Sorry for the late reply.
I meant to ask this previously> you have changed the logon screen to Life.exe I'm having a hard time identifying this> Half-life? Second-Life? Or other?
Yes, I have changed my logon screen to this 'life.' However, I haven't seen the 'Half-life' or 'Second-life' you were talking about.
As for the page file, the starting setting for this is usually 1.5 time the Total RAM. How much Total RAM do you have installed?
As of this moment, I only have 256MB of RAM installed. I do plan on buying one more RAM card in the future.
ESET did not find anything. No log appeared.
Here's the log for Combofix.:
ComboFix 11-05-27.02 - Admin 05/29/2011 20:37:58.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.246.38 [GMT -12:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-18 03:24 . 2011-05-18 03:31 -------- d-----w- C:\Inetpub
2011-05-14 03:00 . 2011-05-14 03:00 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-17 06:18 320832 ----a-w- d:\program files\Panda Cloud AntiVirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-17 06:18 320832 ----a-w- d:\program files\Panda Cloud AntiVirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-08-15 94208]
"TrackPointSrv"="tp4mon.exe" [2004-08-04 82432]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
"PSUNMain"="d:\program files\Panda Cloud AntiVirus\PSUNMain.exe" [2011-02-24 423232]
"Anti Keylogger Virtual Keyboard "="c:\program files\Anti Keylogger Virtual Keyboard\keyboard.exe" [2010-03-08 357312]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-08-15 118784]
"Keystroke Interference"="c:\program files\Keystroke Interference\kltldr.exe" [2010-03-03 1739200]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-08 253672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\System32\LogonUI\LIFE.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-14 04:16 136176 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
.
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [12/16/2010 6:12 PM 130376]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [12/16/2010 6:12 PM 141768]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [12/16/2010 6:12 PM 97352]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [12/16/2010 6:12 PM 111944]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [12/16/2010 6:12 PM 113096]
S3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [5/29/2011 12:33 AM 17544]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1677128483-1343024091-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-14 04:16]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1677128483-1343024091-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-14 04:16]
.
2011-05-30 c:\windows\Tasks\PandaUSBVaccine.job
- d:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-05-14 04:45]
.
2011-05-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2011-05-30 10:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-IObit Malware Fighter - d:\program files\IObit\IObit Malware Fighter\IMF.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-05-29 21:26
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3928)
d:\program files\Panda Cloud AntiVirus\PSUNShell.DLL
d:\program files\Panda Cloud AntiVirus\PSNCGP.dll
d:\program files\Panda Cloud AntiVirus\PSNCIPC.dll
c:\program files\Keystroke Interference\klt.dll
c:\program files\Keystroke Interference\kbshield.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\msdtc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\program files\Panda Cloud AntiVirus\PSANHost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
d:\program files\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\tp4mon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2011-05-29 21:38:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-30 09:38
ComboFix2.txt 2011-05-22 09:21
.
Pre-Run: 5,960,949,760 bytes free
Post-Run: 6,017,290,240 bytes free
.
- - End Of File - - 4CC501B0D5610112C378919B7BA42EDE