installed: 4/30/2006
Macromedia Flash Player 8   Ver: 8
Macromedia Flash Player 8   Ver: 8.0.22.0   Installed: 4/30/2006
Macromedia Flash Player 8 Plugin   Ver: 8.0.22.0   Installed: 4/30/2006
Macromedia FreeHand 10   Ver: 10
Macromedia Shockwave Player   Ver: 10.1.0.11
Microsoft .NET Framework 2.0   
Microsoft .NET Framework 2.0   Ver: 2.0.50727   Installed: 5/1/2006
Microsoft Data Access Components KB870669   
Microsoft Money 2003   Ver: 11.0.50   Installed: 1/4/2003
Microsoft Money 2003 System Pack   Ver: 11.0.80   Installed: 1/4/2003
Microsoft MSDN 2005 Express Edition - ENU   
Microsoft MSDN 2005 Express Edition - ENU   Ver: 1.16.50727.42   Installed: 5/1/2006
Microsoft Office PowerPoint Viewer 2003   Ver: 11.0.6458.0   Installed: 4/19/2006
Microsoft Platform SDK (3790.1830)   Ver: 5.2.3790.1830   Installed: 5/4/2006
Microsoft Platform SDK (R2) (3790.2075)   Ver: 5.2.3790.2075   Installed: 5/2/2006
Microsoft SQL Server 2005   
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)   Ver: 9.00.1399.06   Installed: 5/1/2006
Microsoft SQL Server 2005 Tools Express Edition   Ver: 9.00.1399.06   Installed: 5/1/2006
Microsoft SQL Server Native Client   Ver: 9.00.1399.06   Installed: 5/1/2006
Microsoft SQL Server Setup Support Files (English)   Ver: 9.00.1399.06   Installed: 5/1/2006
Microsoft SQL Server VSS Writer   Ver: 9.00.1399.06   Installed: 5/1/2006
Microsoft Visual Basic 2005 Express Edition - ENU   
Microsoft Visual Basic 2005 Express Edition - ENU   Ver: 8.0.50727.42   Installed: 5/1/2006
Microsoft Visual C++ 2005 Express Edition - ENU   
Microsoft Visual C++ 2005 Express Edition - ENU   Ver: 8.0.50727.42   Installed: 5/2/2006
Microsoft Works 6.0   Ver: 06.00.1829   Installed: 1/4/2003
Mozilla Firefox (1.5.0.4)   Ver: 1.5.0.4 (en-US)
MSN Music Assistant   
MSRedist   Ver: 1.0.0.0   Installed: 1/4/2003
MSXML 6.0 Parser   Ver: 6.00.3883.8   Installed: 5/1/2006
Multimedia Keyboard Driver   
Netscape 6 (6.2.1)   
Norton AntiVirus 2004   Ver: 10.00.00   Installed: 1/4/2003
Norton AntiVirus 2004 (Symantec Corporation)   Ver: 10.00.00
Norton AntiVirus Parent MSI   Ver: 10.0.0   Installed: 1/4/2003
Norton WMI Update   Ver: 2005.1.2.20   Installed: 5/11/2006
NVIDIA Display Driver   
NVIDIA Ethernet Driver   
NVIDIA nForce Drivers   
PowerDVD   
QuickTime   Ver: 7.1   Installed: 6/9/2006
QuickTime   Ver: 7.1   Installed: 6/9/2006
RealPlayer Basic   
Ricochet Lost Worlds   
Security Update for Windows Media Player (KB911564)      Installed: 4/23/2006
Security Update for Windows Media Player 10 (KB911565)      Installed: 4/24/2006
Security Update for Windows XP (KB890046)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB893756)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB896358)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB896422)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB896423)   Ver: 1   Installed: 4/14/2006
Security Update for Windows XP (KB896424)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB896428)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB899587)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB899588)   Ver: 1   Installed: 4/14/2006
Security Update for Windows XP (KB899591)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB900725)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB901017)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB901214)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB902400)   Ver: 1   Installed: 4/14/2006
Security Update for Windows XP (KB904706)   Ver: 2   Installed: 4/22/2006
Security Update for Windows XP (KB905414)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB905749)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB908519)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB908531)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB911562)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB911567)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB911927)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB912812)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB912919)   Ver: 1   Installed: 4/22/2006
Security Update for Windows XP (KB913446)   Ver: 1   Installed: 4/23/2006
Security Update for Windows XP (KB913580)   Ver: 1   Installed: 5/12/2006
Shareaza version 2.2.1.0   Ver: 2.2.1.0
Shockwave Director 10.1.1   
SoftV92 Data Fax Modem with SmartCP   
SpywareQuake.com 2.1   Ver: 2.1
Symantec Network Drivers Update   Ver: 5.5.1.6   Installed: 5/1/2006
Symantec Script Blocking Installer   Ver: 1.0.0   Installed: 1/4/2003
SymNet   Ver: 4.7.1   Installed: 1/4/2003
Update for Windows XP (KB898461)   Ver: 1   Installed: 4/19/2006
Update for Windows XP (KB900485)   Ver: 2   Installed: 4/25/2006
Update for Windows XP (KB910437)   Ver: 1   Installed: 4/23/2006
Viewpoint Manager (Remove Only)   
Viewpoint Media Player   
WebFldrs XP   Ver: 9.50.6513   Installed: 1/4/2003
WinAce Archiver   Ver: 2.61
Winamp (remove only)   
Windows Backup Utility   Ver: 5.1   Installed: 1/4/2003
Windows Genuine Advantage Notifications (KB905474)   Ver: 1.5.0526.0   Installed: 5/28/2006
Windows Installer 3.1 (KB893803)   Ver: 3.1
Windows Media Format Runtime   
Windows Media Player 10   
Windows Movie Maker 2.0   Ver: 2.0.0000   Installed: 1/4/2003
Windows XP Hotfix - KB873339   Ver: 20041117.092459
Windows XP Hotfix - KB885250   Ver: 20050118.202711
Windows XP Hotfix - KB885835   Ver: 20041027.181713
Windows XP Hotfix - KB885836   Ver: 20041028.173203
Windows XP Hotfix - KB885884   Ver: 20040924.025457
Windows XP Hotfix - KB886185   Ver: 20041021.090540
Windows XP Hotfix - KB887472   Ver: 20041014.162858
Windows XP Hotfix - KB887742   Ver: 20041103.095002
Windows XP Hotfix - KB888113   Ver: 20041116.131036
Windows XP Hotfix - KB888302   Ver: 20041207.111426
Windows XP Hotfix - KB890859   Ver: 1   Installed: 4/23/2006
Windows XP Hotfix - KB891781   Ver: 20050110.165439
Windows XP Service Pack 2   Ver: 20040803.231319

[guestolo]

Can you do the following
==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" UNCHECK
 

"Install background guard"
 "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the auto updater won't work
Please manually update from this link
http://www.ewido.net/en/download/updates/

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

Access your add/remove programs and remove all the following
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
The above are all old versions or updates of Java, we will update this in a bit

Finally remove
SpywareQuake.com 2.1

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu
In safe mode

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
CleanUp, may prompt to run in Demo mode the first time ran, decline, we actually want to run the cleanup portion
When it's done>>Click Close
DECLINE to Log off or Restart the computer

==Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process.  A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default they are also saved at C:\rapport.txt

If a reboot was required, reboot back to safe mode
If it wasn't required, remain in safe mode

   ==Open Ewido Anti-malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to the desktop or someplace you will remember
Exit Ewido
NOTE: When Ewido is running, don't open any other windows, let it run uninterrupted

Reboot back to Normal mode

Let's update Java
Go to the following link
http://www.java.com/en/download/manual.jsp
Download and save to desktop the Windows OFFLINE installation
Double click on the installer and follow the prompts to install the latest version of Java
Once installed you can delete the installer saved to desktop

Post back the following:
1. Run a Scan and save logfile with Hijackthis and post a fresh log
2. Post the whole report from Ewidos'
3. Post the contents of the log from Smitfraudfix located here>>C:\Rapport.txt