something in syswow?

6 posts in this topic


I did a windows update with several updates and restarted my computer yesterday. When it rebooted, I noticed it was running very slow and freezing up. I updated MBAM and scanned, but got no results. I downloaded rkill and ran it in safe mode and it killed 3 "conime" exe's; I ran MBAM immediately following and still no results. I ran rkill again, and this time (and all following attempts) it killed "C:\Windows\SysWOW64\InfDefaultInstall.exe". MBAM still shows nothing.

Avira found C:\Program Files (x86)\Common Files\MS\MSOLEDEBROW.DLL (amongst false hits), and quarantined it.

rkill is still killing processes that appear in the SysWOW64 folder, and I don't know what else may be lurking on my computer.

This is my play computer; I mostly play games, surf the internet, chat, and do light work on it.

I simply replaced instances of my name with "Owner" (for privacy) using Notepad in the logs--I hope that's okay.

Please help me determine what's wrong! Thank you!

Malwarebytes' Anti-Malware


Database version: 6359

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

4/14/2011 3:03:04 AM

mbam-log-2011-04-14 (03-03-04).txt

Scan type: Quick scan

Objects scanned: 163816

Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)


DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by Owner at 2:09:50.78 on Thu 04/14/2011

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21



Share this post

Link to post
Share on other sites

Hi and welcome to Malwarebytes,

Please go to VirusTotal, and upload the following file for analysis:


Post the results in your reply.

Share this post

Link to post
Share on other sites

THank you very much for helping me!

VirusTotal report:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: f2ba6f31e7dac6523dba1e5193f57b48

Date first seen: 2009-04-04 02:54:27 (UTC)

Date last seen: 2011-04-14 01:53:45 (UTC)

Detection ratio: 0/42

I clicked reanalyze:

File name:


Submission date:

2011-04-15 07:49:10 (UTC)

Current status:



0/ 42 (0.0%)

VT Community

not reviewed

Safety score: -


Print results

Antivirus Version Last Update Result

AhnLab-V3 2011.04.15.00 2011.04.15 -

AntiVir 2011.04.15 -

Antiy-AVL 2011.04.15 -

Avast 4.8.1351.0 2011.04.14 -

Avast5 5.0.677.0 2011.04.14 -

AVG 2011.04.14 -

BitDefender 7.2 2011.04.15 -

CAT-QuickHeal 11.00 2011.04.15 -

ClamAV 2011.04.15 -

Commtouch 2011.04.15 -

Comodo 8347 2011.04.15 -

DrWeb 2011.04.15 -

Emsisoft 2011.04.15 -

eSafe 2011.04.13 -

eTrust-Vet 36.1.8272 2011.04.14 -

F-Prot 2011.04.14 -

F-Secure 9.0.16440.0 2011.04.15 -

Fortinet 2011.04.15 -

GData 22 2011.04.15 -

Ikarus T3. 2011.04.15 -

Jiangmin 13.0.900 2011.04.15 -

K7AntiVirus 9.96.4382 2011.04.13 -

Kaspersky 2011.04.15 -

McAfee 5.400.0.1158 2011.04.15 -

McAfee-GW-Edition 2010.1D 2011.04.15 -

Microsoft 1.6702 2011.04.15 -

NOD32 6042 2011.04.15 -

Norman 6.07.07 2011.04.15 -

Panda 2011.04.14 -

PCTools 2011.04.15 -

Prevx 3.0 2011.04.15 -

Rising 2011.04.14 -

Sophos 4.64.0 2011.04.15 -

SUPERAntiSpyware 2011.04.14 -

Symantec 20101.3.2.89 2011.04.15 -

TheHacker 2011.04.13 -

TrendMicro 2011.04.15 -

TrendMicro-HouseCall 2011.04.15 -

VBA32 2011.04.13 -

VIPRE 9017 2011.04.15 -

ViRobot 2011.4.15.4411 2011.04.15 -

VirusBuster 13.6.305.0 2011.04.14 -

Additional information

MD5 : f2ba6f31e7dac6523dba1e5193f57b48

SHA1 : a2285be7a6c785219fa4a62a2dbbd17d3b7dc187

SHA256: eb66d4fe05c793f5633fb4edb37025b6a46b91d71e3b7862e5e5f87c42d97d1c

After my first post, I tried running rkill a few more times, and a C:\Windows\SysWOW64\runonce.exe showed up several times. Its VirusTotal result is also 0%, and the same with conime.exe.

The last rkill report:

Processes terminated by Rkill or while it was running:



Rkill completed on 04/15/2011 at 3:48:36.

I know running rkill is unnecessary if my anti-virus softwares run, but before I noticed my computer acting slow/weird rkill always finished within 5seconds and only terminates itself. It takes a while for it to finish now, and always listing these processes.

I really don't know what I'm doing regarding viruses and how to tell if my computer is clean. MBAM says my computer is clean, Avira gives me a couple spyware in temp folders.

Can you help me make sure nothing's wrong (and I'm just being dumb)?

Thanks a lot!

Share this post

Link to post
Share on other sites


Not everything that RKill detects may be malicious; malware often uses the same names as legitimate files to masquerade themselves. Are you currently experiencing any symptoms of infection?

Share this post

Link to post
Share on other sites


Thank you for directing me to that site. It made me feel better about those files. I'm not completely sure if I am virus free, but things seem to be operating fine now.

I will be doing a clean install of windows soon to upgrade to windows 7 anyway.

Thanks for everything!

Share this post

Link to post
Share on other sites

Glad to help. :) I'll keep this topic open for a few days if you have any additional questions.

Share this post

Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.