TechSpot

I suspect my system to be infected. Done with 7 steps

By abe10tiger
May 19, 2011
  1. Hi.

    I'm back:)

    Ok, I suspect my system to be infected because of the sudden slowness. It takes me like 4 minutes to open a folder, the same time to open Chrome,( sometimes even longer!) Chrome becomes unresponsive and I've been seeing weird processes running while checking task manager.(it may be normal but the names are weird!)

    I've been struggling to get here and post this because of the slowness of the laptop and also because of chrome being unresponsive most of the time.

    I've also been noticing my page file usage to jump from 300MB to 500MB or 600MB. 300MB or lower is the normal one.

    So...yah.. guess my pc is infected.. going to post logs now.

    Thanks .
     
  2. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Malwarebytes' log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6613

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    5/19/2011 2:29:45 PM
    mbam-log-2011-05-19 (14-29-44).txt

    Scan type: Quick scan
    Objects scanned: 155151
    Time elapsed: 42 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Gmer

    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit quick scan 2011-05-19 14:56:36
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2040AT rev.8431
    Running: 5nuu0z0g.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\pxtdapow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip UrlFilter.sys (URL Filter/IObit.com)
    AttachedDevice \Driver\Tcpip \Device\Tcp UrlFilter.sys (URL Filter/IObit.com)
    AttachedDevice \Driver\Tcpip \Device\Udp UrlFilter.sys (URL Filter/IObit.com)
    AttachedDevice \Driver\Tcpip \Device\RawIp UrlFilter.sys (URL Filter/IObit.com)

    ---- EOF - GMER 1.0.15 ----
     
  4. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    DDS

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Admin at 15:01:17.63 on Thu 05/19/2011
    Internet Explorer: 6.0.2900.2180
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\WINDOWS\system32\msdtc.exe
    D:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    D:\Program Files\Panda Cloud AntiVirus\PSANHost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\tp4mon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    D:\Program Files\Panda Cloud AntiVirus\PSUNMain.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Keystroke Interference\kltldr.exe
    D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\update\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\update\update.exe
    C:\Documents and Settings\Admin\My Documents\Downloads\dds.scr
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: UIHost=c:\windows\system32\logonui\LIFE.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [TrackPointSrv] tp4mon.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [PSUNMain] "d:\program files\panda cloud antivirus\PSUNMain.exe" /Traybar
    mRun: [Anti Keylogger Virtual Keyboard ] "c:\program files\anti keylogger virtual keyboard\keyboard.exe"
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Keystroke Interference] "c:\program files\keystroke interference\kltldr.exe"
    mRun: [RemoteControl] "d:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [IObit Malware Fighter] "d:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] d:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? FileMonitor;FileMonitor
    S? AdvancedSystemCareService;Advanced SystemCare Service
    S? IMFservice;IMF Service
    S? NanoServiceMain;Panda Cloud Antivirus Service
    S? PSINAflt;PSINAflt
    S? PSINFile;PSINFile
    S? PSINKNC;PSINKNC
    S? PSINProc;PSINProc
    S? PSINProt;PSINProt
    S? RegFilter;RegFilter
    S? UrlFilter;UrlFilter
    .
    =============== Created Last 30 ================
    .
    2011-05-20 02:37:55 -------- d-----w- c:\windows\ServicePackFiles
    2011-05-20 01:33:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-20 01:33:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-19 10:05:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
    2011-05-19 04:04:00 -------- d-----w- c:\windows\system32\CatRoot_bak
    2011-05-19 03:17:01 257024 -c----w- c:\windows\system32\dllcache\infocomm.dll
    2011-05-19 03:16:49 33280 -c----w- c:\windows\system32\dllcache\snmp.exe
    2011-05-19 03:16:49 33280 ----a-w- c:\windows\system32\SET3C.tmp
    2011-05-19 03:16:17 56320 -c----w- c:\windows\system32\dllcache\secur32.dll
    2011-05-19 03:16:16 92544 -c----w- c:\windows\system32\dllcache\ksecdd.sys
    2011-05-19 03:16:14 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
    2011-05-19 03:16:13 59392 -c----w- c:\windows\system32\dllcache\wdigest.dll
    2011-05-19 03:16:12 168448 -c----w- c:\windows\system32\dllcache\schannel.dll
    2011-05-19 03:16:10 408064 -c----w- c:\windows\system32\dllcache\netlogon.dll
    2011-05-19 03:16:04 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
    2011-05-19 03:16:01 729600 -c----w- c:\windows\system32\dllcache\lsasrv.dll
    2011-05-19 03:13:12 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
    2011-05-19 03:13:12 270336 ----a-w- c:\windows\system32\SET1FE.tmp
    2011-05-19 03:13:05 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
    2011-05-19 03:13:04 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
    2011-05-19 03:13:03 28672 -c----w- c:\windows\system32\dllcache\msvidc32.dll
    2011-05-19 03:13:03 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
    2011-05-19 03:13:02 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
    2011-05-19 03:11:51 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
    2011-05-19 03:06:11 351232 -c----w- c:\windows\system32\dllcache\winhttp.dll
    2011-05-19 03:06:11 351232 ----a-w- c:\windows\system32\SET167.tmp
    2011-05-19 03:05:59 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
    2011-05-19 01:32:03 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
    2011-05-19 00:56:53 -------- d-----w- c:\docume~1\admin\applic~1\Malwarebytes
    2011-05-19 00:56:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-05-19 00:48:59 123392 -c----w- c:\windows\system32\dllcache\mqrtdep.dll
    2011-05-19 00:48:58 177152 -c----w- c:\windows\system32\dllcache\mqrt.dll
    2011-05-19 00:48:40 284160 -c----w- c:\windows\system32\dllcache\gdi32.dll
    2011-05-19 00:48:06 205312 -c----w- c:\windows\system32\dllcache\dxtrans.dll
    2011-05-19 00:48:00 357888 -c----w- c:\windows\system32\dllcache\dxtmsft.dll
    2011-05-19 00:47:57 18432 -c----w- c:\windows\system32\dllcache\iedw.exe
    2011-05-19 00:47:56 81920 -c----w- c:\windows\system32\dllcache\ieencode.dll
    2011-05-19 00:47:52 39424 -c----w- c:\windows\system32\dllcache\pngfilt.dll
    2011-05-19 00:47:50 55808 -c----w- c:\windows\system32\dllcache\extmgr.dll
    2011-05-19 00:47:46 16384 -c----w- c:\windows\system32\dllcache\jsproxy.dll
    2011-05-19 00:47:42 449024 -c----w- c:\windows\system32\dllcache\mshtmled.dll
    2011-05-19 00:47:42 251904 -c----w- c:\windows\system32\dllcache\iepeers.dll
    2011-05-19 00:47:36 96256 -c----w- c:\windows\system32\dllcache\inseng.dll
    2011-05-19 00:47:34 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
    2011-05-19 00:47:23 628224 -c----w- c:\windows\system32\dllcache\urlmon.dll
    2011-05-19 00:47:16 146432 -c----w- c:\windows\system32\dllcache\msrating.dll
    2011-05-19 00:46:58 668672 -c----w- c:\windows\system32\dllcache\wininet.dll
    2011-05-19 00:46:54 1024000 -c----w- c:\windows\system32\dllcache\browseui.dll
    2011-05-19 00:46:46 1054208 -c----w- c:\windows\system32\dllcache\danim.dll
    2011-05-19 00:46:34 532480 -c----w- c:\windows\system32\dllcache\mstime.dll
    2011-05-19 00:46:33 151040 -c----w- c:\windows\system32\dllcache\cdfview.dll
    2011-05-19 00:46:18 1509888 -c----w- c:\windows\system32\dllcache\shdocvw.dll
    2011-05-19 00:45:59 3073024 -c----w- c:\windows\system32\dllcache\mshtml.dll
    2011-05-18 04:29:03 -------- d-----w- c:\program files\MSXML 4.0
    2011-05-18 04:25:49 -------- d--h--w- c:\windows\$hf_mig$
    2011-05-18 03:30:22 -------- d-----w- c:\windows\IIS Temporary Compressed Files
    2011-05-18 03:29:42 -------- d-----w- c:\windows\system32\Cache
    2011-05-18 03:27:43 -------- d-----w- c:\windows\system32\FxsTmp
    2011-05-18 03:27:12 7168 ----a-w- c:\windows\system32\snprfdll.dll
    2011-05-18 03:27:11 43520 ----a-w- c:\windows\system32\fcachdll.dll
    2011-05-18 03:27:11 23040 ----a-w- c:\windows\system32\regtrace.exe
    2011-05-18 03:27:11 12288 ----a-w- c:\windows\system32\smtpctrs.dll
    2011-05-18 03:27:10 5632 ----a-w- c:\windows\system32\adsiisex.dll
    2011-05-18 03:24:49 -------- d-----w- c:\windows\system32\msmq
    2011-05-18 03:24:48 -------- d-----w- c:\windows\system32\Logfiles
    2011-05-18 03:24:48 -------- d-----w- C:\Inetpub
    2011-05-18 03:09:28 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-05-18 03:09:28 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-05-18 03:08:15 -------- d-----w- c:\program files\MSN Gaming Zone
    2011-05-18 03:02:27 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
    2011-05-18 03:01:11 -------- d-----w- c:\windows\LastGood(2)
    2011-05-18 02:56:15 339456 -c----w- c:\windows\system32\dllcache\netapi32.dll
    2011-05-18 02:55:48 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
    2011-05-18 02:51:25 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
    2011-05-17 23:48:33 85504 -c----w- c:\windows\system32\dllcache\cabview.dll
    2011-05-17 09:13:37 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
    2011-05-17 09:13:35 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2011-05-17 09:13:34 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2011-05-17 09:13:33 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2011-05-17 09:13:15 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2011-05-16 09:55:32 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Adobe
    2011-05-16 05:36:32 -------- d-----w- c:\windows\system32\LogonUI
    2011-05-16 05:26:00 -------- d-----w- c:\windows\system32\XPSViewer
    2011-05-16 05:24:38 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-05-16 05:23:27 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-05-16 05:23:27 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-05-16 05:23:26 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-05-16 05:23:26 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-05-16 05:23:25 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-05-16 05:23:25 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-05-16 05:23:24 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-05-16 05:23:24 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-05-16 05:16:05 26488 ----a-w- c:\windows\system32\spupdsvc.exe
    2011-05-16 00:47:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-16 00:47:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-15 13:07:28 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\GFInstaller
    2011-05-15 04:15:53 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-05-15 00:53:18 -------- d-----w- c:\program files\Keystroke Interference
    2011-05-15 00:45:20 -------- d-----w- c:\windows\system32\Adobe
    2011-05-14 06:15:28 -------- d-----w- c:\docume~1\admin\applic~1\IObit
    2011-05-14 06:06:00 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
    2011-05-14 06:04:59 220992 ----a-w- c:\windows\system32\drivers\smwdm.sys
    2011-05-14 06:04:58 49152 ----a-w- c:\windows\system32\DSndUp.exe
    2011-05-14 06:04:58 45056 ----a-w- c:\windows\system32\CleanUp.exe
    2011-05-14 06:04:58 -------- d-----w- c:\program files\Analog Devices
    2011-05-14 06:04:34 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-05-14 06:04:34 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
    2011-05-14 06:04:34 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
    2011-05-14 06:04:33 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
    2011-05-14 06:04:32 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
    2011-05-14 06:04:32 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
    2011-05-14 06:04:31 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
    2011-05-14 06:04:31 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
    2011-05-14 05:26:22 -------- d-----w- c:\program files\Anti Keylogger Virtual Keyboard
    2011-05-14 05:15:51 -------- d-----w- c:\program files\CCleaner
    2011-05-14 04:17:47 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Temp
    2011-05-14 04:16:03 -------- d-----w- c:\docume~1\admin\applic~1\Panda Security
    2011-05-14 04:13:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
    2011-05-14 03:47:48 428352 ----a-w- c:\program files\mozilla firefox\StubInstaller.exe
    2011-05-14 03:45:38 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-05-14 03:45:38 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2011-05-14 03:45:15 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2011-05-14 03:45:15 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2011-05-14 03:45:15 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2011-05-14 03:45:15 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2011-05-14 03:45:14 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-05-14 03:43:37 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Mozilla
    2011-05-14 03:41:30 -------- d-----w- c:\docume~1\admin\applic~1\Intel
    2011-05-14 03:41:05 2216064 ----a-r- c:\windows\system32\drivers\w29n51.sys
    2011-05-14 03:41:00 557056 ----a-w- c:\windows\system32\Netw2c32.dll
    2011-05-14 03:41:00 2732032 ----a-w- c:\windows\system32\Netw2r32.dll
    2011-05-14 03:40:28 -------- d-----w- c:\program files\common files\Intel
    2011-05-14 03:39:21 -------- d-----w- c:\docume~1\admin\applic~1\DeviceDoctorSoftware
    2011-05-14 03:39:18 -------- d-----w- c:\program files\Device Doctor
    2011-05-14 03:37:07 -------- d-----w- c:\windows\system32\appmgmt
    2011-05-14 03:33:22 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Google
    2011-05-14 03:26:36 -------- d-----w- c:\docume~1\admin\applic~1\Azureus
    2011-05-14 03:23:30 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\GlobalSCAPE
    2011-05-14 03:22:19 135168 ----a-w- c:\windows\system32\igfxres.dll
    2011-05-14 03:21:30 221184 ----a-w- c:\windows\system32\wmpns.dll
    2011-05-14 03:21:03 -------- d-----w- c:\windows\Internet Logs
    2011-05-14 03:14:05 46352 ----a-w- c:\windows\setdebug.exe
    2011-05-14 03:14:05 171280 ----a-w- c:\windows\system32\jit.dll
    2011-05-14 03:14:04 7315 ----a-w- c:\windows\system32\javasup.vxd
    2011-05-14 03:14:04 313856 ----a-w- c:\windows\system32\dx3j.dll
    2011-05-14 03:14:04 139536 ----a-w- c:\windows\system32\javaee.dll
    2011-05-14 03:10:58 -------- d-----w- c:\docume~1\admin\applic~1\BSplayer Pro
    2011-05-14 03:10:57 -------- d-----w- c:\program files\Webteh
    2011-05-14 03:08:54 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    2011-05-14 03:08:54 30512 ----a-w- c:\windows\system32\mdimon.dll
    2011-05-14 03:08:38 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2011-05-14 03:08:38 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2011-05-14 03:02:10 -------- d-----w- c:\windows\SHELLNEW
    2011-05-14 03:01:31 -------- d-----w- c:\docume~1\admin\locals~1\applic~1\Microsoft Help
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 15:09:32.42 ===============
     
  5. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    .
    ==== Installed Programs ======================
    .
    .
    7-Zip 4.31
    Adobe Reader 7.0.8
    Adobe Shockwave Player 11.5
    Advanced SystemCare 4
    Anti Keylogger Virtual Keyboard
    CCleaner
    CuteFTP 7 Professional
    Device Doctor
    Google Chrome
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB954550-v5)
    Intel PROSet Wireless
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless WiFi Software
    IObit Malware Fighter
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 7
    Java Auto Updater
    Java(TM) 6 Update 25
    Keystroke Interference 2.8
    LogonUI Changer 1.6.134.2
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    MSN
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Panda Cloud Antivirus
    Panda USB Vaccine 1.0.1.4
    PowerDVD
    Real Alternative 1.49
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB926247)
    Security Update for Windows XP (KB939373)
    Security Update for Windows XP (KB942831)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB982381)
    Software Update for Web Folders
    SoundMAX
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    WinRAR archiver
    .
    ==== End Of File ===========================
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to this forum on TechSpot! I expect it's one you want least to have to post in!

    Question and Comments:
    1. Did you recently reformat/reinstall? Maybe starting on 5/14 through current?
    2. There is some information missing from the top of the Attach.txt log, above the 'Installed Programs.'. This would include the Restore Points or notice that there aren't any. Please locate that and paste it into next reply/.
    3. Is the Panda Cloud AV the only security on the system with the exception of the Panda vaccine which is usually used to disinfect a flash drive and the Anti Keylogger Virtual Keyboard? No firewall, no antimalware programs.
    4. Advising that you are behind in the Windows Updates: Windows XP, SP2 should be SP3. Internet Explorer 6 should be v7 or above.[/
    5. I strongly recommend that you uninstall Advanced SystemCare 4 and it's related processes. Both the program and the site itself are not considered good for/on the system .
    =================================================
    Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, if needed.
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ---------------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  7. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Thanks!

    Hi Bobbye and Thanks for your reply. I'll post the logs tomorrow 'cause it's really late here and I just got home. Right now, I'll answer some of the questions for awhile. :)

    Well yah, I friend of mine did it for me. That was the first time I had it reformatted.

    I'll locate it and post it tomorrow. :)

    Well there is Malwarebytes'..... And I only have Windows Firewall.

    I'll try to update it as soon as possible... ow and btw, I don't use IE anymore.... so... yah.,


    Ok.... i'll do that tomorrow.


    Thanks for your reply. I'll be posting the logs tomorrow! Thanks once again! :)
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- I'll address all when logs are up. Rest well.
     
  9. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Hi Bobbye and Thanks.

    Uninstalled Advanced SystemCare 4 as you recommended.

    And I checked the Attach.txt log again and did not find the information missing. Should I scan again? And Combofix detected a rootkit.

    Here's the log for Combofix:




    ComboFix 11-05-19.02 - Admin 05/21/2011 20:56:41.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.246.43 [GMT -12:00]
    Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\Cache
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-22 to 2011-05-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-18 03:24 . 2011-05-18 03:31 -------- d-----w- C:\Inetpub
    2011-05-14 03:00 . 2011-05-14 03:00 -------- d-----r- C:\MSOCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-17 06:18 320832 ----a-w- d:\program files\Panda Cloud AntiVirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-17 06:18 320832 ----a-w- d:\program files\Panda Cloud AntiVirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-08-15 94208]
    "TrackPointSrv"="tp4mon.exe" [2004-08-04 82432]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
    "PSUNMain"="d:\program files\Panda Cloud AntiVirus\PSUNMain.exe" [2011-02-24 423232]
    "Anti Keylogger Virtual Keyboard "="c:\program files\Anti Keylogger Virtual Keyboard\keyboard.exe" [2010-03-08 357312]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-08-15 118784]
    "Keystroke Interference"="c:\program files\Keystroke Interference\kltldr.exe" [2010-03-03 1739200]
    "RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
    "IObit Malware Fighter"="d:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-05-12 4379480]
    "MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-08 253672]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\windows\System32\LogonUI\LIFE.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-05-14 04:16 136176 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Malware Fighter]
    2011-05-12 20:58 4379480 ----a-w- d:\program files\IObit\IObit Malware Fighter\IMF.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    .
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
    S3 RegFilter;RegFilter;d:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [5/13/2011 11:24 PM 30368]
    S3 UrlFilter;UrlFilter;d:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [5/13/2011 11:24 PM 16080]
    S4 FileMonitor;FileMonitor;d:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [5/13/2011 11:24 PM 239472]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1677128483-1343024091-1003Core.job
    - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-14 04:16]
    .
    2011-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1677128483-1343024091-1003UA.job
    - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-14 04:16]
    .
    2011-05-22 c:\windows\Tasks\PandaUSBVaccine.job
    - d:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-05-14 04:45]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-21 21:14
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2011-05-21 21:21:20
    ComboFix-quarantined-files.txt 2011-05-22 09:21
    .
    Pre-Run: 7,189,704,704 bytes free
    Post-Run: 7,169,904,640 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 3635C5C016126C9B56A78833234BD073
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I may be starting to sound like a nag, but now Combofix has information missing!
    The status of the security should be included in the Combofix header. It shows nothing..

    The entire Find 3M section in Combofix is empty.

    There is no rootkit showing in Combofix.

    So far, I haven't seen anything that would account for this:
    For those "weird" processes, see if you can identify any on Google

    The Services and Drivers in the DDS scan aren't displaying correctly:
    R? FileMonitor;FileMonitor
    S? AdvancedSystemCareService;Advanced SystemCare Service
    S? IMFservice;IMF Service
    S? NanoServiceMain;Panda Cloud Antivirus Service
    S? PSINAflt;PSINAflt
    S? PSINFile;PSINFile
    S? PSINKNC;PSINKNC
    S? PSINProc;PSINProc
    S? PSINProt;PSINProt
    S? RegFilter;RegFilter
    S? UrlFilter;UrlFilter
    ============================
    These are all Panda processes:
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]>> PSINKNC Kernel Controller for XP32 from Panda Security,
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]>> PSINProt for Vista64 from Panda Security, S.L.
    The IOBIT program is still loading:
    S3 RegFilter;RegFilter;d:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [5/13/2011 11:24 PM 30368]
    S3 UrlFilter;UrlFilter;d:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [5/13/2011 11:24 PM 16080]
    S4 FileMonitor;FileMonitor;d:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [5/13/2011 11:24 PM 239472]
    ==========================================
    The Panda USB vaccine is on this system. The logs don't match. Someone Else owns the computer? There is another language on the system?

    If you want me to help here, I need to get the full logs. Right now, I'm not seeing anything to address your complaint and it kind of looks like a rigged system.
     
  11. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    This seems strange....:confused:

    I just removed IOBIT Malware fighter after scanning with Combofix because I totally forgot about it.

    After Combofix finished it's scan, a message appeared saying it detected a rootkit and
    had to restart.

    My cousin owned it before passing it on to me. I don't think that there's another language in the system.

    Ow, I forgot to mention that ever since Combofix finished scanning the system, it started speeding up. But I'm still worried.

    Anything else I should do? :(
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Haven't forgotten you. I'm working up a list of entries to be identified. There are few unusual ones. I'll be offline from 8-10 tonight- if I don't get back tonight, will give it to you in the morning.
     
  13. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Ok. Thanks Bobbye.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    As usual, I'm running late. I started the list last night and just have to add a few more. Patience would be greately appreciated.
     
  15. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Sure thing. Take your time Bobbye. :)
     
  16. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Bobbye, while you're at it, should I update my Windows to SP3? :)
     
  17. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Bobbye, Are we still active here? It's been 4 days since your last post and school starts in a few weeks so....yeah. I don't mean to be annoying.:)

    I plan on changing the OS of my laptop to Puppy Linux for a while. I plan on changing back to Windows after I buy a new RAM card for it. As of this moment, it only has 256MB of RAM.(very old)
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    My apology- I 'lost' the thread.

    There are the 'irregularities' I was referring to:
    C:\WINDOWS\System32\snmp.exe
    "Simple Management Network Protocol" Management and Monitoring Tool under Windows Components usually used on Domains and company networks to keep track of company PC's, and PC information.
    This would not normally be running as a background process. Vulnerability in SNMP Could Allow Remote Code Execution (926247)
    --------------------------------
    Are you intentionally running this? C:\Program Files\Keystroke Interference\kltldr.exe
    =================
    There are 3 of these processes running:
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    We will have to check each of the files as it can be the legit Windows Update and/or a Worm
    -----------------------------------
    Do you know what wither of these is?
    C:\WINDOWS\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9\u pdate\update.exe
    C:\WINDOWS\SoftwareDistribution\Download\fa06e29c141c84f43a95ba02f93d3774\u pdate\update.exe
    =============================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =================================================
    Please update and rescan with Combofix.
    ============================================
    Specifically, what malware problems remain?
     
  19. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Hi and thank you for replying. :)

    Yes I am.

    I've never seen them before

    Well, it still is significantly slow but way faster than before. Chrome still becomes unresponsive most of the time. and I guess that's it.

    I'll scan with ESET and Combofix tomorrow as it's already 12:17am here. Just got home.

    Thanks again.. :)
     
  20. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Sorry for the double post. Laptop hanged and I have no idea what happened next.
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I meant to ask this previously> you have changed the logon screen to Life.exe I'm having a hard time identifying this> Half-life? Second-Life? Or other?

    As for the page file, the starting setting for this is usually 1.5 time the Total RAM. How much Total RAM do you have installed?

    In order for malware to have been an issue in this length of time, the system would have had to inundated with malware. It isn't. While there may be some malware entries, your logs so far don't indicate this.
     
  22. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Sorry for the late reply. :)

    Yes, I have changed my logon screen to this 'life.' However, I haven't seen the 'Half-life' or 'Second-life' you were talking about.

    As of this moment, I only have 256MB of RAM installed. I do plan on buying one more RAM card in the future.


    ESET did not find anything. No log appeared.

    Here's the log for Combofix.:

    ComboFix 11-05-27.02 - Admin 05/29/2011 20:37:58.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.246.38 [GMT -12:00]
    Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
    AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-18 03:24 . 2011-05-18 03:31 -------- d-----w- C:\Inetpub
    2011-05-14 03:00 . 2011-05-14 03:00 -------- d-----r- C:\MSOCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
    @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
    [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
    2010-12-17 06:18 320832 ----a-w- d:\program files\Panda Cloud AntiVirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
    @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
    [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
    2010-12-17 06:18 320832 ----a-w- d:\program files\Panda Cloud AntiVirus\PSUNShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-08-15 94208]
    "TrackPointSrv"="tp4mon.exe" [2004-08-04 82432]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
    "PSUNMain"="d:\program files\Panda Cloud AntiVirus\PSUNMain.exe" [2011-02-24 423232]
    "Anti Keylogger Virtual Keyboard "="c:\program files\Anti Keylogger Virtual Keyboard\keyboard.exe" [2010-03-08 357312]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-08-15 118784]
    "Keystroke Interference"="c:\program files\Keystroke Interference\kltldr.exe" [2010-03-03 1739200]
    "RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
    "MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-08 253672]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="c:\windows\System32\LogonUI\LIFE.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-05-14 04:16 136176 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    .
    R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
    R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
    R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
    R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
    R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
    S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [5/29/2011 12:33 AM 17544]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1677128483-1343024091-1003Core.job
    - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-14 04:16]
    .
    2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1677128483-1343024091-1003UA.job
    - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-14 04:16]
    .
    2011-05-30 c:\windows\Tasks\PandaUSBVaccine.job
    - d:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-05-14 04:45]
    .
    2011-05-30 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2011-05-30 10:18]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-IObit Malware Fighter - d:\program files\IObit\IObit Malware Fighter\IMF.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-29 21:26
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3928)
    d:\program files\Panda Cloud AntiVirus\PSUNShell.DLL
    d:\program files\Panda Cloud AntiVirus\PSNCGP.dll
    d:\program files\Panda Cloud AntiVirus\PSNCIPC.dll
    c:\program files\Keystroke Interference\klt.dll
    c:\program files\Keystroke Interference\kbshield.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    d:\program files\Panda Cloud AntiVirus\PSANHost.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\windows\System32\snmp.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\windows\system32\mqsvc.exe
    c:\windows\system32\mqtgsvc.exe
    d:\program files\Panda USB Vaccine\USBVaccine.exe
    c:\windows\system32\tp4mon.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-29 21:38:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-30 09:38
    ComboFix2.txt 2011-05-22 09:21
    .
    Pre-Run: 5,960,949,760 bytes free
    Post-Run: 6,017,290,240 bytes free
    .
    - - End Of File - - 4CC501B0D5610112C378919B7BA42EDE
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry- internet was down-again!

    I think the RAM-or lack of- is the problem. You need at least 512mb of RAM to run Win XP decently.

    Page file should be 1.5 of total RAM or 3.84 (1.5?)
    [Start] right click [My Computer] click [Properties]
    Click [Advanced] tab then click [Settings] in the [Performance] section
    Click the [Advanced] tab and then click [Change] under the [Virtual Memory] section
    [​IMG]

    The image above with show the minimum setting for the drive. You only have 256mb of RAM. Setting the page file to 300mb takes all of the available RAM away. Reset the page file lower and see what different it makes.

    Scheduled Tasks
    Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.
    Opening scheduled tasks to modify or delete them:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    To change the settings for a task: right-click the Task> click Properties> do any of the following:
    1. To change the schedule for the task, click the Schedule tab.
    2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
    3. To delete a task> right-click the task> click Delete.
    4. To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.
    ===================================
    Suggest you stop the following tasks:
    2011-05-30 c:\windows\Tasks\PandaUSBVaccine.job
    - d:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-05-14 04:45]
    .
    2011-05-30 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2011-05-30 10:18]
    ==================================
    I don't see any security other that this: Panda Cloud Antivirus. Your system is not safe. Add a firewall and at least 2 antimalware programs.
    ===================================
    Uninstall all of the following:
    ====================================
    Update Java and Adobe Reader:
    Java Updates
    Adobe Reader site
    =================================================
    I'd like you to run the following. I found 'Virut' mentioned as a possibility for one of the entries. We need to check it out:
    • Make sure to use Internet Explorer for this
    • Please go to VirSCAN.org free on-line scan service
    • Copy and paste each of the following file paths into the "Suspicious files to scan" box on the top of the page, one at a time:
      Code:
          [b]c:\windows\system32\userinit.exe
      
          c:\windows\explorer.exe
      
          c:\window\system32\svchost.exe[/b]
      
      
    • Click on the Upload button
    • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
    • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
    • Paste the contents of the Clipboard in your next reply.
    ====================
     
  24. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    Thanks.

    Yeah. I'm gonna be looking for another RAM card.

    I tried reseting the page file lower but didn't quite notice anything different.

    Right. Stopped them

    Hm.. That's strange.I have Malwarebytes' Anti-Malware installed.

    Unistalled the programs you wanted me to remove.


    Here are the results of the scan.
    ______________________
    VirSCAN.org Scanned Report :
    Scanned time : 2011/03/27 18:22:50 (CST)
    Scanner results: Scanners did not find malware!
    File Name : userinit.exe
    File Size : 24576 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 39b1ffb03c2296323832acbae50d2aff
    SHA1 : e5aedcbe25a97c89101f1f3860ff846e94d70445
    Online report : http://file.virscan.org/report/10c148adea789a4747551a9be024e3fb.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110327010737 2011-03-27 7.11 -
    AhnLab V3 2011.03.27.00 2011.03.27 2011-03-27 1.76 -
    AntiVir 8.2.4.192 7.11.5.79 2011-03-25 0.28 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
    Arcavir 2010 201103240801 2011-03-24 0.00 -
    Authentium 5.1.1 201103270129 2011-03-27 1.55 -
    AVAST! 4.7.4 110326-1 2011-03-26 0.01 -
    AVG 8.5.850 271.1.1/3516 2011-03-19 0.25 -
    BitDefender 7.90123.6998794 7.36812 2011-03-27 6.46 -
    ClamAV 0.96.5 12911 2011-03-26 0.01 -
    Comodo 4.0 8122 2011-03-27 1.52 -
    CP Secure 1.3.0.5 2011.03.26 2011-03-26 0.07 -
    Dr.Web 5.0.2.3300 2011.03.27 2011-03-27 11.73 -
    F-Prot 4.4.4.56 20110326 2011-03-26 3.54 -
    F-Secure 7.02.73807 2011.03.27.01 2011-03-27 0.23 -
    Fortinet 4.2.254 13.48 2011-03-26 0.20 -
    GData 21.2138/21.772 20110327 2011-03-27 14.49 -
    ViRobot 20110326 2011.03.26 2011-03-26 1.53 -
    Ikarus T3.1.32.20.0 2011.03.27.78030 2011-03-27 4.74 -
    JiangMin 13.0.900 2011.03.27 2011-03-27 1.91 -
    Kaspersky 5.5.10 2011.03.27 2011-03-27 0.17 -
    KingSoft 2009.2.5.15 2011.3.27.9 2011-03-27 1.17 -
    McAfee 5400.1158 6297 2011-03-26 8.76 -
    Microsoft 1.6702 2011.03.27 2011-03-27 3.85 -
    NOD32 3.0.21 5988 2011-03-26 0.01 -
    Norman 6.07.03 6.07.00 2011-03-26 24.03 -
    Panda 9.05.01 2011.03.25 2011-03-25 0.64 -
    Trend Micro 9.200-1012 7.930.06 2011-03-27 0.04 -
    Quick Heal 11.00 2011.03.26 2011-03-26 0.98 -
    Rising 20.0 23.50.05.05 2011-03-26 2.17 -
    Sophos 3.16.1 4.62 2011-03-27 3.28 -
    Sunbelt 3.9.2486.2 8831 2011-03-26 3.01 -
    Symantec 1.3.0.24 20110326.002 2011-03-26 0.10 -
    nProtect 20110326.01 3275801 2011-03-26 6.09 -
    The Hacker 6.7.0.1 v00159 2011-03-26 0.50 -
    VBA32 3.12.14.3 20110325.1219 2011-03-25 3.83 -
    VirusBuster 5.2.0.28 13.6.271.0/48521222011-03-26 0.00 -

    __________________________________________________________

    VirSCAN.org Scanned Report :
    Scanned time : 2011/06/02 12:14:24 (CST)
    Scanner results: Scanners did not find malware!
    File Name : explorer.exe
    File Size : 1033216 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 42d32722b805d7df42d30487a0bcbd78
    SHA1 : 1f57ab2fc3e9be8ea3024f97ec9e130680b2d2a3
    Online report : http://file.virscan.org/report/3b6476bbb09133853a60d93475bd5378.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110602080845 2011-06-02 11.49 -
    AhnLab V3 2011.06.02.00 2011.06.02 2011-06-02 15.31 -
    AntiVir 8.2.5.12 7.11.8.241 2011-06-02 0.29 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.03 -
    Arcavir 2011 201105080215 2011-05-08 0.06 -
    Authentium 5.1.1 201106012226 2011-06-01 2.75 -
    AVAST! 4.7.4 110601-1 2011-06-01 0.09 -
    AVG 8.5.850 271.1.1/3674 2011-06-02 0.68 -
    BitDefender 7.90123.7406640 7.37559 2011-05-24 0.00 -
    ClamAV 0.96.5 13137 2011-06-01 0.27 -
    Comodo 4.0 8917 2011-06-01 7.29 -
    CP Secure 1.3.0.5 2011.06.01 2011-06-01 0.77 -
    Dr.Web 5.0.2.3300 2011.06.02 2011-06-02 13.19 -
    F-Prot 4.4.4.56 20110601 2011-06-01 2.39 -
    F-Secure 7.02.73807 2011.06.02.01 2011-06-02 0.23 -
    Fortinet 4.2.257 13.291 2011-06-01 0.99 -
    GData 22.506/22.136 20110602 2011-06-02 15.41 -
    ViRobot 20110601 2011.06.01 2011-06-01 1.66 -
    Ikarus T3.1.32.20.0 2011.06.02.78517 2011-06-02 5.13 -
    JiangMin 13.0.900 2011.06.01 2011-06-01 2.13 -
    Kaspersky 5.5.10 2011.06.01 2011-06-01 0.10 -
    KingSoft 2009.2.5.15 2011.6.1.18 2011-06-01 0.93 -
    McAfee 5400.1158 6340 2011-05-08 12.18 -
    Microsoft 1.6903 2011.06.02 2011-06-02 3.82 -
    NOD32 3.0.21 6165 2011-05-30 0.10 -
    Norman 6.07.08 6.07.00 2011-06-01 24.04 -
    Panda 9.05.01 2011.06.01 2011-06-01 5.03 -
    Trend Micro 9.200-1012 8.198.02 2011-06-01 0.04 -
    Quick Heal 11.00 2011.06.02 2011-06-02 1.77 -
    Rising 20.0 23.60.02.03 2011-06-01 3.25 -
    Sophos 3.20.2 4.66 2011-06-02 4.30 -
    Sunbelt 3.9.2493.2 9461 2011-06-01 3.25 -
    Symantec 1.3.0.24 20110601.002 2011-06-01 0.08 -
    nProtect 20110601.01 3460661 2011-06-01 10.20 -
    The Hacker 6.7.0.1 v00176 2011-04-18 0.81 -
    VBA32 3.12.16.0 20110601.1021 2011-06-01 4.49 -
    VirusBuster 5.3.0.4 14.0.62.0/5291603 2011-06-02 0.00 -
     
  25. abe10tiger

    abe10tiger TechSpot Paladin Topic Starter Posts: 770   +10

    VirSCAN.org Scanned Report :
    Scanned time : 2011/03/27 18:41:03 (CST)
    Scanner results: Scanners did not find malware!
    File Name : svchost.exe
    File Size : 14336 byte
    File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : 8f078ae4ed187aaabc0a305146de6716
    SHA1 : da0ff4006859a7580aba81f486f692dead2014fe
    Online report : http://file.virscan.org/report/b416b4866bd30f6d043dd07c27e751b5.html

    Scanner Engine Ver Sig Ver Sig Date Time Scan result
    a-squared 5.1.0.2 20110327010737 2011-03-27 6.39 -
    AhnLab V3 2011.03.27.00 2011.03.27 2011-03-27 15.97 -
    AntiVir 8.2.4.192 7.11.5.79 2011-03-25 0.28 -
    Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
    Arcavir 2010 201103240801 2011-03-24 0.00 -
    Authentium 5.1.1 201103270129 2011-03-27 1.51 -
    AVAST! 4.7.4 110326-1 2011-03-26 0.01 -
    AVG 8.5.850 271.1.1/3516 2011-03-19 0.26 -
    BitDefender 7.90123.6999003 7.36813 2011-03-27 6.62 -
    ClamAV 0.96.5 12911 2011-03-26 0.01 -
    Comodo 4.0 8122 2011-03-27 3.38 -
    CP Secure 1.3.0.5 2011.03.26 2011-03-26 0.04 -
    Dr.Web 5.0.2.3300 2011.03.27 2011-03-27 11.71 -
    F-Prot 4.4.4.56 20110326 2011-03-26 1.52 -
    F-Secure 7.02.73807 2011.03.27.01 2011-03-27 0.16 -
    Fortinet 4.2.254 13.48 2011-03-26 0.88 -
    GData 21.2138/21.772 20110327 2011-03-27 30.82 -
    ViRobot 20110326 2011.03.26 2011-03-26 1.70 -
    Ikarus T3.1.32.20.0 2011.03.27.78030 2011-03-27 4.62 -
    JiangMin 13.0.900 2011.03.27 2011-03-27 3.42 -
    Kaspersky 5.5.10 2011.03.27 2011-03-27 0.10 -
    KingSoft 2009.2.5.15 2011.3.27.9 2011-03-27 40.13 -
    McAfee 5400.1158 6297 2011-03-26 8.08 -
    Microsoft 1.6702 2011.03.27 2011-03-27 40.13 -
    NOD32 3.0.21 5988 2011-03-26 0.02 -
    Norman 6.07.03 6.07.00 2011-03-26 12.01 -
    Panda 9.05.01 2011.03.27 2011-03-27 40.13 -
    Trend Micro 9.200-1012 7.930.06 2011-03-27 0.03 -
    Quick Heal 11.00 2011.03.26 2011-03-26 40.13 -
    Rising 20.0 23.50.05.05 2011-03-26 40.13 -
    Sophos 3.16.1 4.62 2011-03-27 3.06 -
    Sunbelt 3.9.2486.2 8831 2011-03-26 40.13 -
    Symantec 1.3.0.24 20110326.002 2011-03-26 0.05 -
    nProtect 20110326.01 3275801 2011-03-26 40.13 -
    The Hacker 6.7.0.1 v00159 2011-03-26 40.13 -
    VBA32 3.12.14.3 20110325.1219 2011-03-25 3.79 -
    VirusBuster 5.2.0.28 13.6.271.0/48521222011-03-26 0.00 -
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...