Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: HELP!

09 Aug 2010   #21
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Sure.... if it works.

Norton/Symantec may be bundled with your Internet service
\Bell Internet Security Services\Fws.exe


My System SpecsSystem Spec
.
09 Aug 2010   #22
RoxyyC

Windows 7
 
 

ohhhhh, I see.
Thanks again for the help.
My System SpecsSystem Spec
09 Aug 2010   #23
RoxyyC

Windows 7
 
 

ComboFix 10-08-08.03 - Owner 09/08/2010 12:44:53.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3062.1262 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: Norton Security Online *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Security Online *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\system32\system
.
((((((((((((((((((((((((( Files Created from 2010-07-09 to 2010-08-09 )))))))))))))))))))))))))))))))
.
2010-08-09 17:02 . 2010-08-09 17:02 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-08-09 17:02 . 2010-08-09 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-05 02:49 . 2010-08-05 02:49 8192 ----a-w- c:\windows\system32\opuqbe.dll
2010-08-05 02:49 . 2010-08-05 04:21 -------- d-----w- c:\users\Owner\AppData\Roaming\65DEC236D132C3CBF0FB939CADDDD2B4
2010-08-05 00:39 . 2010-08-05 00:39 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.24464.exe.dir\SPDFileCopier.exe
2010-08-04 20:39 . 2010-08-04 20:39 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.26962.exe.dir\SPDFileCopier.exe
2010-08-04 04:16 . 2010-08-04 04:16 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.29358.exe.dir\SPDFileCopier.exe
2010-08-03 23:16 . 2010-08-03 23:16 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.11478.exe.dir\SPDFileCopier.exe
2010-08-03 18:32 . 2010-08-03 18:32 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.15724.exe.dir\SPDFileCopier.exe
2010-08-03 05:33 . 2010-08-03 05:33 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.19169.exe.dir\SPDFileCopier.exe
2010-08-03 01:33 . 2010-08-03 01:33 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.26500.exe.dir\SPDFileCopier.exe
2010-07-31 05:34 . 2010-07-31 05:34 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.6334.exe.dir\SPDFileCopier.exe
2010-07-29 19:12 . 2010-07-29 19:12 156912 ----a-w- c:\users\Guest\AppData\Roaming\Bell\Internet Service Advisor\downloads\SPDFileCopier.18467.exe.dir\SPDFileCopier.exe
2010-07-24 02:19 . 2010-07-24 02:19 -------- d-----w- c:\program files\iPod
2010-07-24 02:19 . 2010-07-24 02:20 -------- d-----w- c:\program files\iTunes
2010-07-24 02:13 . 2010-07-24 02:13 -------- d-----w- c:\program files\Bonjour
2010-07-24 02:10 . 2010-07-24 02:10 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-09 16:31 . 2009-11-25 23:57 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-09 16:26 . 2009-11-24 02:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2010-08-09 15:31 . 2009-11-24 02:55 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2010-08-05 04:43 . 2010-01-30 18:12 -------- d-----w- c:\users\Guest\AppData\Roaming\IMVU
2010-07-24 03:09 . 2008-11-10 04:37 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2010-07-24 02:19 . 2008-11-10 04:33 -------- d-----w- c:\program files\Common Files\Apple
2010-07-23 19:15 . 2010-02-18 22:57 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-28 22:37 . 2010-01-30 21:29 -------- d-----w- c:\users\Guest\AppData\Roaming\Apple Computer
2010-06-27 23:46 . 2010-01-30 21:41 123048 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-24 21:22 . 2009-10-30 01:48 123048 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-24 20:46 . 2010-06-24 20:46 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-06-24 20:44 . 2010-06-24 20:44 -------- d-----w- c:\programdata\ALM
2010-06-24 20:43 . 2008-02-12 00:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-22 16:51 . 2010-06-22 16:51 -------- d-----w- c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-15 18:50 . 2010-02-11 03:36 -------- d-----w- c:\programdata\Radialpoint
2010-05-28 21:11 . 2010-05-28 21:11 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-05-21 18:14 . 2009-10-02 19:41 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-08-21 13:41 . 2009-05-17 02:32 1025326880 --sha-w- c:\windows\System32\drivers\fidbox(3629).dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Va ultIcon1]
@="{B976888E-DC7B-456C-A62F-44EA07ED231F}"
[HKEY_CLASSES_ROOT\CLSID\{B976888E-DC7B-456C-A62F-44EA07ED231F}]
2010-01-17 23:08 503808 ----a-w- c:\program files\Personal Vault Backup Manager\VaultClientMenu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"Update Manager"="c:\program files\Rogers\Update Manager\UpdateManager.exe" [2006-01-06 131072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-04-03 2356088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-29 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 663552]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-08-14 417792]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-25 148888]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-21 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-21 150552]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"BISA.exe"="c:\program files\Bell\Internet Service Advisor\BISA.exe" [2010-01-13 4281584]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2010-01-19 1565696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-23 202256]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-08-31 20352]
R2 gupdate1ca06e8bd91aaa0;Google Update Service (gupdate1ca06e8bd91aaa0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1343400]
S0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2009-11-02 25608]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 Radialpoint Security Services;Bell Internet Security Services;c:\program files\Bell\Bell Internet Security Services\RpsSecurityAwareR.exe [2010-04-09 166944]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2010-01-13 689392]
S2 VaultClientSRV;Personal Vault Backup Manager Service;c:\program files\Personal Vault Backup Manager\VaultClientSRV.exe [2010-01-17 1051728]
S2 VaultClientUpgrade;Personal Vault Backup Manager Upgrade Service;c:\program files\Personal Vault Backup Manager\VaultClientUpgrade.exe [2010-01-17 56400]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Bell\Bell Internet Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 21208]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-05 171520]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

--- Other Services/Drivers In Memory ---
*NewlyCreated* - 8030872F
*Deregistered* - 8030872f
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 14:10]
2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 14:10]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.shoptoshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\opuqbe.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sb91m7ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\sb91m7ao.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Bell\Internet Service Advisor\nprpspa.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel

.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:00000020
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-08-09 13:10:01
ComboFix-quarantined-files.txt 2010-08-09 17:10
Pre-Run: 71,377,874,944 bytes free
Post-Run: 71,443,492,864 bytes free
- - End Of File - - C23254101B6F688FEE279856F93E7D7E
My System SpecsSystem Spec
.

09 Aug 2010   #24
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You have a couple of files that I'd like you to upload to Virus total VirusTotal - Free Online Virus and Malware Scan

Scan each one individually and save to results to copy and past back here.

c:\windows\system32\opuqbe.dll
c:\users\Owner\AppData\Roaming\65DEC236D132C3CBF0FB939CADDDD2B4


You may have to unhide 'hidden files and folders' to find/see them
From the control panel, click on 'Folder Options" > View tab > check 'show hidden files', uncheck 'hide extentions'.


Attached Images
HELP!-hidden-files-folders.jpg 
My System SpecsSystem Spec
09 Aug 2010   #25
RoxyyC

Windows 7
 
 

Opuqbe.dll it says:
File has already been analysed:


MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071
MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5:b3efb184d5762dabce4c0ac7b6e188bfFirst received:2010.07.23 13:18:23 UTCDate:2010.08.06 14:14:31 UTC [>3D]Results:4/42Permalink:analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071MD5: b3efb184d5762dabce4c0ac7b6e188bf
first recieved: 2010.07.23 13:18:23 UTC
Date: 2010.08.06 14:14:31 UTC [>3D]
Results: 4/42
permalink: analisis/7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a-1281104071

then I reanalysed it and got:

Antivirus Version Last Update Result

AhnLab-V32010.08.10.002010.08.09-
AntiVir8.2.4.342010.08.09-
Antiy-AVL2.0.3.72010.08.09-
Authentium5.2.0.52010.08.09-
Avast4.8.1351.02010.08.09-
Avast55.0.332.02010.08.09-
AVG9.0.0.8512010.08.09-
BitDefender7.22010.08.09-
CAT-QuickHeal11.002010.08.09-
ClamAV0.96.0.3-git2010.08.09-
Comodo56982010.08.09-
DrWeb5.0.2.033002010.08.09Trojan.Click1.25301
Emsisoft5.0.0.362010.08.09-
eSafe7.0.17.02010.08.09-
eTrust-Vet36.1.77782010.08.09-
F-Prot4.6.1.1072010.08.09-
F-Secure9.0.15370.02010.08.09-
Fortinet4.1.143.02010.08.09-
GData212010.08.09-
IkarusT3.1.1.87.02010.08.09-
Jiangmin13.0.9002010.08.07-
McAfee5.400.0.11582010.08.09Artemis!B3EFB184D576
McAfee-GW-Edition2010.12010.08.09Artemis!B3EFB184D576
Microsoft1.60042010.08.09-NOD3253532010.08.09-Norman6.05.112010.08.09-nProtect2010-08-09.022010.08.09-Panda10.0.2.72010.08.09-PCTools7.0.3.52010.08.09-Prevx3.02010.08.09High Risk Cloaked Malware
Rising22.60.00.042010.08.09-
Sophos4.56.02010.08.09Troj/Agent-OFJ
Sunbelt67052010.08.09Trojan.Win32.Browser-Winsock.Hijacker
SUPERAntiSpyware4.40.0.10062010.08.09-Symantec20101.1.1.72010.08.09-TheHacker6.5.2.1.3392010.08.09-TrendMicro9.120.0.10042010.08.09-TrendMicro-HouseCall9.120.0.10042010.08.09-VBA323.12.12.82010.08.04-ViRobot2010.8.9.39782010.08.09-VirusBuster5.0.27.02010.08.09-

Additional information

File size: 8192 bytesMD5...: b3efb184d5762dabce4c0ac7b6e188bf
SHA1..: e6dc04c8c5a4965e093b9a96c219b998bb86e9b1
SHA256: 7d40af468b30ae2426063d3590ba215e8d10d3a12095fb5af9ba3dd884c5787a
ssdeep: 192:/wjHWy8YkntA5huI/2NLEFYjf+8AFup3e:4L7/kGXuI/aL5pu<BR>PEiD..: -PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1410<BR>timedatestamp.....: 0x4c46f543 (Wed Jul 21 13:25:23 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x12b2 0x1400 6.07 cb94cf75c209beb01a273ed5c7516c86<BR>.rdata 0x3000 0x2fd 0x400 3.88 0b75dd81c6aa12ea35fb354c4887ef81<BR>.data 0x4000 0x78 0x200 0.31 f0f4f53dfd61aa2546d9fbcee5627038<BR>.reloc 0x5000 0x130 0x200 2.93 a77c08f6b71b7d67beede025f13d8027<BR><BR>( 2 imports ) <BR>&gt; WS2_32.dll: WSCEnumProtocols, getnameinfo, -, -, WSCGetProviderPath<BR>&gt; KERNEL32.dll: LoadLibraryW, ExpandEnvironmentStringsA, LoadLibraryA, LeaveCriticalSection, EnterCriticalSection, FindAtomA, DeleteCriticalSection, FreeLibrary, InitializeCriticalSection, WideCharToMultiByte, HeapAlloc, ExpandEnvironmentStringsW, HeapFree, GetProcAddress, GetLastError, HeapCreate<BR><BR>( 2 exports ) <BR>GetLspGuid, WSPStartup<BR>RDS...: NSRL Reference Data Set<BR>-pdfid.: -sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_res...3-0550-99&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=735DB25700952011205C0036C52BF8009271D5EB' target='_blank'&gt;http://info.prevx.com/aboutprogramte...D5EB&lt;/a&gt;
My System SpecsSystem Spec
09 Aug 2010   #26
RoxyyC

Windows 7
 
 

The Other file is an empty folder, so I cant scan it.
My System SpecsSystem Spec
09 Aug 2010   #27
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Are you able to get online? Let's do this ...

Open a command prompt, right click and run as Administrator. Type
netsh winsock reset

Reboot and it should be fixed.

Next, download DrWeb Curit! and run a complete scan.
http://www.freedrweb.com/cureit/
My System SpecsSystem Spec
09 Aug 2010   #28
RoxyyC

Windows 7
 
 

Thank you soooooo much!! This means sooo much to me.
I've been trying find out what was wrong for 2 days!!
Your help is very appreciated, everyone!
I was able to access the net and download DrWeb Cureit!
and my laptop is being scanned (complete scan).

Thanks a lot!!
My System SpecsSystem Spec
09 Aug 2010   #29
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please, if you can save the log, post it! Also let me know How your compter is running.
My System SpecsSystem Spec
09 Aug 2010   #30
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Hi, RoxyyC.

In addition to the Dr. Web Cureit log, there is vulnerable software on your computer that needs to be dealt with.
My System SpecsSystem Spec
Reply

 HELP!




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:32.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App