PDA

View Full Version : multiple infections



crowbar
2006-11-27, 21:10
Hi,
Work computer had multiple infections, ran spybot and ran ad-aware, both seemed sucessfull, but still getting winantiviruspro2006 virus alerts from norton anti virus. I'm not a big norton fan, since it let all of this crap in in the first place, but its on the computer, and I will upgrade to bit defender after I clean this machine up.

spybot removed a smitfraud infection, but did not kill an ultimate cleaner infection, and probably others...
spybot logged removals are:
comet cursors
winantiviruspro2006
coolwwwsearch.control
smitfraud-c.toolbar888
systemdoctor2006
winantiviruspro2006

now spybot scan comes up clean-still getting a popup stating that there is infections, this triggers a norton virus alert for errorsave - related to the winantivirus2006 garbage.

adaware (ran after spybot) removed this crap:
WIN32.DIALER.TROJAN
WINANTIVIRUSPRO


I can usually kill spyware infections myself, but I know when to raise the white flag and seek help, so here is the hijack this log, and I appreciate any help given in advance...
Logfile of HijackThis v1.99.1
Scan saved at 1:37:39 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~2\navw32.exe
C:\Documents and Settings\Don\Application Data\U3\0000060412114128\LaunchPad.exe
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [75711d07.exe] C:\Documents and Settings\Don\Local Settings\Application Data\75711d07.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {264ED0B7-48C1-43AC-A80A-65924F5B9386} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {264ED0B7-48C1-43AC-A80A-65924F5B9386} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {341FD8C3-AE81-4B9A-AB2D-8CC4899396F6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {341FD8C3-AE81-4B9A-AB2D-8CC4899396F6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4F008A26-C554-4487-B05F-658498B03FAB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4F008A26-C554-4487-B05F-658498B03FAB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {522DF7CC-9C34-49E0-896A-50659E85FF8A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {522DF7CC-9C34-49E0-896A-50659E85FF8A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5B49BB75-5D3A-499B-BF75-4779648FB88E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B49BB75-5D3A-499B-BF75-4779648FB88E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5CD7BBF1-6A93-4621-9B34-08F4CE5BE833} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5CD7BBF1-6A93-4621-9B34-08F4CE5BE833} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {885F53A6-367A-4C90-933F-BF33C3C68516} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {885F53A6-367A-4C90-933F-BF33C3C68516} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8DB71081-6E52-42FC-BA76-BB6CBAD662B1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8DB71081-6E52-42FC-BA76-BB6CBAD662B1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E3D1914-B75D-4DF7-96B0-0BB3DE3D1160} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E3D1914-B75D-4DF7-96B0-0BB3DE3D1160} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9DF1AA1D-46DA-4E64-919C-812FFAA50863} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9DF1AA1D-46DA-4E64-919C-812FFAA50863} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A4D2AC1D-105D-43BE-9610-7C1E8C4B9404} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A4D2AC1D-105D-43BE-9610-7C1E8C4B9404} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AF7DA483-1DC0-431F-A341-FCD62B3EA29C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AF7DA483-1DC0-431F-A341-FCD62B3EA29C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B58B16CC-26A9-4564-ADCE-4AFFC7625E1A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B58B16CC-26A9-4564-ADCE-4AFFC7625E1A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B7375E02-54E8-4CCB-AA28-06739AC96864} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7375E02-54E8-4CCB-AA28-06739AC96864} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BD50DEE7-56AD-42AB-B739-6DD50F4EC59B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BD50DEE7-56AD-42AB-B739-6DD50F4EC59B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C6B957DE-E254-45F8-A445-00E22389BC05} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C6B957DE-E254-45F8-A445-00E22389BC05} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C7CD2C43-13D6-45D9-9F82-DDC7B0A9404F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C7CD2C43-13D6-45D9-9F82-DDC7B0A9404F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DE3EB3D1-DA5A-4A40-9A56-4673CE27696A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DE3EB3D1-DA5A-4A40-9A56-4673CE27696A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EA42FD6E-8F88-41CD-BFDF-EB56E3D8E524} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EA42FD6E-8F88-41CD-BFDF-EB56E3D8E524} - (no file) (HKCU)
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {1604DF98-D1A5-44FE-844A-98D6FD0518D0} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1060_XP.cab
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1059_XP.cab
O16 - DPF: {201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_ASPIV4_XP.cab
O16 - DPF: {24496BF4-1D01-530F-DE9D-30553783B97C} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {7E13FA83-E53A-3087-4A6C-63DD4BFB8C91} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061_XP.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074_XP.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1060_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_XP.cab
O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_XP.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

crowbar
2006-11-28, 18:50
I have now followed the self help post that I read here somewhere, still have strange things in the startup tab of msconfig.
ultimate cleaner - app.exe
rock.exe
75711d07.exe (in there twice)

here are the 3 logs:
rapport.txt
SmitFraudFix v2.125

Scan done at 10:17:22.51, Tue 11/28/2006
Run from C:\Program Files\smitfraud fix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

avg log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:14:35 AM 11/28/2006

+ Scan result:



C:\Documents and Settings\Don\Local Settings\Temp\Temporary Internet Files\Content.IE5\P50IM0CU\connect[2].htm -> Downloader.Small.ac : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Ignored.
C:\Documents and Settings\Don\Application Data\winantiviruspro2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\Don\Local Settings\Temp\temp.fr21BC -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0144292.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0144302.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-2bbb694d-2ba5d183.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Ignored.
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-40661d4-3f4faa48.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Ignored.
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-55725644-6d5fa29b.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Ignored.
C:\Documents and Settings\Don\Cookies\don@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@ameriprise.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@riptownmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\WinAntiVirus Pro 2006\Quarantine\DON@ADVERTISING[1].TXTctimkzxm -> TrackingCookie.Advertising : Cleaned.
C:\WinAntiVirus Pro 2006\Quarantine\DON@ADVERTISING[1].TXTwinrfgil -> TrackingCookie.Advertising : Cleaned.
C:\WinAntiVirus Pro 2006\Quarantine\DON@ADVERTISING[2].TXTazqhvtxu -> TrackingCookie.Advertising : Cleaned.
C:\WinAntiVirus Pro 2006\Quarantine\DON@ADVERTISING[2].TXTwqwwqooc -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Don\Cookies\don@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Don\Cookies\don@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Don\Cookies\don@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Don\Cookies\don@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\WinAntiVirus Pro 2006\Quarantine\don@doubleclick[2].txtdqsjfivo -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Don\Cookies\don@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\WinAntiVirus Pro 2006\Quarantine\system@findwhat[1].txtndrvjghh -> TrackingCookie.Findwhat : Cleaned.
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Don\Cookies\don@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Don\Cookies\don@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Don\Cookies\don@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Don\Cookies\don@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Don\Cookies\don@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Don\Cookies\don@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Don\Cookies\don@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Don\Cookies\don@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Don\Cookies\don@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Don\Cookies\don@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Don\Cookies\don@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:49:25 AM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\75711d07.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [75711d07.exe] C:\WINDOWS\system32\75711d07.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [75711d07.exe] C:\Documents and Settings\Don\Local Settings\Application Data\75711d07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {264ED0B7-48C1-43AC-A80A-65924F5B9386} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {264ED0B7-48C1-43AC-A80A-65924F5B9386} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {341FD8C3-AE81-4B9A-AB2D-8CC4899396F6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {341FD8C3-AE81-4B9A-AB2D-8CC4899396F6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4F008A26-C554-4487-B05F-658498B03FAB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4F008A26-C554-4487-B05F-658498B03FAB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {522DF7CC-9C34-49E0-896A-50659E85FF8A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {522DF7CC-9C34-49E0-896A-50659E85FF8A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5B49BB75-5D3A-499B-BF75-4779648FB88E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B49BB75-5D3A-499B-BF75-4779648FB88E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5CD7BBF1-6A93-4621-9B34-08F4CE5BE833} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5CD7BBF1-6A93-4621-9B34-08F4CE5BE833} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {885F53A6-367A-4C90-933F-BF33C3C68516} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {885F53A6-367A-4C90-933F-BF33C3C68516} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8DB71081-6E52-42FC-BA76-BB6CBAD662B1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8DB71081-6E52-42FC-BA76-BB6CBAD662B1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E3D1914-B75D-4DF7-96B0-0BB3DE3D1160} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E3D1914-B75D-4DF7-96B0-0BB3DE3D1160} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9DF1AA1D-46DA-4E64-919C-812FFAA50863} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9DF1AA1D-46DA-4E64-919C-812FFAA50863} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A4D2AC1D-105D-43BE-9610-7C1E8C4B9404} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A4D2AC1D-105D-43BE-9610-7C1E8C4B9404} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AF7DA483-1DC0-431F-A341-FCD62B3EA29C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AF7DA483-1DC0-431F-A341-FCD62B3EA29C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B58B16CC-26A9-4564-ADCE-4AFFC7625E1A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B58B16CC-26A9-4564-ADCE-4AFFC7625E1A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B7375E02-54E8-4CCB-AA28-06739AC96864} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7375E02-54E8-4CCB-AA28-06739AC96864} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BD50DEE7-56AD-42AB-B739-6DD50F4EC59B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BD50DEE7-56AD-42AB-B739-6DD50F4EC59B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C6B957DE-E254-45F8-A445-00E22389BC05} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C6B957DE-E254-45F8-A445-00E22389BC05} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C7CD2C43-13D6-45D9-9F82-DDC7B0A9404F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C7CD2C43-13D6-45D9-9F82-DDC7B0A9404F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DE3EB3D1-DA5A-4A40-9A56-4673CE27696A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DE3EB3D1-DA5A-4A40-9A56-4673CE27696A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EA42FD6E-8F88-41CD-BFDF-EB56E3D8E524} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EA42FD6E-8F88-41CD-BFDF-EB56E3D8E524} - (no file) (HKCU)
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1071_XP.cab
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_ASPIV4_XP.cab
O16 - DPF: {1604DF98-D1A5-44FE-844A-98D6FD0518D0} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1060_XP.cab
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1059_XP.cab
O16 - DPF: {201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_ASPIV4_XP.cab
O16 - DPF: {24496BF4-1D01-530F-DE9D-30553783B97C} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1070_XP.cab
O16 - DPF: {7E13FA83-E53A-3087-4A6C-63DD4BFB8C91} - http://85.255.115.229/1/gdnUS1440.exe
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061_XP.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_EN_XP.cab
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1074_XP.cab
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068_XP.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1060_XP.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069_XP.cab
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1073_XP.cab
O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1E3C0D7-91D1-4E7F-A13E-FBA2300B56D0}: NameServer = 192.168.55.1,192.168.55.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe


I am tempted to just disable the 3 suspect entries in msconfig, but will await a more expert opinion- but now the fake spyware popups seem to have stopped.
Thanks in advance....

pskelley
2006-11-29, 18:24
Welcome to the forum, you have quite a mess here. I will help you clean it up but it is going to take a while and you will need to follow direction.

1) Start > Control Panel > Add Remove programs > uninstall anything you know should not be there like Ultimate Cleaner. If you are not sure let me know and I will look.

2) Make sure everything is enabled in MSConfig, I must see it all for the duration of this repair.

3) Looks like the Vundo is there somewhere though I can not see it. C:\Program Files\hijack this\HijackThis.exe <<< right click and rename HJT.exe to crowbar.exe or what ever, the next HJT log may show Vundo?

4) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

5) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

6) Turn off AVG Anti-Spyware 7.5\guard.exe it will block the changes we must make, like this:
Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

7) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [75711d07.exe] C:\WINDOWS\system32\75711d07.exe
O4 - HKCU\..\Run: [75711d07.exe] C:\Documents and Settings\Don\Local Settings\Application Data\75711d07.exe
O9 - Extra button: Microsoft AntiSpyware helper - {264ED0B7-48C1-43AC-A80A-65924F5B9386} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {264ED0B7-48C1-43AC-A80A-65924F5B9386} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {341FD8C3-AE81-4B9A-AB2D-8CC4899396F6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {341FD8C3-AE81-4B9A-AB2D-8CC4899396F6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {4F008A26-C554-4487-B05F-658498B03FAB} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {4F008A26-C554-4487-B05F-658498B03FAB} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {522DF7CC-9C34-49E0-896A-50659E85FF8A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {522DF7CC-9C34-49E0-896A-50659E85FF8A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5B49BB75-5D3A-499B-BF75-4779648FB88E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5B49BB75-5D3A-499B-BF75-4779648FB88E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5CD7BBF1-6A93-4621-9B34-08F4CE5BE833} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5CD7BBF1-6A93-4621-9B34-08F4CE5BE833} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {885F53A6-367A-4C90-933F-BF33C3C68516} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {885F53A6-367A-4C90-933F-BF33C3C68516} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8DB71081-6E52-42FC-BA76-BB6CBAD662B1} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8DB71081-6E52-42FC-BA76-BB6CBAD662B1} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E3D1914-B75D-4DF7-96B0-0BB3DE3D1160} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E3D1914-B75D-4DF7-96B0-0BB3DE3D1160} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9DF1AA1D-46DA-4E64-919C-812FFAA50863} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9DF1AA1D-46DA-4E64-919C-812FFAA50863} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A4D2AC1D-105D-43BE-9610-7C1E8C4B9404} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A4D2AC1D-105D-43BE-9610-7C1E8C4B9404} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AF7DA483-1DC0-431F-A341-FCD62B3EA29C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AF7DA483-1DC0-431F-A341-FCD62B3EA29C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B58B16CC-26A9-4564-ADCE-4AFFC7625E1A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B58B16CC-26A9-4564-ADCE-4AFFC7625E1A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B7375E02-54E8-4CCB-AA28-06739AC96864} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B7375E02-54E8-4CCB-AA28-06739AC96864} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BD50DEE7-56AD-42AB-B739-6DD50F4EC59B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BD50DEE7-56AD-42AB-B739-6DD50F4EC59B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C6B957DE-E254-45F8-A445-00E22389BC05} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C6B957DE-E254-45F8-A445-00E22389BC05} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {C7CD2C43-13D6-45D9-9F82-DDC7B0A9404F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {C7CD2C43-13D6-45D9-9F82-DDC7B0A9404F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DE3EB3D1-DA5A-4A40-9A56-4673CE27696A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DE3EB3D1-DA5A-4A40-9A56-4673CE27696A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EA42FD6E-8F88-41CD-BFDF-EB56E3D8E524} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EA42FD6E-8F88-41CD-BFDF-EB56E3D8E524} - (no file) (HKCU)
O16 - DPF: {04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7} - http://scripts.downloadv3.com/binari...SS_1071_XP.cab
-Electronic-Group Dialer
O16 - DPF: {0D1011B3-89C8-4F8E-8693-BB970E2E81E0} - http://scripts.downloadv3.com/binari..._ASPIV4_XP.cab
-Electronic-Group Dialer
O16 - DPF: {1604DF98-D1A5-44FE-844A-98D6FD0518D0} - http://akamai.downloadv3.com/binarie...SS_1060_XP.cab
-Electronic-Group Dialer
O16 - DPF: {1CD49DC9-FD88-41FA-B892-47E037267D45} - http://akamai.downloadv3.com/binarie...SS_1059_XP.cab
-Electronic-Group Dialer
O16 - DPF: {201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762} - http://scripts.downloadv3.com/binari..._ASPIV4_XP.cab
-Electronic-Group Dialer
O16 - DPF: {24496BF4-1D01-530F-DE9D-30553783B97C} - http://85.255.115.229/1/gdnUS1440.exe
Wareout
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - http://scripts.downloadv3.com/binari...SS_1070_XP.cab
-Electronic-Group Dialer
O16 - DPF: {7E13FA83-E53A-3087-4A6C-63DD4BFB8C91} - http://85.255.115.229/1/gdnUS1440.exe
Wareout
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/ega...s4_1061_XP.cab
-Electronic-Group Dialer
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/ega...s4_1059_XP.cab
-Electronic-Group Dialer
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binari...vc32_EN_XP.cab
-Electronic-Group Dialer
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binari...SS_1074_XP.cab
-Electronic-Group Dialer
O16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} - http://scripts.downloadv3.com/binari...SS_1068_XP.cab
-Electronic-Group Dialer
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://scripts.dlv4.com/binaries/ega...s4_1060_XP.cab
-Electronic-Group Dialer
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binari...vc32_EN_XP.cab
-Electronic-Group Dialer
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} - http://scripts.downloadv3.com/binari...SS_1069_XP.cab
-Electronic-Group Dialer
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binari...SS_1073_XP.cab
-Electronic-Group Dialer
O16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} - http://scripts.downloadv3.com/binari...SS_1067_XP.cab
-Electronic-Group Dialer

Close all programs but HJT and all browser windows, then click on "Fix Checked"

8) RIGHT Click on Start then click on Explore. Locate and delete these items:

(some files may be gone, just DO NOT miss them)

rock.exe <<< delete this file (search for it)

C:\WINDOWS\system32\75711d07.exe <<< delete this file

C:\Program Files\Ultimate Cleaner\ <<< delete this folder
C:\Documents and Settings\Don\Local Settings\Application Data\75711d07.exe <<< delete this file

9) You ignored some nasty stuff when you ran AVG Anti-Spyware before, run it again according to the instruction in this link and delete or at least quarantine anything it locates.
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/
Thanks to John McKenna for the tutorial.

10) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the Report-Scan.txt from AVG Anti-Spyware and a new HJT log.

Thanks

C:\Program Files\Java\j2re1.4.2_03\ <<< your Java progam is out of date and likely the reason you are infected, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Uninstall all old versions and update to the most recent. Do that now please.

crowbar
2006-11-30, 18:11
that took a while but its done,
I hope things look cleaner after all that...
avg log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:53:40 AM 11/30/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N73M1004NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Don\Application Data\winantiviruspro2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Don\Local Settings\Temp\temp.fr21BC -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0144292.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP260\A0144302.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-2bbb694d-2ba5d183.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-40661d4-3f4faa48.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Don\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-55725644-6d5fa29b.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Don\Cookies\don@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.


::Report end

HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 10:58:03 AM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\hijack this\crowbar.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1E3C0D7-91D1-4E7F-A13E-FBA2300B56D0}: NameServer = 192.168.55.1,192.168.55.254
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

I updated the java on the machine also - thanks for the help beating down the bad guys.
Would like to get my hands on one of these creeps - there would be 1 less, it wouldnt help but would give me something good to post!!

I await your response....

pskelley
2006-11-30, 20:36
Good job with those instructions:bigthumb: I see no evidence of the Vundo trojan, if it was there you would know it. It is a prolific popup maker usually directing to Winfixer (rouge software).

I updated the java on the machine also - thanks for the help beating down the bad guys.
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

Did you reboot after you updated? I see the old versions still in the log. Check to make sure no old versions exist in Add Remove programs.

Make sure that Java progam is the newest version, I would say you should be good to go, do this first:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
If you keep the scanner, make sure you clean out that quarantine folder.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Safe surfing...tashi :) will close you topic in a few days.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

crowbar
2006-11-30, 21:26
Thanks so much! You guys fight the good fight, keep up the good work.

I ran the HJT scan before I updated the java, sorry about that. I just wanted to get the post on there ASAP. The Java site confirmed that the newest version was installed, with the big green button.

Thanks Again!!

LonnyRJones
2006-12-06, 13:29
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).