[Murray S.]

I was using IE...
OMG I'm running Panda now and it isnt even half done and i alrewady have 7 viruses!!!!!!!!!!

Yep and that's why we told you to go to the Malware Forum right off the bat.. But, based on your later answers and your inability to validate XP and get the SP1 update, I can see why you were so hesitant..

Murray

[Advertisements]

I did... I just don't have many things on my computer. 93% free hard drive space baby

[ktownkatman]

I did... I just don't have many things on my computer. 93% free hard drive space baby

[ktownkatman]

Here is my Panda Log:


Incident Status Location

Virus:W32/Gaobot.JQK.worm Disinfected C:\RECYCLER\S-1-5-21-1417001333-1580818891-1343024091-1003\Dc1.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP30\A0002500.exe
Virus:W32/Sdbot.BCW.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002799.exe
Virus:W32/Sdbot.BCW.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002800.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002816.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002850.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\WINDOWS\system32\cool.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts
Virus:W32/Gaobot.JQK.worm Disinfected C:\WINDOWS\system32\f.exe
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\i
Virus:W32/Sdbot.BCW.worm Disinfected C:\WINDOWS\system32\libsysmgr.exe
I'm suprised I had 11!!!

[Murray S.]

That does no good here.. that's what the Malware Forum is all about..

As for you HJT log, all browser windows MUST be closed before you run the program and HJT MUST be installed to its own folder..

Murray

[ktownkatman]

OK I'll try that.

[ktownkatman]

New HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 3:23:28 PM, on 9/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125799960991
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F37B04EE-83F4-4A24-8896-F45D6C7D25EA}: NameServer = 65.17.128.3 65.17.128.7

[Murray S.]

Run the validation assistant once more.. Let's see if what PandaScan found did any good..

Murray

[ktownkatman]

hang on. after i did panda the first time im running it again and so far it has 3.

[ktownkatman]

Have you thought that just maybe my computer doesn't like activex controlls?

[Murray S.]

No.. But it does mean you are running a pirated/illegal version of XP..

Thus, this post is closed until you get a legal version as will all other posts concerning the problems you are having with this system..

Murray