Author Topic: "Your computer is infected!" (Read 3095 times)

machix · « **on:** February 09, 2006, 05:35:47 AM »

I have this box that keeps popping up from the bottom right side of my menu bar and it says this,

"Your computer is infected!" Possible harmful infection was detected on ur PC. The system will now download and install the most efficient spyware removal progam to prevent private data loss and identity theft..."

Its very irritating and I cant seem to get rid of it even though I have used AdAware, SpyBot and SpyWare Doctor. Has anyone came across this before? Hopefully by posting the details of my HijackThis log, someone can help me out.

-------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:32:18 PM, on 2/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lua\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3D20DB72-57B1-4564-BDFA-2581337B7446} (Mganiser Control) - http://www.moreatonce.com/atx/mganiser.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1133126726265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133126137250
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

guestolo · « **Reply #1 on:** February 09, 2006, 10:26:41 PM »

This appears to be a new breed of Smitfraud starting to appear online
I'm certain we can clear you of this, but please do all the following below

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it too the empty notepad please
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop, well need this later, don't run it yet
Ensure to to include REGEDIT4 and down in the code box

Code: [Select]

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"=-

[-HKEY_CLASSES_ROOT\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyFalcon"=-

Download SmitRem.exe by Noahdfear and save the file to your desktop.
Don't run it yet

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

Open Hijackthis>>Open Misc tools section>>Open "Delete File on Reboot"
In the file name field, copy and paste the whole bold line below

C:\Windows\System32\dxmpp.dll
Click the OPEN button
Hijackthis should prompt you that the file will be deleted and to reboot the computer
Allow to reboot

Reboot the computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

In safe mode

==Double click on fix.reg and allow to add/merge to the registry

==Find and delete this folder if found
C:\Program Files\SpyFalcon <-this folder

==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish

Reboot back to Normal mode
Back in Windows
Use Internet Explorer and Run the online Panda ActiveScan
* Once you are on the Panda site click the Scan your PC button.
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on Local Disks to start the scan.

When the scan is complete
click See Report, then click Save Report and save it to your Desktop.

1. Post the report from Panda's
2. Post back a fresh hijackthis log
3. Post the Whole log made from SmitRem located here C:\Smitfiles.txt

NOTE: You will have to reset your background in Display properties
XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

air23 · « **Reply #2 on:** February 25, 2006, 07:56:39 PM »

I have the same problem and i followed your instructions and here are all the file i saved:

[/b]Report from Panda's:

Incident Status Location

Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oh8mcl5n.Sunny\cookies.txt[]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wmitzmyf.default\cookies.txt[]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3788ba1b.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3788ba1b.zip[NewURLClassLoader.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-149af8ee.zip[InstallerApplet.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-2dc5209a.zip[Dummy.class]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Application Data\Μicrosoft.NET\nslookup.exe
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ Games.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ KING KONG 2006 DVD r French .zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ Music.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ Software.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\©bySpikys.WinXP.Corporate.x64.German.(Unattended inkl MUI).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\¥¥¥ Everything you always wanted to know about SEX.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\¥¥¥ Fantasy Art - Louis Royo - Boris Vallejo - Julie Bell - Larry Elmore.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\'Allo 'Allo! - 'Allo 'Allo! - sezon 6 DSRip Lektor PL XviD-kshycho.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\'Allo 'Allo! - 'Allo 'Allo! 7x07 & 7x08 DSRip Lektor PL XviD-kshycho.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\'Allo 'Allo! - 'Allo 'Allo! [5x04] Return Of The Paintings [DSRip] [PL] [XviD-kshycho].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\'Allo 'Allo! - 'Allo 'Allo! [5x05] Enter Denise [DSRip] [PL] [XviD-kshycho].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\(12) Mark Knopfler - Old Pigweed wma.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\(ES) Charlie Jade S01E12 FRENCH PDTV XViD.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\(ES) Numb3rs S01E07 FRENCH PDTV XviD.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\(Guns N Roses) Breakdown mp3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\(Les Luthiers) - Todo Por Que Rias - (By MEM) www trackertomia com rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\(MUSIC VID) Utada Hikaru - Keep Tryin' (704x480 MPEG2)(J-Pop).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\(NEW) Game Server Hack.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\(V A ) - Titanes en el Ring - (By MEM) www trackertomia com rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\01 - You Really Got Me mp3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\01-Black Sabbath-1970-Black Sabbath.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\01-dj hogat - baby cry (radio edit) mp3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\02 10 06 A Chinese Tall Story 2005 情癲大聖-VCD.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\02-Black Sabbath-1970-Paranoid.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\07-Black Sabbath-1975-We Sold Our Soul For Rock'n' Roll.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\074 Playboy Hardbodies.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\075 Playboy Pamela Anderson.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\09-Black Sabbath-1978-Never Say Die!.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\10 3DRealms Games.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\1000 Atkins Diet Recipes [dailyneedz com].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\102 Dalmatas DVDRip Xvid Ac3 Spanish Grup Todo Morci Rip WWW TODOTORRENTE COM.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\1080i Band Of Brothers -Ep03 [5.1 DTS].avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\19 Year Old And 25 Year Old Hungary Chicks Get [censored] In The Ass Xxx Sex Anal Teen Visit Http Www Dl.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\1986 Electric Magic - Queen.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\1990 Just Say Ozzy.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\1994 John Trudell KLOS - Power and Authority.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\1998 [censored]ing Crazy.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2001 - Testament - First Strike Still Deadly [www heavytorrents tk].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2004 Eminem Is Back.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2006 Turin Olympics Day 5 CBC highlights DIVX Part 2 (missing part).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2006-02-02 - Festival de Verão, Salvador, Bahia [loshermanos-ssa].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 【海外ドラマ】 24 TWENTY FOUR Season5 第08&#354.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 24 Conspiracy - Season One.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 24 S05E08 HDTV XviD-442 [eztv].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 24 S05E08 HDTV XviD-LOL [www.PBNova.us].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 24 S05E08 HDTV XviD-LOL.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 24 s05e08 hr hdtv ac3 5 1 xvid-ctu avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 24 season 1 complete.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 24 TWENTY FOUR Season5 08 2pm-3pm 624x352.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 24 TWENTY FOUR Season5 Episode8 02pm03pm NOsubEn avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 - 24H S05 ép08 Repack VOstFR incrustés-Te@m HP avi[tracker heavenplace net].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 24 Season 1 Complete Divx Rkl.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e07 1pm 2pm Videoseed Com Ipod.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e07 Hdtv Ipod Format.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e07 Hdtv Xvid Lol Avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e07 Hdtv Xvid Lol.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e07 Hdtv Xvid Xor Tensiontorrent Com Rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e07 Hr Hdtv Ac3 5 1 Xvid Dimension Eztv Rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e07 Hr Hdtv Ac3 5 1 Xvid Nbs Eztv Rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e08 Hdtv Xvid Lol Eztv.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e08 Hdtv Xvid Lol.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 S05e08 Hdtv Xvid Xor Tensiontorrent Com.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 Season04 Complete.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24 The Game PAL Multi 9 Ita Spa Fra Eng Deu Ces Mag Pol Ned rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\24h Saison 5 Episode 8 VOST FRENCH.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2pac-lost rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\3 - the anchoress.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\3 Blind Mice - Three Blind Mice.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\3 girl on 1 guy strap femdom avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\32 Jimi Hendrix Albums (mp3,wav) (140kbps).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\38 Sheikh Ahmed Deedat Vs Dr Robert Douglas.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\3D Models 3Ds Medical Skeletal-Anatomy.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\40 Year Old Virgin Xvid Mp3 Dvdrip Mercifulrelease.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\4th Street Traffic - Y O L O.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\50 Cent - Bullet proof Album Not for Sale.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\50 Cent-Classics Remastered-2006 [WwW LiMiTeDiVx CoM] By KELOLO zip.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\7 chili in 7 giorni ITA [TNT-Village].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\7 seconds -Dvd-rip by Marie avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\7 Virgenes [DVDRIP][Spanish][www pctorrent com].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\7 Virgenes [RatDVD][Spanish 5 1][www pctorrent com].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\7-Zip 4.32 for Windows.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\7629 Yuri Pics (Hentai).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\8 Mile [3ivx XL] Full DVD Res.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\9 Mozart Symphonies from httpwww.dr.dkP2Mozart250index.htm.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\911 - Professor James Fetzer (ST911.org) on Radioactive Radio and K-Talk on 911.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\911 Daryl Smith Radio Show Exposing the Zionist Conspiracy.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\A collection of Gamehouse Games for Windows incl Keygen.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\A E Wilder-Smith - The Seven Main Postulates Of Evolution mp3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\A E Yakitate Japan 54 F7cd2d80 Avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\A nice lecture by Dr. Bilal Philips about the Dajjal (The Anti Christ).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\A O Prince Of Tennis 161 85542b75 Avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\A Rienda Suelta DVDrip [Spanish] [emulebit com & elitetorrent net] avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\A Toute Epreuve John Woo FRENCH DVDRIP XVID ChoUeTTe.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\AA2K6GE Linux.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Abba - The Real ABBA Gold.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ABC - 2005 Beauty Stab (Remastered).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ABC From The Heart ep10of10 The South Coast MVG forum avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\About CNET Networks.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Absolute MP3 Splitter And Converter v2 3 0 WinALL Incl Keygen-BRD.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Abuelo Bochinche Vol 1-www trackertomia com zip.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Acdc Discography 19cd.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ACDC Live.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ACDSee V8.0.41 Mult-Lang[DEU,ENG,ITA] + Patch.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ACE Mega CodecS Pack 6 03 - Professional Edition.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Ace of Base Greatest Hits [Mp3 192 kbit] [1992-2000] By KELOLOS.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Acoustic Alchemy - 4 Albums.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ADDJ - Thru my headphones (mix) - 5MPG trailer.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adivina Quien Viene Esta Noche[DVDRIP][WwW LiMiTeDiVx CoM][LMD T34M GOLUM25] avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adobe Acrobat 7 0 German rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adobe Acrobat 7 0 Professional Incl Keygen Paradox.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adobe Audition V2 0 English Www Pctorrent Com.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adobe Creative Suite Premium Edition V2 0 Tda.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adobe Photoshop CS NL.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adobe Photoshop CS2 incl KeyGen.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adobe Photoshop Cs2 Iso Keygen.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adobe Premiere Pro 7 0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Advanced search.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Adventures of Superman - superman 5 minutes to doom avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Aeon Flux TC LD German XviD-PRD.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Aeon Flux Tc Xvid Prodigy 2005.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Age Of Empires Gold Edition rar.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Ahead Nero V7 0 Premium Edition.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Ahead Of The Competition 4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Ahead Of The Competition 3 7.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Ahq Dragon Ball Gt Complete.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air - Premiers Symptomes (1999) [FLAC].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Al Franken Show 021406 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Al Franken Show 021506 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Al Franken Show 021606 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Al Franken Show 021706 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Majority Report 021406 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Majority Report 021506 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Majority Report 021606 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Mark Riley Show 021506 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Mark Riley Show 021606 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Mark Riley Show 021706 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Mike Malloy Show 021406 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Mike Malloy Show 021506 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Mike Malloy Show 021606 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Rachel Maddow Show 021506 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Rachel Maddow Show 021606 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Rachel Maddow Show 021706 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Randi Rhodes Show 021406 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Randi Rhodes Show 021506 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Randi Rhodes Show 021606 [mp3].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\airmapsv5 zip.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alan Greenspan - CFR Conference 2005.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alarma en el expreso - Hitchcock 1938 (BN).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alcohol 120 1 9 3105 Latest Corporate Edition With Patch.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alex Jones 15-feb-2006 (137mins).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alex Jones Radio Show Februaray 14th 2006.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alex Wurman- March of the Penguins [WwW LiMiTeDiVx CoM] By KELOLO zip.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ali g jason divx bonne qualité.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alias 4x01 DVD DVB [WwW LiMiTeDiVx CoM] avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alice In Chains - Unplugged (EAC.LAME).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alice In Chains-Dirt-1992-h8me.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alicia Keys Complete Collection.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Alicia Keys Every Little Bit Hurts Ramvideostimka Mpg.zip[Setup.exe]

guestolo · « **Reply #3 on:** February 25, 2006, 08:06:49 PM »

Since the original poster has not returned
I won't ask you to start a new topic, but could you supply me with a Hijackthis log please
You have a different problem than the original poster

From my signature below, download and save too a permanent folder on your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

GunzOfSteel 921 · « **Reply #4 on:** April 30, 2006, 01:32:04 PM »

I am having this same problem.. I will send all of the logs and maybe you can help me... Pandas:

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.ehg-ads.hitbox.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.com.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[hc2.humanclick.com/hc/74330191]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[server.iad.liveperson.net/hc/79072604]
Spyware:Cookie/Allthatsearch Not disinfected C:\Documents and Settings\Michael\Cookies\michael@10102[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Michael\Cookies\michael@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/SearchingBooth Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adamg[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atwola[1].txt
Spyware:Cookie/SearchingBooth Not disinfected C:\Documents and Settings\Michael\Cookies\michael@aycm5[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Cookies\michael@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michael\Cookies\michael@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Michael\Cookies\michael@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael\Cookies\michael@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Michael\Cookies\michael@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Michael\Cookies\michael@fortunecity[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Michael\Cookies\michael@Kiddo[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Michael\Cookies\michael@kmpads[2].txt
Spyware:Cookie/LetitFind Not disinfected C:\Documents and Settings\Michael\Cookies\michael@LetitFind[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Michael\Cookies\michael@maxserving[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Michael\Cookies\michael@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Cookies\michael@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Michael\Cookies\michael@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Michael\Cookies\michael@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Michael\Cookies\michael@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Michael\Cookies\michael@statcounter[1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@targetsaver[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Michael\Cookies\michael@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael\Cookies\michael@tribalfusion[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Michael\Cookies\michael@wizzle[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Cookies\michael@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael\Desktop\smitRem.exe[smitRem/Process.exe]
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\5N9JHMVL\wallpap[1].exe
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Ssk.log
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.target.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[server.iad.liveperson.net/hc/22374775]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Adware:Adware/CommAd Not disinfected C:\WINDOWS\IA\KE.vbs
Adware:Adware/2Z0o Not disinfected C:\WINDOWS\lsalxqo.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\newname.dat
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\pss\rheqf.exeCommon Startup
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\ad.html
Adware:Adware/QoolAid Not disinfected C:\WINDOWS\system32\dmonwv.dll
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\system32\fwhsk.dat
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\wallpap.exe

Logfile of HijackThis v1.99.1
Scan saved at 2:17:38 PM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1134603453\ee\AOLSoftware.exe
C:\Program Files\Network\ipnetwork.exe
C:\windows\mousepad15.exe
C:\WINDOWS\win32072026-140079.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\lsalxqoA.exe
C:\WINDOWS\system32\TASKMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qjjty.exe
F2 - REG:system.ini: UserInit=userinit.exe,bepxjpv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBAEEFD6-942A-418F-A6FC-E373A98041D8} - C:\Program Files\Windows NT\horego.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134603453\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard15.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad15.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname15.exe
O4 - HKLM\

guestolo · « **Reply #5 on:** April 30, 2006, 11:40:05 PM »

Sorry for the delay GunzOfSteel 921
Can I have you repost your hijackthis log please in your own post in this forum
The bottom part of the Hijackthis log was cut off, I need to see the whole thing!

Once you posted in your own post with a new hijackthis log I'll tranfer over the Panda scan results too

This topic is now locked as the original posters have not returned

TheTechGuide Forum

News:

Author Topic: "Your computer is infected!" (Read 3095 times)

machix

"Your computer is infected!"

guestolo

"Your computer is infected!"

air23

"Your computer is infected!"

guestolo

"Your computer is infected!"

GunzOfSteel 921

"Your computer is infected!"

guestolo

"Your computer is infected!"