Got rid of Panda (by the way, for future reference, do you know if Panda is good?)
Yes, I use AIM, that's probably where that came from. Uninstalled the Media Player
VirusTotal produced 0/42
Results:
Antivirus Version Last Update Result
AhnLab-V3 2010.08.04.00 2010.08.03 -
AntiVir 8.2.4.32 2010.08.03 -
Antiy-AVL 2.0.3.7 2010.08.03 -
Authentium 5.2.0.5 2010.08.04 -
Avast 4.8.1351.0 2010.08.03 -
Avast5 5.0.332.0 2010.08.03 -
AVG 9.0.0.851 2010.08.03 -
BitDefender 7.2 2010.08.04 -
CAT-QuickHeal 11.00 2010.08.04 -
ClamAV 0.96.0.3-git 2010.08.04 -
Comodo 5639 2010.08.04 -
DrWeb 5.0.2.03300 2010.08.04 -
Emsisoft 5.0.0.36 2010.08.04 -
eSafe 7.0.17.0 2010.08.03 -
eTrust-Vet 36.1.7763 2010.08.04 -
F-Prot 4.6.1.107 2010.08.04 -
F-Secure 9.0.15370.0 2010.08.04 -
Fortinet 4.1.143.0 2010.08.02 -
GData 21 2010.08.04 -
Ikarus T3.1.1.84.0 2010.08.04 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.04 -
McAfee 5.400.0.1158 2010.08.04 -
McAfee-GW-Edition 2010.1 2010.08.04 -
Microsoft 1.6004 2010.08.03 -
NOD32 5338 2010.08.03 -
Norman 6.05.11 2010.08.03 -
nProtect 2010-08-03.01 2010.08.03 -
Panda 10.0.2.7 2010.08.03 -
PCTools 7.0.3.5 2010.08.04 -
Prevx 3.0 2010.08.04 -
Rising 22.59.02.00 2010.08.04 -
Sophos 4.56.0 2010.08.04 -
Sunbelt 6682 2010.08.04 -
SUPERAntiSpyware 4.40.0.1006 2010.08.04 -
Symantec 20101.1.1.7 2010.08.04 -
TheHacker 6.5.2.1.330 2010.08.04 -
TrendMicro 9.120.0.1004 2010.08.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.04 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.04 -
VirusBuster 5.0.27.0 2010.08.03 -
Additional information
File size: 39816 bytes
MD5...: 775489e09ca5aa6f0bc324f8bb0412b9
SHA1..: 04f6656e65db67637b876587b424050739f48a90
SHA256: d0c7685ee78af289f0340a115f53ba3ac0feda9b121ac057d44e7f251290a9de
ssdeep: 768:87qKe0jrrveoJnVBujq3RcqSIVXgJKzeVL2b3my:87qp0frhJ/ujkREIma2y
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x5448
timedatestamp.....: 0x4a0c605f (Thu May 14 18:18:07 2009)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4bab 0x4c00 6.26 6599f5b98a870ebb419925532eb4426b
.rdata 0x6000 0x1c30 0x1e00 4.34 1f7fbe32c4432c9df76a046083ee80b1
.data 0x8000 0x794 0x400 6.78 2128e4f120f45473e99e29fec4f4d44f
.rsrc 0x9000 0x358 0x400 2.89 8859207fdfa6192c0927456b1b91bc74
.reloc 0xa000 0x81a 0xa00 3.83 f62fcbf8a2e3ea48b1fa95e4d634fb2c
( 5 imports )
> msvcrt.dll: _onexit, __dllonexit, _lock, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, toupper, towupper, malloc, free, strrchr, strncpy, _stricmp, wcscpy, wcsrchr, wcscat, memcpy
> ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCloseKey
> PSAPI.DLL: EnumProcessModules, GetModuleFileNameExW, GetModuleFileNameExA
> VERSION.dll: VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
> KERNEL32.dll: QueryPerformanceCounter, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, InterlockedCompareExchange, InterlockedExchange, RtlUnwind, FindFirstFileW, CompareFileTime, FindClose, LoadLibraryW, FreeLibrary, GetSystemDirectoryW, GetLastError, InterlockedIncrement, SetLastError, GetTickCount, TlsGetValue, TlsSetValue, TlsFree, TlsAlloc, VirtualFree, VirtualProtect, GetModuleFileNameA, GetModuleHandleW, IsBadReadPtr, GetModuleHandleA, GetProcAddress, VirtualAlloc, EnterCriticalSection, LeaveCriticalSection, GetCurrentProcess, WriteProcessMemory, GetCurrentProcessId, OpenProcess, CloseHandle, VirtualQuery, Sleep, InitializeCriticalSection, DisableThreadLibraryCalls, DeleteCriticalSection, GetModuleFileNameW, GetCurrentThreadId, GetSystemTimeAsFileTime, InterlockedDecrement
( 10 exports )
Exp_FinalizeStub, Exp_GetAPIInfoListHead, Exp_GetAPIListForUpgrade, Exp_GetAgentVersion, Exp_HookAPI, Exp_HookAddress, Exp_HookAddress_000, Exp_InitializeStub, Exp_RegisterKevlarAPIBaseHandlerAddress, Exp_UnhookAllAPIFunctions
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: McAfee, Inc.
copyright....: Copyright(c) 1995-2009 McAfee, Inc. All Rights Reserved.
product......: HIPSCORE.14.1.0.426.x86
description..: HIPSCore Injected Stub
original name: n/a
internal name: n/a
file version.: HIPSCORE.14.1.0.426.x86
comments.....: n/a
signers......: McAfee, Inc.
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 8:09 PM 5/15/2009
verified.....: -