Infected with trojan horse SHeur3.XCC
- Thread starter loophole5
- Start date
DDS (Ver_10-03-17.01) - NTFSx86
Run by Niklas at 14:16:46,20 on 2010-05-26
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2037.425 [GMT 2:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Niklas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIN779U0\dds[1].scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://forums.superiorpics.com/ubbthreads/ubbthreads.php
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - c:\program files\adblock pro\AdblockPro.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\TOSCDSPD.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [TPwrMain] "%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
mRun: [HSON] "%ProgramFiles%\TOSHIBA\TBS\HSON.exe"
mRun: [SmoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [SVPWUTIL] "c:\program files\toshiba\utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [NDSTray.exe] NDSTray.exe
mRun: [NvSvc] "RUNDLL32.EXE" c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?SW
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\adblock pro\AdblockPro.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-30 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-30 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-30 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-30 242896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
=============== Created Last 30 ================
2010-05-26 04:15:14 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 20:05:33 0 d-----w- C:\_OTM
2010-05-24 20:34:18 0 d-sh--w- C:\$RECYCLE.BIN
2010-05-24 20:20:54 98816 ----a-w- c:\windows\sed.exe
2010-05-24 20:20:54 77312 ----a-w- c:\windows\MBR.exe
2010-05-24 20:20:54 256512 ----a-w- c:\windows\PEV.exe
2010-05-24 20:20:54 161792 ----a-w- c:\windows\SWREG.exe
2010-05-24 20:17:55 0 d-----w- C:\ComboFix
2010-05-24 20:11:51 0 d-----w- c:\users\niklas\appdata\roaming\AVG9
2010-05-22 21:40:23 0 d-----w- c:\users\niklas\appdata\roaming\Malwarebytes
2010-05-22 21:39:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 21:39:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 21:39:54 0 d-----w- c:\programdata\Malwarebytes
2010-05-22 21:39:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 16:10:22 0 d-----w- c:\program files\Trend Micro
2010-05-12 13:27:38 0 d-----w- c:\program files\Vuze
2010-05-12 13:27:32 0 d-----w- c:\program files\Vuze_Remote
2010-05-12 11:47:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-28 07:59:07 293376 ----a-w- c:\windows\system32\browserchoice.exe
==================== Find3M ====================
2010-05-26 11:57:32 4258 ----a-w- c:\users\niklas\appdata\roaming\wklnhst.dat
2010-05-12 12:23:15 597836 ----a-w- c:\windows\system32\perfh01D.dat
2010-05-12 12:23:15 117416 ----a-w- c:\windows\system32\perfc01D.dat
2010-04-21 08:05:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 08:52:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-04 17:33:45 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-11-17 07:12:17 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 07:12:16 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 07:12:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 07:12:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-05-25 10:37:58 174 --sha-w- c:\program files\desktop.ini
2007-05-11 16:48:37 819183 ----a-r- c:\program files\fmXML_setup.exe
2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-02 22:26:13 80930336 --sha-w- c:\windows\system32\drivers\fidbox.dat
============= FINISH: 14:20:56,91 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-09-26 17:12:09
System Uptime: 2010-05-26 11:19:13 (3 hours ago)
Motherboard: TOSHIBA | | ISRAE
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U2E1 | 1733/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 75 GiB total, 42,233 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 73 GiB total, 72,932 GiB free.
F: is CDROM (UDF)
O: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP444: 2010-05-24 17:26:51 - testing
RP445: 2010-05-26 06:28:00 - Windows Update
==== Installed Programs ======================
Ad-Aware
Adblock Pro 2.6
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.1.0 - Svenska
Ask Toolbar
Atheros Driver Installation Program
µTorrent
AutoUpdate
AVG Free 9.0
Bluetooth Stack for Windows by Toshiba
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
CDDRV_Installer
Desktop SMS
DivX Converter
DivX Player
DivX Web Player
DVD MovieFactory for TOSHIBA
Far Cry
FM Graphics Guru 1.1
FM Modifier 2.25
fmXML version 0.2
Football Manager 2009
Football Manager 2010
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageShack Uploader 2.2.0
Intel(R) Graphics Media Accelerator Driver
Jasc Animation Shop 3
Java(TM) SE Runtime Environment 6
Junk Mail filter update
K-Lite Codec Pack 5.0.5 (Full)
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
myphotobook 3.1
NVIDIA Drivers
Pcsx2 0.9.6
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Encoder (KB954156)
SopCast 3.0.3
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Steam
Svenska Spels Poker
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Administratörslösenord
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Online Product Information
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBAs maskinvaruinstallningar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utility Common Driver
VideoAvatar
VideoLAN VLC media player 0.8.6c
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinDVD for TOSHIBA
WinPcap 4.0.2
WinRAR
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze_Remote Toolbar
==== End Of File ===========================
Run by Niklas at 14:16:46,20 on 2010-05-26
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.2037.425 [GMT 2:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Niklas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIN779U0\dds[1].scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://forums.superiorpics.com/ubbthreads/ubbthreads.php
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - c:\program files\adblock pro\AdblockPro.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\TOSCDSPD.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [TPwrMain] "%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
mRun: [HSON] "%ProgramFiles%\TOSHIBA\TBS\HSON.exe"
mRun: [SmoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [SVPWUTIL] "c:\program files\toshiba\utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [NDSTray.exe] NDSTray.exe
mRun: [NvSvc] "RUNDLL32.EXE" c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?SW
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\adblock pro\AdblockPro.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-30 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-30 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-30 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-30 242896]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
=============== Created Last 30 ================
2010-05-26 04:15:14 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 20:05:33 0 d-----w- C:\_OTM
2010-05-24 20:34:18 0 d-sh--w- C:\$RECYCLE.BIN
2010-05-24 20:20:54 98816 ----a-w- c:\windows\sed.exe
2010-05-24 20:20:54 77312 ----a-w- c:\windows\MBR.exe
2010-05-24 20:20:54 256512 ----a-w- c:\windows\PEV.exe
2010-05-24 20:20:54 161792 ----a-w- c:\windows\SWREG.exe
2010-05-24 20:17:55 0 d-----w- C:\ComboFix
2010-05-24 20:11:51 0 d-----w- c:\users\niklas\appdata\roaming\AVG9
2010-05-22 21:40:23 0 d-----w- c:\users\niklas\appdata\roaming\Malwarebytes
2010-05-22 21:39:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-22 21:39:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-22 21:39:54 0 d-----w- c:\programdata\Malwarebytes
2010-05-22 21:39:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-16 16:10:22 0 d-----w- c:\program files\Trend Micro
2010-05-12 13:27:38 0 d-----w- c:\program files\Vuze
2010-05-12 13:27:32 0 d-----w- c:\program files\Vuze_Remote
2010-05-12 11:47:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-28 07:59:07 293376 ----a-w- c:\windows\system32\browserchoice.exe
==================== Find3M ====================
2010-05-26 11:57:32 4258 ----a-w- c:\users\niklas\appdata\roaming\wklnhst.dat
2010-05-12 12:23:15 597836 ----a-w- c:\windows\system32\perfh01D.dat
2010-05-12 12:23:15 117416 ----a-w- c:\windows\system32\perfc01D.dat
2010-04-21 08:05:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-17 08:52:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-04 17:33:45 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-11-17 07:12:17 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 07:12:16 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 07:12:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 07:12:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2008-05-25 10:37:58 174 --sha-w- c:\program files\desktop.ini
2007-05-11 16:48:37 819183 ----a-r- c:\program files\fmXML_setup.exe
2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2006-11-21 05:00:30 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2006-11-21 05:00:30 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-02 22:26:13 80930336 --sha-w- c:\windows\system32\drivers\fidbox.dat
============= FINISH: 14:20:56,91 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-09-26 17:12:09
System Uptime: 2010-05-26 11:19:13 (3 hours ago)
Motherboard: TOSHIBA | | ISRAE
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U2E1 | 1733/mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 75 GiB total, 42,233 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 73 GiB total, 72,932 GiB free.
F: is CDROM (UDF)
O: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP444: 2010-05-24 17:26:51 - testing
RP445: 2010-05-26 06:28:00 - Windows Update
==== Installed Programs ======================
Ad-Aware
Adblock Pro 2.6
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.1.0 - Svenska
Ask Toolbar
Atheros Driver Installation Program
µTorrent
AutoUpdate
AVG Free 9.0
Bluetooth Stack for Windows by Toshiba
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
CDDRV_Installer
Desktop SMS
DivX Converter
DivX Player
DivX Web Player
DVD MovieFactory for TOSHIBA
Far Cry
FM Graphics Guru 1.1
FM Modifier 2.25
fmXML version 0.2
Football Manager 2009
Football Manager 2010
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageShack Uploader 2.2.0
Intel(R) Graphics Media Accelerator Driver
Jasc Animation Shop 3
Java(TM) SE Runtime Environment 6
Junk Mail filter update
K-Lite Codec Pack 5.0.5 (Full)
KhalInstallWrapper
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
myphotobook 3.1
NVIDIA Drivers
Pcsx2 0.9.6
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Encoder (KB954156)
SopCast 3.0.3
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Steam
Svenska Spels Poker
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Administratörslösenord
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Online Product Information
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBAs maskinvaruinstallningar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utility Common Driver
VideoAvatar
VideoLAN VLC media player 0.8.6c
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinDVD for TOSHIBA
WinPcap 4.0.2
WinRAR
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze_Remote Toolbar
==== End Of File ===========================
ken545
Emeritus-Security Expert
You need to enable windows to show all files and folders, instructions Here
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If it says this file has been scanned before, have them scan it again.
c:\windows\system32\browserchoice.exe
If the site is busy you can try this one
http://virusscan.jotti.org/en
Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If it says this file has been scanned before, have them scan it again.
c:\windows\system32\browserchoice.exe
If the site is busy you can try this one
http://virusscan.jotti.org/en
Last edited:
I took virus scan lots of time to scan it this time (15 minutes). Not sure what to make of it.
LiveJAsmin popup only shows up once each session now so that is very good.
Here is the log
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.26.03 2010.05.26 -
AntiVir 8.2.1.242 2010.05.26 -
Authentium 5.2.0.5 2010.05.26 -
Avast 4.8.1351.0 2010.05.26 -
AVG 9.0.0.787 2010.05.26 -
BitDefender 7.2 2010.05.26 -
ClamAV 0.96.0.3-git 2010.05.26 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.26 -
eSafe 7.0.17.0 2010.05.26 -
F-Prot 4.6.0.103 2010.05.26 -
F-Secure 9.0.15370.0 2010.05.26 -
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.26 -
Ikarus T3.1.1.84.0 2010.05.26 -
Kaspersky 7.0.0.125 2010.05.26 -
McAfee 5.400.0.1158 2010.05.26 -
McAfee-GW-Edition 2010.1 2010.05.26 -
Microsoft 1.5802 2010.05.26 -
NOD32 5147 2010.05.26 -
Norman 6.04.12 2010.05.26 -
nProtect 2010-05-26.01 2010.05.26 -
PCTools 7.0.3.5 2010.05.26 -
Rising 22.49.02.03 2010.05.26 -
Sophos 4.53.0 2010.05.26 -
Sunbelt 6358 2010.05.26 -
Symantec 20101.1.0.89 2010.05.26 -
TrendMicro 9.120.0.1004 2010.05.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.26 -
VBA32 3.12.12.5 2010.05.26 -
VirusBuster 5.0.27.0 2010.05.26 -
Övrig information
File size: 293376 bytes
MD5...: da1919d896dbd5895e138932ae9e398b
SHA1..: 361bee6e2535d9fc10a01ac6686be55d854fc5ba
SHA256: 4c5fb3c35ca7c2e10ae2920afd40e854c123219901c15a80941ac9f53eef97d7
ssdeep: 6144:IEesYclzRCayeopvGE0zM6s4D8e8FIBK86dNvMXfAo:IEerclzRCayeopvG
NzM6s4D8e8FIBK8f
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3363
timedatestamp.....: 0x4b737c6f (Thu Feb 11 03:41:35 2010)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x34ca 0x3600 6.18 e0356f94745647bc2bed78b680e83512
.data 0x5000 0x68c 0x400 5.80 28fcfd5ab0eb9c208220c87444240f30
.rsrc 0x6000 0x44000 0x43400 6.41 1370a78bf18215c408206d0638b25934
.reloc 0x4a000 0x648 0x800 2.72 cb9cda0ca1762d2b27ddcf4dd8860ae5
( 10 imports )
> ADVAPI32.dll: RegCloseKey, RegCreateKeyExW, GetTokenInformation, OpenProcessToken, CreateProcessAsUserW, SetTokenInformation, GetLengthSid, ConvertStringSidToSidW, DuplicateTokenEx
> KERNEL32.dll: GetLastError, VerifyVersionInfoW, VerSetConditionMask, FreeLibrary, GetProcAddress, LoadLibraryW, CloseHandle, GetCurrentProcess, GetUserGeoID, GetExitCodeProcess, WaitForSingleObject, LocalFree, GetModuleHandleW, lstrcmpA, GetModuleFileNameW, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, InterlockedExchange
> USER32.dll: LoadStringW
> msvcrt.dll: _controlfp, _vsnwprintf, memset, __3@YAXPAX@Z, wcschr, _wcsnicmp, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, __2@YAPAXI@Z
> ole32.dll: CoUninitialize, CoTaskMemFree, CoCreateInstance, CoInitializeEx
> ntdll.dll: RtlUnwind
> SHELL32.dll: -, SHGetFolderPathW, -, -, ShellExecuteW, SHBindToParent
> SHLWAPI.dll: PathCombineW, PathAddExtensionW, -, SHRegGetBoolUSValueW, SHRegGetUSValueW, SHDeleteValueW, PathFindFileNameW, -, SHRegSetUSValueW, SHSetValueW
> WININET.dll: InternetGetCookieW, InternetSetCookieW
> OLEAUT32.dll: -, -
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Browser Choice
original name: browserchoice.exe
internal name: Browser Choice
file version.: 6.1.7600.16526 (win7_gdr.100210-1504)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
LiveJAsmin popup only shows up once each session now so that is very good.
Here is the log
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.26.03 2010.05.26 -
AntiVir 8.2.1.242 2010.05.26 -
Authentium 5.2.0.5 2010.05.26 -
Avast 4.8.1351.0 2010.05.26 -
AVG 9.0.0.787 2010.05.26 -
BitDefender 7.2 2010.05.26 -
ClamAV 0.96.0.3-git 2010.05.26 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.26 -
eSafe 7.0.17.0 2010.05.26 -
F-Prot 4.6.0.103 2010.05.26 -
F-Secure 9.0.15370.0 2010.05.26 -
Fortinet 4.1.133.0 2010.05.26 -
GData 21 2010.05.26 -
Ikarus T3.1.1.84.0 2010.05.26 -
Kaspersky 7.0.0.125 2010.05.26 -
McAfee 5.400.0.1158 2010.05.26 -
McAfee-GW-Edition 2010.1 2010.05.26 -
Microsoft 1.5802 2010.05.26 -
NOD32 5147 2010.05.26 -
Norman 6.04.12 2010.05.26 -
nProtect 2010-05-26.01 2010.05.26 -
PCTools 7.0.3.5 2010.05.26 -
Rising 22.49.02.03 2010.05.26 -
Sophos 4.53.0 2010.05.26 -
Sunbelt 6358 2010.05.26 -
Symantec 20101.1.0.89 2010.05.26 -
TrendMicro 9.120.0.1004 2010.05.26 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.26 -
VBA32 3.12.12.5 2010.05.26 -
VirusBuster 5.0.27.0 2010.05.26 -
Övrig information
File size: 293376 bytes
MD5...: da1919d896dbd5895e138932ae9e398b
SHA1..: 361bee6e2535d9fc10a01ac6686be55d854fc5ba
SHA256: 4c5fb3c35ca7c2e10ae2920afd40e854c123219901c15a80941ac9f53eef97d7
ssdeep: 6144:IEesYclzRCayeopvGE0zM6s4D8e8FIBK86dNvMXfAo:IEerclzRCayeopvG
NzM6s4D8e8FIBK8f
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3363
timedatestamp.....: 0x4b737c6f (Thu Feb 11 03:41:35 2010)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x34ca 0x3600 6.18 e0356f94745647bc2bed78b680e83512
.data 0x5000 0x68c 0x400 5.80 28fcfd5ab0eb9c208220c87444240f30
.rsrc 0x6000 0x44000 0x43400 6.41 1370a78bf18215c408206d0638b25934
.reloc 0x4a000 0x648 0x800 2.72 cb9cda0ca1762d2b27ddcf4dd8860ae5
( 10 imports )
> ADVAPI32.dll: RegCloseKey, RegCreateKeyExW, GetTokenInformation, OpenProcessToken, CreateProcessAsUserW, SetTokenInformation, GetLengthSid, ConvertStringSidToSidW, DuplicateTokenEx
> KERNEL32.dll: GetLastError, VerifyVersionInfoW, VerSetConditionMask, FreeLibrary, GetProcAddress, LoadLibraryW, CloseHandle, GetCurrentProcess, GetUserGeoID, GetExitCodeProcess, WaitForSingleObject, LocalFree, GetModuleHandleW, lstrcmpA, GetModuleFileNameW, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, InterlockedExchange
> USER32.dll: LoadStringW
> msvcrt.dll: _controlfp, _vsnwprintf, memset, __3@YAXPAX@Z, wcschr, _wcsnicmp, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, __2@YAPAXI@Z
> ole32.dll: CoUninitialize, CoTaskMemFree, CoCreateInstance, CoInitializeEx
> ntdll.dll: RtlUnwind
> SHELL32.dll: -, SHGetFolderPathW, -, -, ShellExecuteW, SHBindToParent
> SHLWAPI.dll: PathCombineW, PathAddExtensionW, -, SHRegGetBoolUSValueW, SHRegGetUSValueW, SHDeleteValueW, PathFindFileNameW, -, SHRegSetUSValueW, SHSetValueW
> WININET.dll: InternetGetCookieW, InternetSetCookieW
> OLEAUT32.dll: -, -
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Browser Choice
original name: browserchoice.exe
internal name: Browser Choice
file version.: 6.1.7600.16526 (win7_gdr.100210-1504)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
ken545
Emeritus-Security Expert
Loophole,
Just be careful where you go, attachments you open, just use your head and surf safely Malwarebytes is the free version, keep it updated and run a scan once aweek or so. Keep your Antivirus software up to date and run a scan at least once a week.
I get on my soapbox every once in awhile, but just so you know, a few years ago in the days of win 95, kids and people that had nothing better to do wrote viruses, got one and it made you screen wobble or some other stupid thing, but not anymore, all this garbage is written by Cyber Criminals, and there goal is to steal anything from you they can in the form of personal info like bank account numbers and passwords, credit card numbers and so on, there are a few threats going around that are non cleanable, your only option is to format and reinstall windows, and these threats infect all your personal data like pictures and documents and those are all lost.
Some tips and free tools for you
ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.
Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.
Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system
The above procedure will:
Now to remove most of the tools that we have used in fixing your machine:
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
Safe Surfn
Ken
Just be careful where you go, attachments you open, just use your head and surf safely Malwarebytes is the free version, keep it updated and run a scan once aweek or so. Keep your Antivirus software up to date and run a scan at least once a week.
I get on my soapbox every once in awhile, but just so you know, a few years ago in the days of win 95, kids and people that had nothing better to do wrote viruses, got one and it made you screen wobble or some other stupid thing, but not anymore, all this garbage is written by Cyber Criminals, and there goal is to steal anything from you they can in the form of personal info like bank account numbers and passwords, credit card numbers and so on, there are a few threats going around that are non cleanable, your only option is to format and reinstall windows, and these threats infect all your personal data like pictures and documents and those are all lost.
Some tips and free tools for you
ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.
Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.
Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system
- Click START then RUN
- Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
-
- When shown the disclaimer, Select "2"
The above procedure will:
- Delete the following:
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Reset System Restore.
Now to remove most of the tools that we have used in fixing your machine:
- Make sure you have an Internet Connection.
- Download OTC to your desktop and run it
- A list of tool components used in the cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
- Click Yes to begin the cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.- Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
- WhattheTech
- Grinler BleepingComputer
- GeeksTo Go
- Dslreports
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
- Spybot Search and Destroy 1.6
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
- Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
- Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
- IE-Spyad
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
- Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken