svchost.exe process and a bunch of PUM (and other stuffs)

[Heantrad]

Hi Heantrad,

You are welcome.

Regards.

So today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.
Any idead of what can it be? (I haven't deleted it yet).
Also, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.
And, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?
So... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...
Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.
So, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.

[Curson]

Hi Heantrad,

So today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.
Any idead of what can it be? (I haven't deleted it yet).

Could you please post RogueKiller log ? I'm sure Ron won't make you install something unsafe.

Also, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.

This is a bug on our side. Don't worry about that.

And, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?

Yes. RogueKiller doesn't display legit hooks anymore.

So... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...
Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.

Please see this with Ron. If something must be removed, he will instruct you how to do it with FRST.

So, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.

Yes, the file could be useful for analysis.
Please rar it and attach it with your next reply.

Regards.

[Heantrad]

Hi Heantrad,

So today I did a scan with RogueKiller because Ron is making me install a lot of things and this was detected.
Any idead of what can it be? (I haven't deleted it yet).

Could you please post RogueKiller log ? I'm sure Ron won't make you install something unsafe.

Also, the svchost.exe process keeps appearing, it doesn't show in this report because I exported it to json format by mistake and I did another scan in txt format.

This is a bug on our side. Don't worry about that.

And, it's normal that the rootkit section appears totally blank?, in older version it appeared a lot of files in green for information purposes, has it been updated?

Yes. RogueKiller doesn't display legit hooks anymore.

So... Microsoft Security Essentials detected this... I'm going to delete it and the things that RogueKiller detected too...
Also, I've seen the scheluded tasks to be sure that the Trojan hasn't created one and I found why the Proxy server keeped reapearing, something created a scheluded task.

Please see this with Ron. If something must be removed, he will instruct you how to do it with FRST.

So, today I noticed this, it was created the same day I replied with this comment, if you want I can send you the file so you can see what it is, for now I will move it to a .rar file until I know what to do with it.

Yes, the file could be useful for analysis.
Please rar it and attach it with your next reply.

Regards.

The log has been posted on my previous reply.
And here is the file.

[Curson]

Hi Heantrad,

Sorry, I didn't see the log at first sight.
The new lines are liked to ESet Smart Security driver, so they are legit.

I checked the file you attached.
It's not a valid PE file (exe file) and therefore it poses no threat.

Regards.

[Heantrad]

Hi Heantrad,

Sorry, I didn't see the log at first sight.
The new lines are liked to ESet Smart Security driver, so they are legit.

I checked the file you attached.
It's not a valid PE file (exe file) and therefore it poses no threat.

Regards.

I unistalled them because I thought that the trojan might have created them, it's okay anyways right?
So, if I execute the file, what would happen
So, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?

[Curson]

Hi Heantrad,

I unistalled them because I thought that the trojan might have created them, it's okay anyways right?

Yes.

So, if I execute the file, what would happen

Absolutely nothing since Windows cannot interpret it.

So, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?

AutoRun could be subverted by malwares for propagation purposes but, most of the time, the instruction on the autorun.inf file are perfectly legit.
For more information, please read Creating an AutoRun-Enabled Application.

Regards.

[Heantrad]

Hi Heantrad,

I unistalled them because I thought that the trojan might have created them, it's okay anyways right?

Yes.

So, if I execute the file, what would happen

Absolutely nothing since Windows cannot interpret it.

So, I use an USB pen for computing class and today, when I used the USB, I saw it had a file called autorun, I've searched for info and I saw that some virus use that to install virus trough a USB, what should I do?

AutoRun could be subverted by malwares for propagation purposes but, most of the time, the instruction on the autorun.inf file are perfectly legit.
For more information, please read Creating an AutoRun-Enabled Application.

Regards.

Could it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.
Also, for curiosity, is hotmail/outlook that bad?

[Curson]

Hi Heantrad,

Could it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.

This is certainly the case.

Also, for curiosity, is hotmail/outlook that bad?

Not at all. I think it's a pretty good solution for end-user.

Regards.

[Heantrad]

Hi Heantrad,

Could it be that Panda USB vaccine has created the autorun file? As in the PC I use on that class has it.

This is certainly the case.

Also, for curiosity, is hotmail/outlook that bad?

Not at all. I think it's a pretty good solution for end-user.

Regards.

Alright, then I'll keep the autorun, thanks.

[Curson]

Hi Heantrad,

You are welcome.

Regards.

[Heantrad]

Hi Heantrad,

You are welcome.

Regards.

Alright, so Ron has finished with me, so I'm doing a full scan with every antispyware I have.
AdwCleaner has detected this task, I searched for info and it seems that a virus can do that, is it legit or not?
I'll update if any program I have detects anything more.

[Curson]

Hi Heantrad,

It's legit.

Regards.

[Heantrad]

Hi Heantrad,

It's legit.

Regards.

Alright, I'm still doing scans, MBAM says it's clean, now there's only left SAS!, MSE and RogueKiller.
Also, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?
And a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?
What are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files.

[Curson]

Hi Heantrad,

Also, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?

CCleaner installer don't contains any adware.

And a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?

I'm sorry but I have no clue.

What are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files.

.lnk files are Shell Links.
If you enable SAS! to follow them, it will then scan the files "linked" to them. It won't make it analyzes less files.

Regards.

[Heantrad]

Hi Heantrad,

Also, when I did the scan with ESET Online Scaner it detected that the installers of CCleaner had adware, is that true?

CCleaner installer don't contains any adware.

And a weird thing that has been happening, for some reason the volumes at the volume mixer keep reseting at the maximun without an aparent reason, what could be causing it?

I'm sorry but I have no clue.

What are the shortcuts .ink? SAS! has a option to follow them, but I don't know if it's a good decision to make it do it or it will make that SAS! analyzes less files.

.lnk files are Shell Links.
If you enable SAS! to follow them, it will then scan the files "linked" to them. It won't make it analyzes less files.

Regards.

SAS! hasn't detected anything.
Also, I found this http://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/volume-mixer-does-not-retain-settings-for/558434e7-fe84-48e0-9385-474594c52e50 , could any of those solutions work if the volume mixer keeps resetting?

RogueKiller did detect something, I'll leave here the log (I haven't deleted anything yet).
The home page of IE seems to be this (Safeweb Norton and VirusTotal say it's safe) https://www.google.es/?gfe_rd=cr&ei=7UUMVrreAs2q8wed_L0g&gws_rd=ssl
Also, it's me or there's now more DNS entries than before?