Jump to content

stormystar

Members
  • Content Count

    36
  • Joined

  • Last visited

About stormystar

  • Rank
    Member
  1. Thankyou very much. I really appreciate all your help.
  2. Seems to be fine now, no probs from Dr Watson again at the moment. Did the system restore thing.
  3. Hi Yes my settings are on medium. Ran the pc pitstop scan, ran fine and discovered no viruses.
  4. Sadly I think, despite our best efforts, panda does not like my computer! I tried again but nothing. I clicked on the yellow triangle that said "error on page" and this is what it said: Line 517 Char 2 Object doesnt support this property or method Thats probably no help though.
  5. Thanks, I will try that and post back later. I have a quick question, I use word a lot as I'm studying and I've found that now when I save a word document in my docs, theres also a faded out version in there too and some temp files? For instance I'm writing an essay and that is saved but theres also these files: ~$sessay.doc ~WRL1422.tmp, etc etc Looking at them it seems that its the different times I've saved while writing it. Will they disappear, is it because I have chosen to view all folders/files etc? Just curious!
  6. I hear what your saying about winmx and BitTornado. I know I shouldnt have them on my comp. I actually got the infection though from doing something stupid that I shant be doing again. I couldnt tell you this. That programme came already loaded on the system, I actually dont even know what it does! Still couldnt get Panda to work I'm afraid.
  7. Logfile of HijackThis v1.99.1 Scan saved at 11:06:15, on 16/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Lexmark 2400 Series\lxcrmon.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\lxcrcoms.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\Mozilla Firefox\firefox.exe c:\windows\system\hpsysdrv.exe C:\Documents and Settings\HP_Administrator\My Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected] O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  8. "HP_Administrator" - 07-03-16 11:03:20 Service Pack 2 ComboFix 07-03-09.3 - Running from: "C:\Documents and Settings\HP_Administrator\My Documents\cleaning" ((((((((((((((((((((((((((((((( Files Created from 2007-02-16 to 2007-03-16 )))))))))))))))))))))))))))))))))) 2007-03-16 10:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinRAR 2007-03-16 10:47 <DIR> d-------- C:\avenger 2007-03-15 14:15 <DIR> d-------- C:\Program Files\GameHouse 2007-03-15 11:32 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-03-14 15:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-03-11 19:07 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-03-11 17:59 4,444 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-11 12:33 <DIR> d-------- C:\NoLopBackups 2007-03-09 13:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-03-09 13:35 <DIR> d-------- C:\ERDNT 2007-03-09 11:57 299,520 --a------ C:\WINDOWS\uninst.exe 2007-03-08 16:19 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-03-08 16:19 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Help 2007-03-08 13:09 8,704 --a------ C:\WINDOWS\system32\sporder.dll 2007-03-07 10:44 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Contacts 2007-03-06 23:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-03-06 23:35 <DIR> d-------- C:\Program Files\MSN Messenger 2007-03-01 16:00 <DIR> dr-h----- C:\$VAULT$.AVG 2007-02-23 16:45 49,088 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-02-23 12:03 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-02-23 12:03 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-02-23 12:03 <DIR> d-------- C:\Program Files\Electronic Arts 2007-02-23 12:02 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-02-20 02:22 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-03-16 10:55 -------- d-------- C:\Program Files\lx_cats 2007-03-16 09:28 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\avg7 2007-03-15 21:51 13830 --a------ C:\DOCUME~1\HP_ADM~1\APPLIC~1\wklnhst.dat 2007-03-07 13:54 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\adobeum 2007-03-07 10:44 -------- d---s---- C:\DOCUME~1\HP_ADM~1\APPLIC~1\microsoft 2007-02-26 00:01 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2007-02-26 00:01 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-02-26 00:01 19392 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-02-23 15:20 -------- d-------- C:\Program Files\java 2007-02-08 17:38 -------- d-------- C:\Program Files\msbuild 2007-02-08 17:33 -------- d-------- C:\Program Files\reference assemblies 2007-02-08 17:29 -------- d-------- C:\Program Files\windows media connect 2 2007-02-08 12:48 -------- d-------- C:\Program Files\abbyy finereader 6.0 sprint 2007-02-08 12:41 12248169 --------- C:\AVG7QT.DAT 2007-02-08 12:39 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2007-02-08 12:39 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-02-08 12:39 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys 2007-02-07 17:22 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-02-07 17:21 -------- d-------- C:\Program Files\symantec 2007-02-01 16:08 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\solsuite 2007-01-28 17:55 -------- d-------- C:\Program Files\combined community codec pack 2007-01-25 21:35 -------- d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\.bittornado 2007-01-25 21:33 -------- d-------- C:\Program Files\bittornado 2007-01-25 14:10 -------- d-------- C:\Program Files\winmx 2007-01-25 14:06 -------- d-------- C:\Program Files\mxpie patch 2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-05 20:50 1177 --a------ C:\WINDOWS\mozver.dat 2007-01-05 20:17 0 --a--c--- C:\WINDOWS\nsreg.dat 2007-01-04 22:39 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode" "RTHDCPL"="RTHDCPL.EXE" "IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet /keeploaded /nodetect" "DMAScheduler"="\"c:\\Program Files\\HP DigitalMedia Archive\\DMAScheduler.exe\"" "Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run" "Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\"" "HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\ 48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\ 75,53,63,68,64,32,2e,65,78,65,00 "LXCRCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCRtime.dll,[email protected]" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" "PCDrProfiler"="" "lxcrmon.exe"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\"" "FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s" "EzPrint"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-16 11:04:11 C:\ComboFix2.txt ... 07-03-14 15:48 C:\ComboFix3.txt ... 07-03-11 21:12
  9. SDFix: Version 1.72 Run by Administrator - 16/03/2007 / 10:51:00.18 Microsoft Windows XP [Version 5.1.2600] Running From: C:\Documents and Settings\Administrator\Desktop\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a8980fd7ec4cd0881ec918c0df651d12\download\BITB.tmp Finished
  10. Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\arerksbn ******************* Script file located at: \??\C:\WINDOWS\system32\xgjajejm.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\fdgsdfdsgrgsd.exe deleted successfully. File C:\Windows\xpupdate.exe not found! Deletion of file C:\Windows\xpupdate.exe failed! Could not process line: C:\Windows\xpupdate.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.
  11. This may be nothing, but just now my computer said that windows explorer had to close, then everything froze. I rebooted a couple of times but the screen just kept coming up black. So I unplugged everything for 10 minutes and now its ok again, but it reminded me that it also happened a couple of days ago. I cant be sure as it was gone too quickly but I think there was a message about something called Dr Watson before it froze.
  12. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, March 15, 2007 12:58:38 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 15/03/2007 Kaspersky Anti-Virus database records: 282044 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 79278 Number of viruses found: 7 Number of infected objects: 30 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:52:14 Infected Object Name / Virus Name / Last Action C:\avenger\backup.zip/avenger/backup.old/avenger/cmdupdlms.exe Infected: Trojan-Proxy.Win32.Slaper.r skipped C:\avenger\backup.zip/avenger/backup.old/avenger/drvjdocm.exe Infected: Backdoor.Win32.SdBot.bfn skipped C:\avenger\backup.zip/avenger/backup.old Infected: Backdoor.Win32.SdBot.bfn skipped C:\avenger\backup.zip/avenger/gdmvstat.exe Infected: Trojan-Proxy.Win32.Slaper.p skipped C:\avenger\backup.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-03-15_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\cert8.db Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\formhistory.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\history.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\key3.db Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\parent.lock Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\search.sqlite Object is locked skipped C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6mnzk2qp.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012007031520070316\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\HP_Administrator\My Documents\cleaning\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped C:\Documents and Settings\HP_Administrator\My Documents\cleaning\clean.zip/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped C:\Documents and Settings\HP_Administrator\My Documents\cleaning\clean.zip ZIP: infected - 1 skipped C:\Documents and Settings\HP_Administrator\My Documents\cleaning\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\HP_Administrator\My Documents\cleaning\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\HP_Administrator\My Documents\cleaning\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\HP_Administrator\My Documents\cleaning\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\HP_Administrator\My Documents\cleaning\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\HP_Administrator\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP44\A0010296.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP44\A0010332.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP45\A0011307.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP45\A0011308.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP45\A0011309.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP50\A0012569.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP50\A0012570.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP50\A0012576.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP50\A0012580.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP50\A0012582.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP50\A0012584.exe/run.exe Infected: Trojan-Downloader.Win32.Agent.bil skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP50\A0012584.exe ZIP: infected - 1 skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP50\A0012591.dll Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP50\A0012599.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP54\A0012738.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012814.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012815.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012818.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012819.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012822.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012831.dll Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012864.exe Infected: Trojan-Proxy.Win32.Slaper.r skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012881.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012883.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012884.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012939.exe Infected: Trojan-Proxy.Win32.Slaper.r skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012940.exe Infected: Backdoor.Win32.SdBot.bfn skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012942.dll Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP55\A0012986.exe Object is locked skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP56\A0013093.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP56\A0013093.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP56\A0013093.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP56\A0013093.exe PE_Patch.UPX: infected - 2 skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP61\A0014507.exe Infected: Trojan-Proxy.Win32.Slaper.r skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP61\A0014508.exe Infected: Backdoor.Win32.SdBot.bfn skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP61\A0014535.old/avenger/cmdupdlms.exe Infected: Trojan-Proxy.Win32.Slaper.r skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP61\A0014535.old/avenger/drvjdocm.exe Infected: Backdoor.Win32.SdBot.bfn skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP61\A0014535.old ZIP: infected - 2 skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP61\A0014537.exe Infected: Trojan-Proxy.Win32.Slaper.p skipped C:\System Volume Information\_restore{F7149EC7-4FA5-4148-81FA-2F7A6348FD9A}\RP62\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\fdgsdfdsgrgsd.exe Infected: Trojan-Proxy.Win32.Slaper.r skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{7FBF9B3C-8C3A-47FC-89CA-3817B59EEFD7}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  13. I'm in the process of running the Kaspersky scanner and my AVG AV has been flashing up, virus found, in the following : C:\System Volume Information\_restore{F7149EC7-4FAS-4148-81FA-2F7A638FD9A}\ and then \RP44\A0010332.exe (and different numbers such as RP50 and RP55 etc for subsequent found viruses) Downloader.obfuskated Trojan Horse Tibs Trojan Horse Agent.AEE Trojan Horse Proxy.LDN I let it heal the ones it could and moved the others to the virus vault.
  14. STATUS: FINISHEDComplete scanning result of "fdgsdfdsgrgsd.exe", received in VirusTotal at 03.15.2007, 12:09:25 (CET). Antivirus Version Update Result AhnLab-V3 2007.3.15.0 03.15.2007 no virus found AntiVir 7.3.1.43 03.15.2007 TR/Crypt.PCMM.Gen Authentium 4.93.8 03.14.2007 no virus found Avast 4.7.936.0 03.14.2007 no virus found AVG 7.5.0.447 03.14.2007 no virus found BitDefender 7.2 03.15.2007 no virus found CAT-QuickHeal 9.00 03.14.2007 (Suspicious) - DNAScan ClamAV 0.90.1 03.15.2007 no virus found DrWeb 4.33 03.15.2007 BackDoor.Mailbot eSafe 7.0.14.0 03.14.2007 Suspicious Trojan/Worm eTrust-Vet 30.6.3480 03.15.2007 no virus found Ewido 4.0 03.14.2007 no virus found FileAdvisor 1 03.15.2007 no virus found Fortinet 2.85.0.0 03.15.2007 W32/Mailbot.CB!tr F-Prot 4.3.1.45 03.14.2007 no virus found F-Secure 6.70.13030.0 03.15.2007 Trojan-Proxy.Win32.Slaper.r Ikarus T3.1.1.3 03.15.2007 no virus found Kaspersky 4.0.2.24 03.15.2007 Trojan-Proxy.Win32.Slaper.r McAfee 4984 03.14.2007 no virus found Microsoft 1.2306 03.15.2007 no virus found NOD32v2 2116 03.14.2007 no virus found Norman 5.80.02 03.14.2007 no virus found Panda 9.0.0.4 03.15.2007 Trj/Mailbot.BY Prevx1 V2 03.15.2007 Covert.Sys.Exec Sophos 4.15.0 03.13.2007 Mal/Packer Sunbelt 2.2.907.0 03.15.2007 VIPRE.Suspicious Symantec 10 03.15.2007 no virus found TheHacker 6.1.6.076 03.15.2007 no virus found UNA 1.83 03.14.2007 no virus found VBA32 3.11.2 03.14.2007 suspected of Trojan-PSW.Pinch.5 (paranoid heuristics) VirusBuster 4.3.7:9 03.15.2007 no virus found Aditional Information File size: 74267 bytes MD5: 76b0d29e3095a6e478bf7db478a7b3b6 SHA1: 5bad0f9b371436d2cf990394a47179d980aad4f2 packers: NSPack Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=8cdd78462719 Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
  15. Tried both those things and still couldnt get Panda to work for some reason. My computer does seem to be running well again now. Everything appears to be restored to what it should be.
×
×
  • Create New...