Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:29:36 PM, on 12/11/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16890) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Virtual CD v9\System\vc9play.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Virtual CD v9\System\VC9Tray.exe C:\Windows\system32\DllHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Warcraft III\Warcraft-Version-Switcher\wvs\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup O4 - HKLM\..\Run: [VC9Player] C:\Program Files\Virtual CD v9\System\VC9Play.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [reader_s] C:\Windows\System32\reader_s.exe O4 - HKLM\..\RunOnce: [ÑN@] ÑN@ O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w O4 - HKCU\..\Run: [ctfmon] RUNDLL32.EXE C:\Windows\TEMP\fgjk4wvb.dll,w O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'Default user') O13 - Gopher Prefix: O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\VC9SecS.exe -- End of file - 3787 bytes [b][/b]
Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 6.0.6000 11/4/2009 11:17:08 PM mbam-log-2009-11-04 (23-17-08).txt Scan type: Full Scan (C:\|) Objects scanned: 173431 Time elapsed: 1 hour(s), 59 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 11 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\drivers\smss.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. Files Infected: C:\Windows\System32\reader_s.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\Program Files\Protection System\mal.db (Rogue.ProtectionSystem) -> Quarantined and deleted successfully. C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Windows\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Unable to scan with DDS, getting errors such as the following:
13:34:06: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d0) 13:34:06: DeviceIoControl Error! Error Code = 0x1e7 13:34:06: FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000d0) 13:34:21: DeviceIoControl Error! Error Code = 0x0 13:34:21: DeviceIoControl Error! Error Code = 0x0 13:34:21: DeviceIoControl Error! Error Code = 0x0 13:34:21: DeviceIoControl Error! Error Code = 0x0 13:34:21: DeviceIoControl Error! Error Code = 0x0 13:34:21: DeviceIoControl Error! Error Code = 0x0
MalwareBytes Anti-Malware does detect and remove these threats but only after they hit me, and when they hit me they change my computer's license code making it impossible to use almost all basic windows programs such as Windows Update, etc. forcing me to perform a system restore only to have it work for a few days then happen again. I've done 5 reformats/reinstalls yet every time I get hit with this again and again. If anyone could help me out, I would greatly appreciate it.
Hi Senti,
Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.
Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
Frankly I'm not surprised you get reinfected as there is no Antivirus installed on your computer.
I see also some sign of "Virut" a file infector if that is the case the only safe and short resolution is reformatting.
1. Click on this link--> virustotal
Click the browse button. Copy and paste the lines in bold in the open box, then click Send File after pasting one line. You will only be able to have one file scanned at a time.
C:\Windows\system32\userinit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
If the file is analyzed before, click Reanalyse File Now button.
Please copy and paste the results of the scan in your next post.
2.
QUOTE
I've done 5 reformats/reinstalls yet every time I get hit with this again and again.
Please give me some feedback on how you reformat, do you reformat the whole hard drive and reinstall using the Windows installation DVD, how long it takes to get infected after reformat. What are the steps you take after reformat and in what order (like updating Windows, installing Antivirus, etc).
File userinit.exe received on 2009.12.18 17:15:01 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 27/40 (67.5%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.18 - AhnLab-V3 5.0.0.2 2009.12.18 - AntiVir 7.9.1.114 2009.12.18 W32/Virut.Gen Antiy-AVL 2.0.3.7 2009.12.18 - Authentium 5.2.0.5 2009.12.02 W32/Virut.AI!Generic Avast 4.8.1351.0 2009.12.18 Win32:Vitro AVG 8.5.0.427 2009.12.18 Win32/Virut BitDefender 7.2 2009.12.18 Win32.Virtob.Gen.12 CAT-QuickHeal 10.00 2009.12.18 W32.Virut.G ClamAV 0.94.1 2009.12.18 - Comodo 3287 2009.12.18 Virus.Win32.Virut.Ce DrWeb 5.0.0.12182 2009.12.18 Win32.Virut.56 eSafe 7.0.17.0 2009.12.16 - eTrust-Vet 35.1.7182 2009.12.18 Win32/Virut.17408 F-Prot 4.5.1.85 2009.12.18 W32/Virut.AI!Generic F-Secure 9.0.15370.0 2009.12.18 Win32.Virtob.Gen.12 Fortinet 4.0.14.0 2009.12.18 - GData 19 2009.12.18 Win32.Virtob.Gen.12 Ikarus T3.1.1.79.0 2009.12.18 - Jiangmin 13.0.900 2009.12.18 Win32/Virut.bo K7AntiVirus 7.10.923 2009.12.17 - Kaspersky 7.0.0.125 2009.12.18 Virus.Win32.Virut.ce McAfee 5835 2009.12.17 W32/Virut.n.gen McAfee+Artemis 5835 2009.12.17 W32/Virut.n.gen McAfee-GW-Edition 6.8.5 2009.12.18 Heuristic.LooksLike.Win32.SuspiciousPE.H Microsoft 1.5302 2009.12.18 - NOD32 4699 2009.12.18 Win32/Virut.NBP Norman 6.04.03 2009.12.18 W32/Virut.FP nProtect 2009.1.8.0 2009.12.18 - Panda 10.0.2.2 2009.12.15 W32/Sality.AO PCTools 7.0.3.5 2009.12.18 Malware.Virut Prevx 3.0 2009.12.18 - Rising 22.26.04.02 2009.12.18 Win32.Virut.cl Sophos 4.49.0 2009.12.18 W32/Scribble-B Sunbelt 3.2.1858.2 2009.12.18 Virus.Win32.Virut.ce (v) Symantec 1.4.4.12 2009.12.18 W32.Virut.CF TheHacker 6.5.0.2.097 2009.12.18 - TrendMicro 9.100.0.1001 2009.12.18 PE_VIRUX.J ViRobot 2009.12.18.2097 2009.12.18 Win32.Virut.AM VirusBuster 5.0.21.0 2009.12.17 - Additional information File size: 44544 bytes MD5...: 0789ffea675c4acc6dc3d87adc4c25e0 SHA1..: ed03f2cdec7a8dc9cf8ce592a7f6f4bd822a39df SHA256: 37bc9f872d3fb725da639e5bc80926a89106a9d1744e64dfa623d31462bd339c ssdeep: 768:XNdFCZEK7vUXTckvcTspceo59TBXKye8RMb+nSqIOXCY/E:Xj0ZEK7vOTDvK spcF9NXte8G9QE PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xcd59 timedatestamp.....: 0x9a85fcedL (invalid) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x492d 0x4a00 6.09 3d6c05129a856699c1a18e8ba63359d5 .data 0x6000 0x498 0x600 0.70 0ec875a7fb9e20270c4d4fba1970e380 .rsrc 0x7000 0x778 0x800 4.04 07234d248b662291f662afb14bd879ac .reloc 0x8000 0x5400 0x5200 7.94 8faf510f66b414266087128c1f72fe21 ( 9 imports ) > USER32.dll: GetSystemMetrics, SystemParametersInfoW, MessageBoxW, LoadStringW, LoadRemoteFonts, CreateWindowExW, ExitWindowsEx, GetKeyboardLayout, CharNextW, DefWindowProcW, RegisterClassExW, DestroyWindow > ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyW, RegDeleteTreeW, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey > CRYPT32.dll: CryptProtectData > ntdll.dll: RtlInitUnicodeString, NtOpenKey, NtClose, DbgPrint > NETAPI32.dll: NetApiBufferFree, DsGetDcNameW > WLDAP32.dll: -, -, -, -, -, - > USERENV.dll: - > KERNEL32.dll: GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, InterlockedExchange, DelayLoadFailureHook, ExpandEnvironmentStringsA, LoadLibraryA, InterlockedCompareExchange, HeapSetInformation, GetCurrentThread, SetThreadPriority, CreateThread, SetCurrentDirectoryW, FormatMessageW, GetCurrentProcess, GetFileAttributesExW, GetSystemDirectoryW, SetLastError, ExpandEnvironmentStringsW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, FreeLibrary, GetProcAddress, LoadLibraryW, CompareFileTime, SearchPathW, SetEnvironmentVariableW, GetLastError, CloseHandle, WaitForSingleObject, Sleep, OpenEventW, SetEvent, GetUserDefaultLangID > msvcrt.dll: exit, _acmdln, _initterm, memmove, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _ismbblead, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _XcptFilter, _vsnwprintf, _exit, _cexit, __getmainargs, _wcsicmp, __set_app_type, memset, _amsg_exit ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Userinit Logon Application original name: USERINIT.EXE internal name: userinit file version.: 6.0.6000.16386 (vista_rtm.061101-2205) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned
File services.exe received on 2009.12.18 17:20:04 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/41 (0%) Loading server information... Your file is queued in position: 22. Estimated start time is between 3 and 5 minutes. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.18 - AhnLab-V3 5.0.0.2 2009.12.18 - AntiVir 7.9.1.114 2009.12.18 - Antiy-AVL 2.0.3.7 2009.12.18 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.18 - AVG 8.5.0.427 2009.12.18 - BitDefender 7.2 2009.12.18 - CAT-QuickHeal 10.00 2009.12.18 - ClamAV 0.94.1 2009.12.18 - Comodo 3287 2009.12.18 - DrWeb 5.0.0.12182 2009.12.18 - eSafe 7.0.17.0 2009.12.16 - eTrust-Vet 35.1.7182 2009.12.18 - F-Prot 4.5.1.85 2009.12.18 - F-Secure 9.0.15370.0 2009.12.18 - Fortinet 4.0.14.0 2009.12.18 - GData 19 2009.12.18 - Ikarus T3.1.1.79.0 2009.12.18 - Jiangmin 13.0.900 2009.12.18 - K7AntiVirus 7.10.923 2009.12.17 - Kaspersky 7.0.0.125 2009.12.18 - McAfee 5835 2009.12.17 - McAfee+Artemis 5835 2009.12.17 - McAfee-GW-Edition 6.8.5 2009.12.18 - Microsoft 1.5302 2009.12.18 - NOD32 4699 2009.12.18 - Norman 6.04.03 2009.12.18 - nProtect 2009.1.8.0 2009.12.18 - Panda 10.0.2.2 2009.12.15 - PCTools 7.0.3.5 2009.12.18 - Prevx 3.0 2009.12.18 - Rising 22.26.04.02 2009.12.18 - Sophos 4.49.0 2009.12.18 - Sunbelt 3.2.1858.2 2009.12.18 - Symantec 1.4.4.12 2009.12.18 - TheHacker 6.5.0.2.097 2009.12.18 - TrendMicro 9.100.0.1001 2009.12.18 - VBA32 3.12.12.0 2009.12.18 - ViRobot 2009.12.18.2097 2009.12.18 - VirusBuster 5.0.21.0 2009.12.18 - Additional information File size: 279552 bytes MD5...: 329cf3c97ce4c19375c8abcabae258b0 SHA1..: 33e6d6e00de7c2d77da48d13cd7ddc98f2bfadb4 SHA256: 193a99eb3151c8c99b05a1ba4a69c39cc95e776cf1d39d7e318254383a4c9c0d ssdeep: 6144:a3Tm7dPJmQyrngsCBzADmB3U21Insf8GzZ:Cm7dArn9CCCZU21InM8GzZ PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x12a77 timedatestamp.....: 0x4549add1 (Thu Nov 02 08:35:29 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3a699 0x3a800 6.35 ae0ead51f45c74360138656b214e8e13 .data 0x3c000 0x1154 0x1200 1.77 5e0ea0131ca51787b3f684eca43483b6 .rsrc 0x3e000 0x47f0 0x4800 3.88 253b4d5a16208f24347dd6da11a094cf .reloc 0x43000 0x3d20 0x3e00 6.80 e4b9a020c2f39c607a7b3e993e8486f0 ( 9 imports ) > ADVAPI32.dll: TraceMessage, GetTokenInformation, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, ConvertSidToStringSidW, RevertToSelf, CreateProcessAsUserW, ImpersonateLoggedOnUser, InitiateSystemShutdownExW, OpenThreadToken, LsaClose, LsaFreeMemory, LsaLookupSids, LsaOpenPolicy, OpenProcessToken, EqualSid, AdjustTokenPrivileges, SetSecurityDescriptorDacl, AddAce, InitializeAcl, CopySid, GetLengthSid, GetSecurityDescriptorDacl, RegGetKeySecurity, RegSetKeySecurity, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, RegLoadMUIStringW, LsaManageSidNameMapping, LookupPrivilegeValueW, RegNotifyChangeKeyValue, LsaQueryInformationPolicy, SetTokenInformation, AddAccessAllowedAce, LsaEnumeratePrivileges, LsaLookupNames, FreeSid, AllocateAndInitializeSid, AllocateLocallyUniqueId, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSecurityDescriptorToStringSecurityDescriptorW, GetKernelObjectSecurity, LsaStorePrivateData, EventWrite, EventRegister, RegOpenKeyW, SystemFunction005, SystemFunction029, StartServiceCtrlDispatcherW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, ControlTraceW, EnableTrace, StartTraceW, CheckTokenMembership, LogonUserExExW > KERNEL32.dll: InterlockedCompareExchange64, CreateNamedPipeW, ReadFile, CancelIo, GetOverlappedResult, WaitForMultipleObjects, HeapAlloc, FreeLibrary, GetProcAddress, LoadLibraryW, GetModuleHandleW, TransactNamedPipe, WriteFile, GetTickCount, DuplicateHandle, GetCurrentProcess, GetSystemTimeAsFileTime, CreateEventW, SetEvent, GetCurrentThread, ResetEvent, DeviceIoControl, CreateFileW, GetProcessId, ResumeThread, GetCurrentProcessId, GetDriveTypeW, OpenEventW, GetComputerNameW, CompareStringW, SetThreadPriority, ExitThread, SetProcessShutdownParameters, SetConsoleCtrlHandler, HeapSetInformation, SetErrorMode, SetUnhandledExceptionFilter, GetProcessTimes, OpenProcess, InterlockedCompareExchange, LoadLibraryA, HeapCreate, WaitForSingleObject, TerminateProcess, HeapFree, InitializeCriticalSection, CreateThread, ExpandEnvironmentStringsW, CreateProcessW, GetLastError, CloseHandle, SetLastError, EnterCriticalSection, LeaveCriticalSection, Sleep, LocalFree, LocalAlloc, GetEnvironmentVariableW, CreateDirectoryW, FindFirstFileW, FindClose, lstrlenW, FindNextFileW, MoveFileExW, GetVersionExW, GetSystemTime, GetExitCodeThread, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, InterlockedExchange, DelayLoadFailureHook, ConnectNamedPipe > USER32.dll: BroadcastSystemMessageW, LoadStringW, RegisterServicesProcess > msvcrt.dll: _wcsnicmp, _itow, _vsnwprintf, wcsrchr, _wcslwr, time, memmove, wcschr, __getmainargs, _cexit, _exit, _ultow, exit, _initterm, memset, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler4_common, _terminate@@YAXXZ, _controlfp, wcsncmp, _wtol, wcscspn, _ltow, wcsstr, wcstoul, memcpy, _amsg_exit, _wcsicmp, _XcptFilter > RPCRT4.dll: NdrServerCall2, I_RpcSessionStrictContextHandle, I_RpcBindingIsClientLocal, I_RpcBindingInqLocalClientPID, RpcRevertToSelf, RpcImpersonateClient, RpcServerInqBindingHandle, I_RpcMapWin32Status, RpcServerInqCallAttributesW, RpcBindingVectorFree, RpcServerRegisterAuthInfoW, NdrAsyncServerCall, RpcEpRegisterW, RpcStringFreeW, RpcStringBindingParseW, RpcBindingToStringBindingW, RpcServerInqBindings, RpcServerUseProtseqW, RpcServerRegisterIfEx, RpcServerUseProtseqEpW, UuidEqual, RpcServerUnsubscribeForNotification, RpcAsyncAbortCall, RpcAsyncCompleteCall, RpcServerSubscribeForNotification, RpcServerInqDefaultPrincNameW, UuidCreateNil, RpcServerUnregisterIf, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIfEx, RpcServerRegisterIf, RpcServerListen, UuidCreate, RpcBindingFree, I_RpcExceptionFilter, UuidFromStringW, RpcSsGetContextBinding, RpcServerInqCallAttributesA, RpcBindingServerFromClient, NdrAsyncClientCall, RpcAsyncInitializeHandle, NdrClientCall2, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcEpResolveBinding > ntdll.dll: NtQueryInformationToken, RtlSetSecurityObject, RtlValidRelativeSecurityDescriptor, RtlMapGenericMask, RtlCopyUnicodeString, NtFilterToken, NtSetInformationFile, NtQueryInformationFile, RtlAppendUnicodeStringToString, RtlAppendUnicodeToString, NtWaitForSingleObject, NtQueryDirectoryFile, NtDeleteFile, RtlFreeHeap, RtlUnhandledExceptionFilter, NtSetEvent, NtSetInformationProcess, NtOpenProcessToken, RtlSetProcessIsCritical, NtOpenThread, NtQueueApcThread, RtlInitializeCriticalSection, NtDuplicateToken, NtAdjustPrivilegesToken, NtSetInformationThread, NtAccessCheckAndAuditAlarm, NtAccessCheck, NtOpenThreadToken, NtPrivilegeCheck, NtPrivilegeObjectAuditAlarm, WinSqmAddToStream, RtlSetEnvironmentVariable, RtlLengthSecurityDescriptor, RtlValidSecurityDescriptor, RtlSetControlSecurityDescriptor, NtDeleteKey, NtOpenKey, NtEnumerateKey, NtDeleteValueKey, NtSetValueKey, NtQueryValueKey, NtCreateKey, RtlCreateAcl, RtlAddAccessAllowedAce, RtlCreateSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlConvertSharedToExclusive, RtlConvertExclusiveToShared, RtlRegisterWait, RtlCreateServiceSid, RtlGetNtProductType, RtlEqualUnicodeString, RtlLengthSid, RtlCopySid, NtLoadDriver, NtOpenDirectoryObject, NtQueryDirectoryObject, RtlCompareUnicodeString, NtUnloadDriver, RtlAdjustPrivilege, RtlExpandEnvironmentStrings_U, NtFlushKey, NtOpenFile, RtlDosPathNameToNtPathName_U, NtOpenSymbolicLinkObject, NtQuerySymbolicLinkObject, RtlFreeUnicodeString, NtDeleteObjectAuditAlarm, RtlAreAllAccessesGranted, NtCloseObjectAuditAlarm, RtlDeregisterWait, RtlQueueWorkItem, RtlCopyLuid, RtlDeleteSecurityObject, RtlReleaseResource, RtlAcquireResourceExclusive, RtlAcquireResourceShared, RtlInitializeResource, NtInitializeRegistry, NtQueryKey, NtClose, RtlInitUnicodeString, NtSetSystemEnvironmentValue, RtlNtStatusToDosErrorNoTeb, RtlInitializeSid, RtlAllocateHeap, RtlLengthRequiredSid, RtlSubAuthoritySid, RtlSubAuthorityCountSid, RtlSetSaclSecurityDescriptor, RtlSetGroupSecurityDescriptor, RtlSetOwnerSecurityDescriptor, RtlAddAce, RtlNewSecurityObject, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlUnicodeStringToAnsiString, RtlUnicodeStringToInteger, RtlNtStatusToDosError, NtShutdownSystem, RtlQuerySecurityObject > USERENV.dll: UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW, DestroyEnvironmentBlock > SCESRV.dll: ScesrvTerminateServer, ScesrvInitializeServer > NCObjAPI.DLL: WmiCreateObjectWithFormat, WmiEventSourceConnect, WmiSetAndCommitObject ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Services and Controller app original name: services.exe internal name: services.exe file version.: 6.0.6000.16386 (vista_rtm.061101-2205) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned
File winlogon.exe received on 2009.12.18 17:33:48 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/41 (0%) Loading server information... Your file is queued in position: 1. Estimated start time is between 40 and 57 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.18 - AhnLab-V3 5.0.0.2 2009.12.18 - AntiVir 7.9.1.114 2009.12.18 - Antiy-AVL 2.0.3.7 2009.12.18 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.18 - AVG 8.5.0.427 2009.12.18 - BitDefender 7.2 2009.12.18 - CAT-QuickHeal 10.00 2009.12.18 - ClamAV 0.94.1 2009.12.18 - Comodo 3287 2009.12.18 - DrWeb 5.0.0.12182 2009.12.18 - eSafe 7.0.17.0 2009.12.16 - eTrust-Vet 35.1.7182 2009.12.18 - F-Prot 4.5.1.85 2009.12.18 - F-Secure 9.0.15370.0 2009.12.18 - Fortinet 4.0.14.0 2009.12.18 - GData 19 2009.12.18 - Ikarus T3.1.1.79.0 2009.12.18 - Jiangmin 13.0.900 2009.12.18 - K7AntiVirus 7.10.923 2009.12.17 - Kaspersky 7.0.0.125 2009.12.18 - McAfee 5835 2009.12.17 - McAfee+Artemis 5835 2009.12.17 - McAfee-GW-Edition 6.8.5 2009.12.18 - Microsoft 1.5302 2009.12.18 - NOD32 4699 2009.12.18 - Norman 6.04.03 2009.12.18 - nProtect 2009.1.8.0 2009.12.18 - Panda 10.0.2.2 2009.12.15 - PCTools 7.0.3.5 2009.12.18 - Prevx 3.0 2009.12.18 - Rising 22.26.04.02 2009.12.18 - Sophos 4.49.0 2009.12.18 - Sunbelt 3.2.1858.2 2009.12.18 - Symantec 1.4.4.12 2009.12.18 - TheHacker 6.5.0.2.098 2009.12.18 - TrendMicro 9.100.0.1001 2009.12.18 - VBA32 3.12.12.0 2009.12.18 - ViRobot 2009.12.18.2097 2009.12.18 - VirusBuster 5.0.21.0 2009.12.18 - Additional information File size: 308224 bytes MD5...: 9f75392b9128a91abafb044ea350baad SHA1..: 53919f23c338fa6bcd05a41544f674a81fdac92e SHA256: 3c35607c86b9bd4e234359a5a2eac6428ad02752cecf65608951e62843e657f4 ssdeep: 6144:wLDvjf4GZMzjE75C94605yJ4WYyTQLrr:w/vU6rFd60EmLxr PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x257e2 timedatestamp.....: 0x4549aff7 (Thu Nov 02 08:44:39 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3fc06 0x3fe00 6.41 9fe2f2978d4e8fc9b5542b10e5094ff9 .data 0x41000 0x2c38 0x2200 3.05 2eba47227329379bf20a53420b3871c8 .rsrc 0x44000 0x4ac0 0x4c00 3.71 55406d7f680d1346da31eccdb02494a5 .reloc 0x49000 0x426c 0x4400 6.47 0c834f07d82b2be8968528b6fa3c97d3 ( 10 imports ) > ADVAPI32.dll: TraceMessage, EventWrite, EventEnabled, InitiateShutdownW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegDeleteValueW, EventRegister, EventUnregister, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyW, GetTokenInformation, OpenProcessToken, ConvertStringSidToSidW, LsaFreeMemory, LsaGetUserName, RevertToSelf, ImpersonateLoggedOnUser, CloseEventLog, GetEventLogInformation, OpenEventLogW, RegisterEventSourceW, DeregisterEventSource, LsaNtStatusToWinError, RegCreateKeyExW, CheckTokenMembership, DuplicateTokenEx, ConvertSidToStringSidW, CreateProcessAsUserW, AllocateLocallyUniqueId, ReportEventW, LogonUserW, RegSetKeySecurity, RegDeleteKeyW, RegGetValueA, EqualSid, CredFree, NotifyServiceStatusChangeW, NotifyBootConfigStatus, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, OpenSCManagerW, RegEnumKeyExW, CloseServiceHandle, OpenServiceW, QueryServiceConfigW, QueryServiceStatus, MD5Init, MD5Update, MD5Final, CredReadByTokenHandle > KERNEL32.dll: CloseHandle, SetEvent, CreateEventW, LocalReAlloc, LocalSize, MoveFileExW, Sleep, UnregisterWaitEx, InterlockedExchange, WaitForSingleObjectEx, HeapSetInformation, GetCurrentProcessId, VirtualAlloc, ExpandEnvironmentStringsW, lstrlenW, GetShortPathNameW, CompareStringW, SetEnvironmentVariableW, FreeLibrary, GetProcAddress, LoadLibraryW, GetProcessHeap, GetExitCodeProcess, UnregisterWait, OpenProcess, RegisterWaitForSingleObject, QueryInformationJobObject, DuplicateHandle, GetSystemTimeAsFileTime, InterlockedDecrement, InterlockedIncrement, GetComputerNameW, InterlockedCompareExchange, ResetEvent, TerminateJobObject, GetCommandLineW, CreateJobObjectW, VirtualFree, VirtualUnlock, SetProcessWorkingSetSize, GetProcessWorkingSetSize, VirtualLock, GetDateFormatW, GetTimeFormatW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ResumeThread, CompareFileTime, GetTickCount, TerminateProcess, AssignProcessToJobObject, SearchPathW, CreateProcessW, DeleteTimerQueueTimer, CreateTimerQueueTimer, OpenEventW, GetProcessId, GetModuleHandleW, ReadFile, CreateFileW, SetErrorMode, CreateThread, WaitForMultipleObjects, SetInformationJobObject, GetSystemDirectoryW, LoadLibraryA, GetModuleFileNameW, LocalAlloc, LocalFree, SetLastError, FormatMessageW, FindResourceExW, LoadResource, WaitForSingleObject, LockResource, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, HeapSize, HeapFree, HeapAlloc, GetLastError, HeapCreate, HeapDestroy, MultiByteToWideChar, GetSystemInfo, lstrcmpW, SleepEx, GetFileAttributesW, SetTimerQueueTimer, CreateRemoteThread, GetThreadUILanguage, GetVersionExW, WideCharToMultiByte, DebugBreak, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, DelayLoadFailureHook, CreateProcessInternalW, BaseInitAppcompatCacheSupport > USER32.dll: SetForegroundWindow, SetWindowPos, GetDesktopWindow, GetParent, GetDlgItemTextW, DialogBoxParamW, ShowWindow, RealGetWindowClassW, EnumWindows, SwitchDesktopWithFade, LoadLocalFonts, RegisterLogonProcess, FindWindowW, UpdatePerUserSystemParameters, GetLastInputInfo, UnlockWindowStation, LockWindowStation, LoadImageW, GetDlgItem, SendMessageW, LoadStringW, GetWindowRect, GetWindowLongW, SetThreadDesktop, SwitchDesktop, SetUserObjectSecurity, CloseWindowStation, SetProcessWindowStation, CreateWindowStationW, EndDialog, GetKeyState, SystemParametersInfoW, CreateDesktopW, CancelShutdown, GetSystemMetrics, GetAsyncKeyState, ExitWindowsEx, MessageBoxW, OpenInputDesktop, GetUserObjectInformationW, SetWindowStationUser, CloseDesktop > msvcrt.dll: _ultow_s, swprintf_s, _wcsnicmp, wcscat_s, wcscpy_s, _wcslwr, swscanf, ___V@YAXPAX@Z, ___U@YAPAXI@Z, wcsnlen, strncmp, _wcsupr, iswalpha, iswalnum, wcstoul, _controlfp, _terminate@@YAXXZ, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, _wtoi, _ultow, __3@YAXPAX@Z, wcstok, iswspace, wcschr, _wcsicmp, memmove, _vsnwprintf, memset, memcpy, __2@YAPAXI@Z, wcsncmp, _snwscanf_s, printf, wcsstr, __isascii, isupper, _tolower > ntdll.dll: NtShutdownSystem, RtlNtStatusToDosError, NtClose, NtQueryInformationToken, NtOpenProcessToken, WinSqmStartSession, WinSqmEndSession, RtlGetNtProductType, NtQuerySystemInformation, NtSystemDebugControl, DbgBreakPoint, RtlRemovePrivileges, RtlEqualSid, NtFilterToken, RtlDeleteCriticalSection, RtlFreeUnicodeString, NtInitiatePowerAction, NtOpenDirectoryObject, TpAllocTimer, TpSetTimer, RtlTimeToSecondsSince1980, RtlAllocateAndInitializeSid, RtlCreateSecurityDescriptor, RtlCreateAcl, RtlAddMandatoryAce, RtlSetSaclSecurityDescriptor, NtSetSecurityObject, RtlFreeSid, RtlOpenCurrentUser, RtlCopySid, RtlExpandEnvironmentStrings_U, TpAllocWait, TpAllocWork, TpPostWork, TpSetWait, TpWaitForWait, TpWaitForTimer, RtlGetDaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, NtAdjustPrivilegesToken, NtDuplicateToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, TpReleaseTimer, NtSetInformationProcess, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtCreateEvent, DbgPrint, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlStringFromGUID, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtUnloadKey, NtLoadKey, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlAddAccessAllowedAceEx, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtDeleteKey, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, NtWaitForSingleObject, NtDeviceIoControlFile, RtlGetVersion, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtAllocateUuids, TpReleaseWait, TpWaitForWork, TpReleaseWork, TpSimpleTryPost, NtAllocateLocallyUniqueId, RtlInitString, RtlDestroyEnvironment, RtlLengthSid, RtlInitializeCriticalSection, RtlEnterCriticalSection, RtlpVerifyAndCommitUILanguageSettings, RtlAdjustPrivilege, NtCreateToken, NtSetInformationToken, RtlCreateEnvironment, RtlInitUnicodeString, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeStringEx, RtlCompareUnicodeString, NtOpenThreadToken, RtlDuplicateUnicodeString, RtlLeaveCriticalSection > Secur32.dll: LsaCallAuthenticationPackage, LsaFreeReturnBuffer, SeciAllocateAndSetIPAddress, SeciAllocateAndSetCallFlags, LsaLogonUser, SeciFreeCallContext, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage, LsaGetLogonSessionData, ChangeAccountPasswordW, GetUserNameExW > WINSTA.dll: WinStationFreeUserCredentials, WinStationGetUserCredentials, WinStationRedirectErrorMessage, WinStationDisconnect, _WinStationWaitForConnect, WinStationIsSessionPermitted, WinStationQueryInformationW, WinStationFreeMemory, WinStationReportUIResult, WinStationNegotiateSession > RPCRT4.dll: RpcServerUnsubscribeForNotification, RpcServerSubscribeForNotification, I_RpcBindingIsClientLocal, RpcServerUnregisterIf, RpcBindingVectorFree, RpcEpUnregister, RpcServerListen, RpcEpRegisterW, RpcServerRegisterIfEx, RpcServerUseProtseqW, NdrServerCall2, NdrAsyncServerCall, RpcRaiseException, RpcServerInqCallAttributesW, RpcServerTestCancel, NdrAsyncClientCall, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcMgmtIsServerListening, RpcStringFreeW, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetAuthInfoExW, UuidFromStringW, NdrClientCall2, RpcBindingCreateW, RpcBindingBind, RpcBindingUnbind, RpcBindingFree, I_RpcExceptionFilter, RpcAsyncAbortCall, RpcAsyncCompleteCall, I_RpcMapWin32Status, I_RpcBindingInqLocalClientPID, RpcImpersonateClient, RpcRevertToSelf, RpcServerUseProtseqEpW, RpcServerInqBindings > PSAPI.DLL: EnumProcessModules, GetModuleBaseNameW > USERENV.dll: GetUserProfileDirectoryW, GetAllUsersProfileDirectoryW, -, - ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Windows Logon Application original name: WINLOGON.EXE internal name: winlogon file version.: 6.0.6000.16386 (vista_rtm.061101-2205) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned
File svchost.exe received on 2009.12.18 17:41:04 (UTC) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/41 (0%) Loading server information... Your file is queued in position: 8. Estimated start time is between 110 and 157 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Compact Print results Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.5.0.43 2009.12.18 - AhnLab-V3 5.0.0.2 2009.12.18 - AntiVir 7.9.1.114 2009.12.18 - Antiy-AVL 2.0.3.7 2009.12.18 - Authentium 5.2.0.5 2009.12.02 - Avast 4.8.1351.0 2009.12.18 - AVG 8.5.0.427 2009.12.18 - BitDefender 7.2 2009.12.18 - CAT-QuickHeal 10.00 2009.12.18 - ClamAV 0.94.1 2009.12.18 - Comodo 3287 2009.12.18 - DrWeb 5.0.0.12182 2009.12.18 - eSafe 7.0.17.0 2009.12.16 - eTrust-Vet 35.1.7182 2009.12.18 - F-Prot 4.5.1.85 2009.12.18 - F-Secure 9.0.15370.0 2009.12.18 - Fortinet 4.0.14.0 2009.12.18 - GData 19 2009.12.18 - Ikarus T3.1.1.79.0 2009.12.18 - Jiangmin 13.0.900 2009.12.18 - K7AntiVirus 7.10.923 2009.12.17 - Kaspersky 7.0.0.125 2009.12.18 - McAfee 5835 2009.12.17 - McAfee+Artemis 5835 2009.12.17 - McAfee-GW-Edition 6.8.5 2009.12.18 - Microsoft 1.5302 2009.12.18 - NOD32 4699 2009.12.18 - Norman 6.04.03 2009.12.18 - nProtect 2009.1.8.0 2009.12.18 - Panda 10.0.2.2 2009.12.15 - PCTools 7.0.3.5 2009.12.18 - Prevx 3.0 2009.12.18 - Rising 22.26.04.02 2009.12.18 - Sophos 4.49.0 2009.12.18 - Sunbelt 3.2.1858.2 2009.12.18 - Symantec 1.4.4.12 2009.12.18 - TheHacker 6.5.0.2.098 2009.12.18 - TrendMicro 9.100.0.1001 2009.12.18 - VBA32 3.12.12.0 2009.12.18 - ViRobot 2009.12.18.2097 2009.12.18 - VirusBuster 5.0.21.0 2009.12.18 - Additional information File size: 22016 bytes MD5...: 10da15933d582d2fedcf705efe394b09 SHA1..: 00beb64af60255d5eb76b2edbd30b46de681da32 SHA256: 9b1619ac80379456c6d51780409e3c418dd5aa38d0a62b7f47dcd6fc3a947926 ssdeep: 384:Yz/3Bn2LShtVMZvFsvRRVL58rXId3bi9luJ1I2GgzyW9yCBbWYG+o:y34LSX 2ZtsvRFGouq1IqfBn PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x20bf timedatestamp.....: 0x4549adc4 (Thu Nov 02 08:35:16 2006) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3a80 0x3c00 6.22 21471d844ce211f5f40c084c3ab67645 .data 0x5000 0x5f0 0x600 0.82 dea90489b2dcadccde0a28b407e85510 .rsrc 0x6000 0x818 0xa00 3.74 ea687881916c825c6e630832222325a0 .reloc 0x7000 0x404 0x600 5.25 73b2f62822a04c23026b8c70653b8969 ( 5 imports ) > KERNEL32.dll: ExpandEnvironmentStringsW, CreateActCtxW, ReleaseActCtx, LCMapStringW, lstrlenW, lstrcmpiW, DelayLoadFailureHook, InterlockedExchange, HeapSetInformation, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RegisterWaitForSingleObject, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, HeapAlloc, HeapFree, WideCharToMultiByte, LocalFree, CloseHandle, LocalAlloc, LoadLibraryA, InterlockedCompareExchange, FreeLibrary, Sleep, GetProcAddress, DeactivateActCtx, LoadLibraryExW, GetLastError, ActivateActCtx, LeaveCriticalSection, lstrcmpW, EnterCriticalSection > msvcrt.dll: __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, exit, __p__fmode, _exit, memcpy, memset, __set_app_type, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _cexit, __wgetmainargs, _XcptFilter > ADVAPI32.dll: GetTokenInformation, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetEntriesInAclW, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherW, RegDisablePredefinedCacheEx, EventRegister, EventEnabled, EventWrite, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, RegisterServiceCtrlHandlerW, SetServiceStatus, OpenProcessToken > ntdll.dll: RtlSubAuthoritySid, RtlFreeHeap, RtlCopySid, RtlSubAuthorityCountSid, RtlLengthRequiredSid, RtlAllocateHeap, RtlInitializeSid, RtlImageNtHeader, RtlSetProcessIsCritical, RtlUnhandledExceptionFilter, RtlInitializeCriticalSection > RPCRT4.dll: RpcServerListen, RpcServerUnregisterIf, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcMgmtStopServerListening, RpcServerUnregisterIfEx, RpcServerRegisterIf, RpcServerUseProtseqEpW, I_RpcMapWin32Status ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Host Process for Windows Services original name: svchost.exe internal name: svchost.exe file version.: 6.0.6000.16386 (vista_rtm.061101-2205) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned
P.S. Sorry if I don't respond right away, with the computer troubles and other problems I don't always have time to get online to check the status. And yes I do have an anti-virus, I have it installed on a read-only flash drive that I only update from known clean computers to ensure that the anti-virus doesn't get corrupted itself, I use AVG.
P.P.S. And the reformat/reinstall was a complete reformatting of the harddrive, deleting the partitions after format, repartitioning, and reinstalling windows from the OEM disc that came with the computer.
Edited by Senti, 18 December 2009 - 01:21 PM.