Here is the Virus Total file in html
Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File taskmanager17.exe received on 11.01.2008 16:55:29 (CET)
Current status: finished
Result: 1/36 (2.78%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.11.1.0 2008.10.31 -
AntiVir 7.9.0.10 2008.10.31 -
Authentium 5.1.0.4 2008.11.01 -
Avast 4.8.1248.0 2008.11.01 -
AVG 8.0.0.161 2008.11.01 -
BitDefender 7.2 2008.11.01 Dropped:Generic.Malware.SV.D4ADBF63
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.01 -
DrWeb 4.44.0.09170 2008.11.01 -
eSafe 7.0.17.0 2008.10.30 -
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.01 -
F-Prot 4.4.4.56 2008.11.01 -
F-Secure 8.0.14332.0 2008.11.01 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.01 -
Ikarus T3.1.1.44.0 2008.11.01 -
K7AntiVirus 7.10.514 2008.11.01 -
Kaspersky 7.0.0.125 2008.11.01 -
McAfee 5420 2008.11.01 -
Microsoft 1.4005 2008.11.01 -
NOD32 3575 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.11.01 -
PCTools 4.4.2.0 2008.11.01 -
Prevx1 V2 2008.11.01 -
Rising 21.01.52.00 2008.11.01 -
SecureWeb-Gateway 6.7.6 2008.11.01 -
Sophos 4.35.0 2008.11.01 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.01 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.01 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.10.31 -
Additional information
File size: 1693024 bytes
MD5...: b72e9c925ffe934593ced3c188c0fe20
SHA1..: 59e6397da7331e38895f75f8e29dbdfdc37f5a82
SHA256: f65d886d8985a8c8a272083dcb737582833f28b26788a327c0565ece6ed81c78
SHA512: 8a181957cc5a0a9f95af3c7ab495fd5103c23ae8179a05da4a94ded06cdc8023
1daf8cc0262e0619f09ef6c155b9588225010fb39107413616660222d02a86b3
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (46.6%)
Winzip Win32 self-extracting archive (generic) (28.4%)
Win32 Executable Generic (10.5%)
Win32 Dynamic Link Library (generic) (9.3%)
Generic Win/DOS Executable (2.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x407eb8
timedatestamp.....: 0x46ae1d28 (Mon Jul 30 17:17:28 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe6d8 0xf000 6.43 736104b6a1debe1fa88eaeb84aafb5c9
.rdata 0x10000 0x29f2 0x3000 5.18 00413410ee5eb35d444259fb09d642e0
.data 0x13000 0x62e4 0x2000 1.58 f4b85e22d7dea85c2392af15c91b4257
.rsrc 0x1a000 0x9b58 0xa000 5.55 39a46f7a28effc41a7d14dbc2c7e5127
_winzip_ 0x24000 0x17d000 0x17d000 8.00 e91b2d975b413e7f082aecb752601144
( 5 imports )
> SHELL32.dll: SHGetPathFromIDListA, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetMalloc
> USER32.dll: BeginPaint, GetSysColor, GetClientRect, SetRect, EndPaint, LoadCursorA, GetLastActivePopup, ShowWindow, PostMessageA, SendMessageA, EnableWindow, GetTopWindow, SetWindowLongA, GetWindowLongA, SetWindowTextA, SetForegroundWindow, SetActiveWindow, SetDlgItemTextA, CharUpperBuffA, LoadIconA, SetWindowWord, SendDlgItemMessageA, GetDlgItem, InvalidateRect, UpdateWindow, LoadStringA, MessageBoxA, SetTimer, GetMessageA, KillTimer, PostQuitMessage, DialogBoxParamA, GetDlgItemTextA, EndDialog, GetWindowRect, GetSystemMetrics, SetWindowPos, PeekMessageA, TranslateMessage, DispatchMessageA, SetCursor, CharNextA, GetWindowWord, DefWindowProcA, RegisterClassA, GetParent
> KERNEL32.dll: InitializeCriticalSection, LoadLibraryA, GetLocaleInfoA, Sleep, EnterCriticalSection, LeaveCriticalSection, GetStringTypeW, GetStringTypeA, LCMapStringW, MultiByteToWideChar, LCMapStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, VirtualFree, HeapCreate, HeapDestroy, DeleteCriticalSection, GetFileType, SetHandleCount, GetEnvironmentStringsW, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStdHandle, GetCurrentThreadId, GetVersionExA, FindClose, FindFirstFileA, SetCurrentDirectoryA, CreateDirectoryA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, VirtualAlloc, GetDriveTypeA, GetEnvironmentVariableA, DeleteFileA, SetFileAttributesA, RemoveDirectoryA, SetEndOfFile, SetFilePointer, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetFileSize, CreateFileA, GetWindowsDirectoryA, MoveFileExA, _lclose, OpenFile, GlobalFree, GlobalUnlock, GlobalHandle, _llseek, _lread, _lopen, GlobalLock, GlobalAlloc, GlobalMemoryStatus, GetVersion, GetModuleFileNameA, WriteFile, GetSystemTime, CreateProcessA, lstrlenA, LocalFree, ExitProcess, GetModuleHandleA, _lcreat, GetVolumeInformationA, GetTickCount, FormatMessageA, GetLastError, WinExec, _lwrite, WaitForSingleObject, SetErrorMode, HeapReAlloc, GetConsoleCP, GetConsoleMode, HeapSize, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, FlushFileBuffers, LocalAlloc, FindNextFileA, RtlUnwind, GetCommandLineA, HeapFree, HeapAlloc, GetProcessHeap, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, GetProcAddress, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError
> GDI32.dll: SetTextColor, SetTextAlign, GetBkColor, GetTextExtentPoint32A, ExtTextOutA, CreateDCA, GetDeviceCaps, CreateFontIndirectA, DeleteDC, SelectObject, DeleteObject, SetBkColor
> COMCTL32.dll: -
( 0 exports )
packers (Kaspersky): PE_Patch
packers (F-Prot): ZIP, Unicode, Aspack
ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Scan another file
VirusTotal © Hispasec Sistemas - Blog - Contact:
info@virustotal.com - Terms of Service & Privacy Policy
And here is the Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:04 PM, on 11/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SYSTEM32\spider.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
--
End of file - 6512 bytes
Please tell me if the other files flagged as possible viruses are safe.
Thanks again for the support.
Joe