Jump to content


Photo
- - - - -

something in syswow?


  • Please log in to reply
5 replies to this topic

#1 goawayvirus

goawayvirus

    New Member

  • Members
  • Pip
  • 11 posts

Posted 14 April 2011 - 02:17 AM

Hello
I did a windows update with several updates and restarted my computer yesterday. When it rebooted, I noticed it was running very slow and freezing up. I updated MBAM and scanned, but got no results. I downloaded rkill and ran it in safe mode and it killed 3 "conime" exe's; I ran MBAM immediately following and still no results. I ran rkill again, and this time (and all following attempts) it killed "C:\Windows\SysWOW64\InfDefaultInstall.exe". MBAM still shows nothing.

Avira found C:\Program Files (x86)\Common Files\MS\MSOLEDEBROW.DLL (amongst false hits), and quarantined it.

rkill is still killing processes that appear in the SysWOW64 folder, and I don't know what else may be lurking on my computer.

This is my play computer; I mostly play games, surf the internet, chat, and do light work on it.
I simply replaced instances of my name with "Owner" (for privacy) using Notepad in the logs--I hope that's okay.

Please help me determine what's wrong! Thank you!



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6359

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

4/14/2011 3:03:04 AM
mbam-log-2011-04-14 (03-03-04).txt

Scan type: Quick scan
Objects scanned: 163816
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Owner at 2:09:50.78 on Thu 04/14/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4494 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Core Temp\Core Temp.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Owner\Desktop\FF downloads\apps\ShowDesktop\Show Desktop.exe
C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\VirtuaWin\modules\SwitchDesk.exe
C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\dds.com
C:\Windows\SysWOW64\conime.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MULTIM~1.LNK - C:\Program Files (x86)\MMTaskbar\MultiMon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SHOWDE~1.LNK - C:\Users\Owner\Desktop\FF downloads\apps\ShowDesktop\Show Desktop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIRTUA~1.LNK - C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SSODL: HPSIProductUrlCollection - {f0b5dde2-d059-4a54-a5be-347c464c4858} - C:\Program Files (x86)\Common Files\MS\MSOLEDBRow.dll
SSODL: MSOLEDBRow - {f0b5dde2-d059-4a54-a5be-347c464c4858} - C:\Program Files (x86)\Common Files\MS\MSOLEDBRow.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\OWNER~1\AppData\Roaming\Mozilla\Firefox\Profiles\dytnt4su.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2009-11-11 55440]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-4-13 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-4-13 269480]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-4-13 83120]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2011-2-1 21480]
R2 cyphxdrv;cyphxdrv;C:\Windows\System32\drivers\cyphxdrv.sys [2009-8-17 102392]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2009-8-9 68136]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
S2 cypherixservice;Cypherix service;cypherixsrv.exe --> cypherixsrv.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-12 89920]
S3 fsproflt;FSPro Filter Service;C:\Windows\SysWOW64\fsproflt.exe [2009-11-11 73392]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-6-10 31744]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2007-11-6 40464]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.scr=AutoCADLTScriptFile
.
=============== Created Last 30 ================
.
2011-04-14 02:15:52 -------- d-----w- C:\Users\OWNER~1\AppData\Roaming\Avira
2011-04-14 02:15:19 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-04-14 02:15:18 -------- d-----w- C:\Program Files (x86)\Avira
2011-04-14 02:15:18 -------- d-----w- C:\PROGRA~3\Avira
2011-04-13 11:54:06 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-04-13 11:54:06 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-04-13 11:54:06 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-04-10 02:42:16 -------- d-----w- C:\Program Files (x86)\MMTaskbar
2011-04-06 00:19:04 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-04-05 23:49:00 -------- d-----w- C:\Program Files\NVIDIA Corporation
2011-04-05 23:24:34 -------- d-----w- C:\Users\Owner\{de07535a-5b27-4764-8088-05132459a1d7}
2011-04-05 20:32:51 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-04-05 20:29:50 979456 ----a-w- C:\Windows\SysWow64\MFH264Dec.dll
2011-04-05 20:27:50 974848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2011-04-02 03:00:26 -------- d-----w- C:\Program Files\PeerBlock
2011-04-01 20:28:26 -------- d-----w- C:\Program Files (x86)\EA Games
2011-03-29 04:00:14 -------- d-----w- C:\Windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2011-03-19 13:11:04 -------- d-----w- C:\Program Files (x86)\Common Files\Control Panels
2011-03-19 12:50:34 -------- d-----w- C:\Program Files (x86)\MagicISO
.
==================== Find3M ====================
.
2011-04-14 06:05:47 23080 ----a-w- C:\Windows\gdrv.sys
2011-04-05 20:29:49 98816 ----a-w- C:\Windows\SysWow64\mfps.dll
2011-04-05 20:27:50 792576 ----a-w- C:\Windows\System32\d3d11.dll
2011-04-05 20:27:50 519680 ----a-w- C:\Windows\SysWow64\d3d11.dll
2011-04-05 20:27:50 449024 ----a-w- C:\Windows\System32\WMPhoto.dll
2011-04-05 20:27:50 411648 ----a-w- C:\Windows\System32\PhotoMetadataHandler.dll
2011-04-05 20:27:50 369664 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2011-04-05 20:27:50 328192 ----a-w- C:\Windows\System32\dxdiag.exe
2011-04-05 20:27:50 321024 ----a-w- C:\Windows\SysWow64\PhotoMetadataHandler.dll
2011-04-05 20:27:50 262656 ----a-w- C:\Windows\System32\dxdiagn.dll
2011-04-05 20:27:50 252928 ----a-w- C:\Windows\SysWow64\dxdiag.exe
2011-04-05 20:27:50 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2011-04-05 20:27:50 195584 ----a-w- C:\Windows\SysWow64\dxdiagn.dll
2011-04-05 20:27:50 189440 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2011-04-05 20:27:50 1209856 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2011-03-10 17:18:03 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-10 17:18:02 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-10 17:03:51 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 16:02:50 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-03 15:42:03 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 13:46:31 2762240 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 16:38:07 991104 ----a-w- C:\Windows\System32\winresume.efi
2011-02-24 16:38:07 979840 ----a-w- C:\Windows\System32\winresume.exe
2011-02-24 16:37:57 1076608 ----a-w- C:\Windows\System32\winload.efi
2011-02-24 16:37:57 1063296 ----a-w- C:\Windows\System32\winload.exe
2011-02-24 16:37:53 20864 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-24 16:37:53 18816 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-24 16:37:53 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-18 14:18:15 450560 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-18 14:17:59 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-18 14:17:57 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-18 14:16:30 274432 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-18 14:16:29 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-18 14:16:27 106496 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-18 14:16:16 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-16 16:37:47 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 16:16:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-16 14:15:24 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 14:02:23 292864 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-22 23:22:25 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-01-22 23:22:23 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2006-05-03 10:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH: 2:11:07.31 ===============






Here is the rkill log as well. It is what is worrying me:


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/14/2011 at 1:59:50.
Operating System: Windows ™ Vista Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\InfDefaultInstall.exe


Rkill completed on 04/14/2011 at 1:59:53.

Attached Files



#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 15 April 2011 - 12:06 AM

Hi and welcome to Malwarebytes,

Please go to VirusTotal, and upload the following file for analysis:

C:\Windows\SysWOW64\InfDefaultInstall.exe


Post the results in your reply.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 goawayvirus

goawayvirus

    New Member

  • Members
  • Pip
  • 11 posts

Posted 15 April 2011 - 03:21 AM

THank you very much for helping me!

VirusTotal report:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: f2ba6f31e7dac6523dba1e5193f57b48
Date first seen: 2009-04-04 02:54:27 (UTC)
Date last seen: 2011-04-14 01:53:45 (UTC)
Detection ratio: 0/42

I clicked reanalyze:

File name:
InfDefaultInstall.exe
Submission date:
2011-04-15 07:49:10 (UTC)
Current status:
finished
Result:
0/ 42 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.04.15.00 2011.04.15 -
AntiVir 7.11.6.133 2011.04.15 -
Antiy-AVL 2.0.3.7 2011.04.15 -
Avast 4.8.1351.0 2011.04.14 -
Avast5 5.0.677.0 2011.04.14 -
AVG 10.0.0.1190 2011.04.14 -
BitDefender 7.2 2011.04.15 -
CAT-QuickHeal 11.00 2011.04.15 -
ClamAV 0.97.0.0 2011.04.15 -
Commtouch 5.2.11.5 2011.04.15 -
Comodo 8347 2011.04.15 -
DrWeb 5.0.2.03300 2011.04.15 -
Emsisoft 5.1.0.5 2011.04.15 -
eSafe 7.0.17.0 2011.04.13 -
eTrust-Vet 36.1.8272 2011.04.14 -
F-Prot 4.6.2.117 2011.04.14 -
F-Secure 9.0.16440.0 2011.04.15 -
Fortinet 4.2.257.0 2011.04.15 -
GData 22 2011.04.15 -
Ikarus T3.1.1.103.0 2011.04.15 -
Jiangmin 13.0.900 2011.04.15 -
K7AntiVirus 9.96.4382 2011.04.13 -
Kaspersky 7.0.0.125 2011.04.15 -
McAfee 5.400.0.1158 2011.04.15 -
McAfee-GW-Edition 2010.1D 2011.04.15 -
Microsoft 1.6702 2011.04.15 -
NOD32 6042 2011.04.15 -
Norman 6.07.07 2011.04.15 -
Panda 10.0.3.5 2011.04.14 -
PCTools 7.0.3.5 2011.04.15 -
Prevx 3.0 2011.04.15 -
Rising 23.53.03.06 2011.04.14 -
Sophos 4.64.0 2011.04.15 -
SUPERAntiSpyware 4.40.0.1006 2011.04.14 -
Symantec 20101.3.2.89 2011.04.15 -
TheHacker 6.7.0.1.173 2011.04.13 -
TrendMicro 9.200.0.1012 2011.04.15 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.15 -
VBA32 3.12.16.0 2011.04.13 -
VIPRE 9017 2011.04.15 -
ViRobot 2011.4.15.4411 2011.04.15 -
VirusBuster 13.6.305.0 2011.04.14 -
Additional information
MD5 : f2ba6f31e7dac6523dba1e5193f57b48
SHA1 : a2285be7a6c785219fa4a62a2dbbd17d3b7dc187
SHA256: eb66d4fe05c793f5633fb4edb37025b6a46b91d71e3b7862e5e5f87c42d97d1c



After my first post, I tried running rkill a few more times, and a C:\Windows\SysWOW64\runonce.exe showed up several times. Its VirusTotal result is also 0%, and the same with conime.exe.
The last rkill report:

Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\InfDefaultInstall.exe
C:\Windows\SysWOW64\runonce.exe


Rkill completed on 04/15/2011 at 3:48:36.


I know running rkill is unnecessary if my anti-virus softwares run, but before I noticed my computer acting slow/weird rkill always finished within 5seconds and only terminates itself. It takes a while for it to finish now, and always listing these processes.
I really don't know what I'm doing regarding viruses and how to tell if my computer is clean. MBAM says my computer is clean, Avira gives me a couple spyware in temp folders.

Can you help me make sure nothing's wrong (and I'm just being dumb)?
Thanks a lot!

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 15 April 2011 - 08:35 PM

Hi,

Not everything that RKill detects may be malicious; malware often uses the same names as legitimate files to masquerade themselves. Are you currently experiencing any symptoms of infection?
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 goawayvirus

goawayvirus

    New Member

  • Members
  • Pip
  • 11 posts

Posted 16 April 2011 - 06:51 PM

Hi
Thank you for directing me to that site. It made me feel better about those files. I'm not completely sure if I am virus free, but things seem to be operating fine now.
I will be doing a clean install of windows soon to upgrade to windows 7 anyway.
Thanks for everything!

#6 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 18 April 2011 - 03:04 PM

Glad to help. :) I'll keep this topic open for a few days if you have any additional questions.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users