spyware quake virus ?

I have been having a problem with this trojan (I assume) that has popped into my task bar. It is a a icon that switches between two images, a blue circle with a question mark inside, and a red circle with a slash inside (like a no smoking sign). On mousing over it, It'll say "Virus Alert!", and upon clicking it it says in bold "Your computer is infected!" (in a red box) followed by a 'solution', "Critical System Error! System detected virus activities...etc." If I click on it...it sends me to spywarequake website. too my knowledge i Have not installed the spyware quake b/c its also a somewhat of a ****ed file. so...

i have tried smitrem and someother tools...anyways...

here is my hi jack this log...hopefully you guys will find the problem....and post some instructions on how to get rid of it

------------------------------------------------------------------------

Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.


Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

arpa.exe
nslookup.exe

Close task manager.

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKCU\..\Run: [Aowr] "C:\WINDOWS\system32\MCROSO~1\arpa.exe" -vt yazr

O4 - HKCU\..\Run: [Dqew] C:\Documents and Settings\user\My Documents\??crosoft.NET\nslookup.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazz....cab?refid=1123

O20 - Winlogon Notify: khfdcaw - C:\WINDOWS\

O20 - Winlogon Notify: winrkq32 - C:\WINDOWS\

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Documents and Settings\user\My Documents\??crosoft.NET\nslookup.exe

C:\WINDOWS\system32\MCROSO~1\arpa.exe

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.

Regards Howard :wave: :wave:

sorry for hte double post...I took out hte zlara.dll and it was the thing that kept popping up...it was registered as an unknown file for hijackthis...so maybe you guys should enter it in or somthing....