Multi-Problem

[Stormcougar]

Computer is running better then when I first asked your help *thanks*, but still has a bit to go to be back to normal.

Still trying to get the Nortons stuff off...taking more time then I hoped, because the machine is always used the items that take time has to be done at night. I appolize for the time its taking on my end.

 

[Stormcougar]

Yay! I got Norton's stuff cleared.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:57:49 PM 10/17/2006

+ Scan result:



C:\Documents and Settings\User\Local Settings\Temp\ICD1.tmp\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignored.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AZSFYBUH\SystemDoctor2006FreeInstall[1].cab/USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignored.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignored.
C:\Documents and Settings\User\My Documents\WoW\UWC_SpeedSoloMiniEMU.rar/miniemu\extra\Tools\ItemCreator1.2.5.exe -> Not-A-Virus.Monitor.Win32.JazoKeylogger.3110 : Ignored.
C:\Program Files\Akutski's 1.9.2 Repack\Tools\Item Creator.rar/ItemCreator1.2.5.exe -> Not-A-Virus.Monitor.Win32.JazoKeylogger.3110 : Ignored.
C:\Program Files\Akutski's 1.9.2 Repack\Tools\ItemCreator1-2-5.rar/ItemCreator1.2.5.exe -> Not-A-Virus.Monitor.Win32.JazoKeylogger.3110 : Ignored.
C:\Program Files\Akutski's 1.9.2 Repack\Tools\game restarter tool.rar/daijwrestarter.exe -> Not-A-Virus.Monitor.Win32.JazoKeylogger.3110 : Ignored.
:mozilla.241:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.242:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.191:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.192:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.193:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.194:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.195:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.130:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.131:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.132:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.222:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.223:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.224:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.246:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.135:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.136:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.137:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.245:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.230:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.231:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.232:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.233:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.234:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.261:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.262:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.200:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.105:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.106:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.96:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.97:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.98:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.19:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.227:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.228:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.229:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\xwy80a05.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

 

[pskelley]

Please run the AVG scan again, you are choosing to ignore a lot of junk. Either delete or quarantine everything located. Look at that the scan report, you can see the winfixer junk you did not remove with the scan?? If you do not allow the tool to remove that junk, you will have to delete it manually. Make sure you run ths scan in SAFE MODE:
http://www.bleepingcomputer.com/tutorials/tutorial61.html

Before you post the scan, edit out all of the cookies, I have no need to see them again.

Return to here: C:\HiJackThis\HijackThis.exe <<< right click and rename HijackThis.exe to Stormcougar.exe or whatever you wish. Restart the computer and post a new HJT log along with the AVG scan. I believe we are dealing with a hidden Vundo infection and that should show it to us.

Thanks

 

[tashi]

Still with us Stormcougar?

 

[Stormcougar]

Still with you, figuring out what he means by AVG.

 

[pskelley]

If you have questions, please post and ask them. AVG Anti-Spyware will not remove the junk from your computer unless you tell it to. Follow the instructions in this link:
http://www.virusvault.co.uk/fusionbb/showtopic.php?tid/33/

So as not to confuse you, you do not need to do number one (1) of the instructions again since you already have the program installed, but follow the balance of the instructions. In Number six (6), make sure you do this:
Then click Save report > Save report as and save the Report-Scan.txt to your desktop. `


Since it has been over a week since you have responded, be sure you follow all of the directions I posted at this time: 2006-10-18, 04:28
Once I get the results of that HJT log with the renamed HJT.exe and the Report-Scan.txt from AVG Anti-Spyware scan, we will go from there,

Thanks

 

[tashi]

Hi all.

I will close this topic if no response by end of day.

 

[Stormcougar]

Logfile of HijackThis v1.99.1
Scan saved at 1:00:16 PM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\ijT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
O1 - Hosts: 153.91.179.153 L2authd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\User\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141088438437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155926045156
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

[pskelley]

Well, It is apparent you are not going to follow directions. I will make a couple of suggestions in closing.

1) the version of ewido you are running is out of date, you can download the new version here: http://www.ewido.net/en/

2) I believe your Java program is out of date, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

3) HJT log appears to be clean of malware. I suggest you do this: System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

tashi can close this topic when time permits.

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

 

[Stormcougar]

Explain what direction I didn't follow?

I posted a HiJackThis scan, I started a ewido scan...I come back to post those results which I have to clean to your specs.

 

[Stormcougar]

If my ewido is out dated then the scan results are worthless and I'll have to get the new one and start over.

I have updated Java from the first time, FOLLOWING instructions...everything I do java related works. I'm not sure how to update to your standerds.

 

[Stormcougar]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:45:18 PM 11/3/2006

+ Scan result:



C:\RECYCLER\NPROTECT\00000099.exe -> Adware.Searchcolor : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned.
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned.
C:\Documents and Settings\User\My Documents\WoW\UWC_SpeedSoloMiniEMU.rar/miniemu\extra\Tools\ItemCreator1.2.5.exe -> Not-A-Virus.Monitor.Win32.JazoKeylogger.3110 : Cleaned.
C:\Program Files\Akutski's 1.9.2 Repack\Tools\Item Creator.rar/ItemCreator1.2.5.exe -> Not-A-Virus.Monitor.Win32.JazoKeylogger.3110 : Cleaned.
C:\Program Files\Akutski's 1.9.2 Repack\Tools\ItemCreator1-2-5.rar/ItemCreator1.2.5.exe -> Not-A-Virus.Monitor.Win32.JazoKeylogger.3110 : Cleaned.
C:\Program Files\Akutski's 1.9.2 Repack\Tools\game restarter tool.rar/daijwrestarter.exe -> Not-A-Virus.Monitor.Win32.JazoKeylogger.3110 : Cleaned.



::Report end

 

[pskelley]

AVG Anti-Spyware cleaned what it located, your HJT log is clean. Make sure you follow the directions in that last post to clean System Restore files. The information in the links from the experts will go a long way towards helping you stay clean.

Safe surfing:bigthumb:

 

[LonnyRJones]

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).