HELP!

Page 3 of 5 FirstFirst 12345 LastLast

  1. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #21

    Sure.... if it works.

    Norton/Symantec may be bundled with your Internet service
    \Bell Internet Security Services\Fws.exe
      My Computer
    Quote Quote

  3. RoxyyC
    Posts : 20
    Windows 7
    Thread Starter
       New #22

    ohhhhh, I see.
    Thanks again for the help.
      My Computer
    Quote Quote

  4. RoxyyC
    Posts : 20
    Windows 7
    Thread Starter
       New #23

    ComboFix 10-08-08.03 - Owner 09/08/2010 12:44:53.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3062.1262 [GMT -4:00]
    Running from: E:\ComboFix.exe
    AV: Norton Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    SP: Norton Security Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\INSTALL.LOG
    c:\windows\system32\system
    .
    ((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
    .
    2010-08-09 17:02 . 2010-08-09 17:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-08-09 17:02 . 2010-08-09 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-08-05 02:49 . 2010-08-05 02:49 8192 ----a-w- c:\windows\system32\opuqbe.dll
    2010-08-05 02:49 . 2010-08-05 04:21 -------- d-----w- c:\users\Owner\AppData\Roaming\65DEC236D132C3CBF0FB939CADDDD2B4
    2010-08-05 00:39 . 2010-08-05 00:39 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.24464.exe.dir\SPDFileCopier.exe
    2010-08-04 20:39 . 2010-08-04 20:39 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.26962.exe.dir\SPDFileCopier.exe
    2010-08-04 04:16 . 2010-08-04 04:16 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.29358.exe.dir\SPDFileCopier.exe
    2010-08-03 23:16 . 2010-08-03 23:16 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.11478.exe.dir\SPDFileCopier.exe
    2010-08-03 18:32 . 2010-08-03 18:32 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.15724.exe.dir\SPDFileCopier.exe
    2010-08-03 05:33 . 2010-08-03 05:33 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.19169.exe.dir\SPDFileCopier.exe
    2010-08-03 01:33 . 2010-08-03 01:33 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.26500.exe.dir\SPDFileCopier.exe
    2010-07-31 05:34 . 2010-07-31 05:34 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.6334.exe.dir\SPDFileCopier.exe
    2010-07-29 19:12 . 2010-07-29 19:12 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.18467.exe.dir\SPDFileCopier.exe
    2010-07-24 02:19 . 2010-07-24 02:19 -------- d-----w- c:\program files\iPod
    2010-07-24 02:19 . 2010-07-24 02:20 -------- d-----w- c:\program files\iTunes
    2010-07-24 02:13 . 2010-07-24 02:13 -------- d-----w- c:\program files\Bonjour
    2010-07-24 02:10 . 2010-07-24 02:10 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-09 16:31 . 2009-11-25 23:57 -------- d-----w- c:\program files\Common Files\Akamai
    2010-08-09 16:26 . 2009-11-24 02:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
    2010-08-09 15:31 . 2009-11-24 02:55 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
    2010-08-05 04:43 . 2010-01-30 18:12 -------- d-----w- c:\users\Guest\AppData\Roaming\IMVU
    2010-07-24 03:09 . 2008-11-10 04:37 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
    2010-07-24 02:19 . 2008-11-10 04:33 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-23 19:15 . 2010-02-18 22:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2010-06-28 22:37 . 2010-01-30 21:29 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
    2010-06-27 23:46 . 2010-01-30 21:41 123048 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-06-24 21:22 . 2009-10-30 01:48 123048 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-06-24 20:46 . 2010-06-24 20:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-06-24 20:44 . 2010-06-24 20:44 -------- d-----w- c:\programdata\ALM
    2010-06-24 20:43 . 2008-02-12 00:09 -------- d-----w- c:\program files\Common Files\Adobe
    2010-06-22 16:51 . 2010-06-22 16:51 -------- d-----w- c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
    2010-06-15 18:50 . 2010-02-11 03:36 -------- d-----w- c:\programdata\Radialpoint
    2010-05-28 21:11 . 2010-05-28 21:11 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
    2010-05-21 18:14 . 2009-10-02 19:41 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-08-21 13:41 . 2009-05-17 02:32 1025326880 --sha-w- c:\windows\System32\drivers\fidbox(3629).dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Va ultIcon1]
    @="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
    [HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
    2010-01-17 23:08 503808 ----a-w- c:\program files\Personal Vault Backup Manager\VaultClientMenu.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
    "Update Manager"="c:\program files\Rogers\Update Manager\UpdateManager.exe" [2006-01-06 131072]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-04-03 2356088]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-29 1833504]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 663552]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-08-14 417792]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 150552]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
    "BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
    "BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2010-01-19 1565696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-23 202256]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
    @="Service"
    R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-08-31 20352]
    R2 gupdate1ca06e8bd91aaa0;Google Update Service (gupdate1ca06e8bd91aaa0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
    R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
    S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
    S2 Radialpoint Security Services;Bell Internet Security Services;c:\program files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe [2010-04-09 166944]
    S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
    S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
    S2 VaultClientSRV;Personal Vault Backup Manager Service;c:\program files\Personal Vault Backup Manager\VaultClientSRV.exe [2010-01-17 1051728]
    S2 VaultClientUpgrade;Personal Vault Backup Manager Upgrade Service;c:\program files\Personal Vault Backup Manager\VaultClientUpgrade.exe [2010-01-17 56400]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
    S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
    S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
    S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 21208]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-05 171520]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - 8030872F
    *Deregistered* - 8030872f
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    bdx REG_MULTI_SZ scan sysagent
    .
    Contents of the 'Scheduled Tasks' folder
    2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 14:10]
    2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 14:10]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.shoptoshiba.ca/welcome
    uInternet Settings,ProxyOverride = *.local
    LSP: c:\windows\system32\opuqbe.dll
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sb91m7ao.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sb91m7ao.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
    FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    .
    - - - - ORPHANS REMOVED - - - -
    AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel

    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000001
    "MSCurrentCountry"=dword:00000020
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-08-09 13:10:01
    ComboFix-quarantined-files.txt 2010-08-09 17:10
    Pre-Run: 71,377,874,944 bytes free
    Post-Run: 71,443,492,864 bytes free
    - - End Of File - - C23254101B6F688FEE279856F93E7D7E
      My Computer
    Quote Quote

  6. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #24

    You have a couple of files that I'd like you to upload to Virus total VirusTotal - Free Online Virus and Malware Scan

    Scan each one individually and save to results to copy and past back here.

    c:\windows\system32\opuqbe.dll
    c:\users\Owner\AppData\Roaming\65DEC236D132C3CBF0FB939CADDDD2B4

    You may have to unhide 'hidden files and folders' to find/see them
    From the control panel, click on 'Folder Options" > View tab > check 'show hidden files', uncheck 'hide extentions'.
    Attached Thumbnails Attached Thumbnails HELP!-hidden-files-folders.jpg  
      My Computer
    Quote Quote

  7. RoxyyC
    Posts : 20
    Windows 7
    Thread Starter
       New #25

    Opuqbe.dll it says:
    File has already been analysed:


    MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071
    MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5: b3efb184d5762dabce4c0ac7b6e188bf
    first recieved: 2010.07.23 13:18:23 UTC
    Date: 2010.08.06 14:14:31 UTC [>3D]
    Results: 4/42
    permalink: analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071

    then I reanalysed it and got:

    Antivirus Version Last Update Result

    AhnLab-V32010.08.10.002010.08.09-
    AntiVir8.2.4.342010.08.09-
    Antiy-AVL2.0.3.72010.08.09-
    Authentium5.2.0.52010.08.09-
    Avast4.8.1351.02010.08.09-
    Avast55.0.332.02010.08.09-
    AVG9.0.0.8512010.08.09-
    BitDefender7.22010.08.09-
    CAT-QuickHeal11.002010.08.09-
    ClamAV0.96.0.3-git2010.08.09-
    Comodo56982010.08.09-
    DrWeb5.0.2.033002010.08.09Trojan.Click1.25301
    Emsisoft5.0.0.362010.08.09-
    eSafe7.0.17.02010.08.09-
    eTrust-Vet36.1.77782010.08.09-
    F-Prot4.6.1.1072010.08.09-
    F-Secure9.0.15370.02010.08.09-
    Fortinet4.1.143.02010.08.09-
    GData212010.08.09-
    IkarusT3.1.1.87.02010.08.09-
    Jiangmin13.0.9002010.08.07-
    McAfee5.400.0.11582010.08.09Artemis!B3EFB184D576
    McAfee-GW-Edition2010.12010.08.09Artemis!B3EFB184D576
    Microsoft1.60042010.08.09-NOD3253532010.08.09-Norman6.05.112010.08.09-nProtect2010-08-09.022010.08.09-Panda10.0.2.72010.08.09-PCTools7.0.3.52010.08.09-Prevx3.02010.08.09High Risk Cloaked Malware
    Rising22.60.00.042010.08.09-
    Sophos4.56.02010.08.09Troj/Agent-OFJ
    Sunbelt67052010.08.09Trojan.Win32.Browser-Winsock.Hijacker
    SUPERAntiSpyware4.40.0.10062010.08.09-Symantec20101.1.1.72010.08.09-TheHacker6.5.2.1.3392010.08.09-TrendMicro9.120.0.10042010.08.09-TrendMicro-HouseCall9.120.0.10042010.08.09-VBA323.12.12.82010.08.04-ViRobot2010.8.9.39782010.08.09-VirusBuster5.0.27.02010.08.09-

    Additional information

    File size: 8192 bytesMD5...: b3efb184d5762dabce4c0ac7b6e188bf
    SHA1..: e6dc04c8c5a4965e093b9a96c219b998bb86e9b1
    SHA256: 7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a
    ssdeep: 192:/wjHWy8YkntA5huI/2NLEFYjf+8AFup3e:4L7/kGXuI/aL5pu<BR>PEiD..: -PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1410<BR>timedatestamp.....: 0x4c46f543 (Wed Jul 21 13:25:23 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x12b2 0x1400 6.07 cb94cf75c209beb01a273ed5c7516c86<BR>.rdata 0x3000 0x2fd 0x400 3.88 0b75dd81c6aa12ea35fb354c4887ef81<BR>.data 0x4000 0x78 0x200 0.31 f0f4f53dfd61aa2546d9fbcee5627038<BR>.reloc 0x5000 0x130 0x200 2.93 a77c08f6b71b7d67beede025f13d8027<BR><BR>( 2 imports ) <BR>&gt; WS2_32.dll: WSCEnumProtocols, getnameinfo, -, -, WSCGetProviderPath<BR>&gt; KERNEL32.dll: LoadLibraryW, ExpandEnvironmentStringsA, LoadLibraryA, LeaveCriticalSection, EnterCriticalSection, FindAtomA, DeleteCriticalSection, FreeLibrary, InitializeCriticalSection, WideCharToMultiByte, HeapAlloc, ExpandEnvironmentStringsW, HeapFree, GetProcAddress, GetLastError, HeapCreate<BR><BR>( 2 exports ) <BR>GetLspGuid, WSPStartup<BR>RDS...: NSRL Reference Data Set<BR>-pdfid.: -sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_res...3-0550-99&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=735DB25700952011205C0036C52BF8009271D5EB' target='_blank'&gt;http://info.prevx.com/aboutprogramte...D5EB&lt;/a&gt;
      My Computer
    Quote Quote

  8. RoxyyC
    Posts : 20
    Windows 7
    Thread Starter
       New #26

    The Other file is an empty folder, so I cant scan it.
      My Computer
    Quote Quote

  10. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #27

    Are you able to get online? Let's do this ...

    Open a command prompt, right click and run as Administrator. Type
    netsh winsock reset

    Reboot and it should be fixed.

    Next, download DrWeb Curit! and run a complete scan.
    http://www.freedrweb.com/cureit/
      My Computer
    Quote Quote

  11. RoxyyC
    Posts : 20
    Windows 7
    Thread Starter
       New #28

    Thank you soooooo much!! This means sooo much to me.
    I've been trying find out what was wrong for 2 days!!
    Your help is very appreciated, everyone!
    I was able to access the net and download DrWeb Cureit!
    and my laptop is being scanned (complete scan).

    Thanks a lot!!
      My Computer
    Quote Quote

  12. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #29

    Please, if you can save the log, post it! Also let me know How your compter is running.
      My Computer
    Quote Quote

  13. Corrine
    Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       New #30

    Hi, RoxyyC.

    In addition to the Dr. Web Cureit log, there is vulnerable software on your computer that needs to be dealt with.
      My Computer
    Quote Quote

 
Page 3 of 5 FirstFirst 12345 LastLast

Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 20:17.
Find Us