Is MSPUNIN.EXE a valid Windows file?

[drwngflies]

First, here are my specs...
WinXP SP2 - Zone Alarm FW/AV - Avast AV - Webroot SpySweeper - Tenebril Spy Catcher 3.5 - WinPatrol
I use the SpySweeper as a manually started app for scans, but leave ZA,Avast,WP and SC active.
During a SC scan, it showed 5 "suspect" entries:
bdupd.dll
bdoscandel.exe
ipsupd.dll
aswboot.exe
MSPUNIN.EXE
Of these, I recognized the two "bd" entries as online scans from BitDefender, and deleted.
But after running a HJT after deleting, these, they re-appeared.
I also ran a reg cleaner after deleting.
I am pretty sure the "ip" entry was from a Panda online scan, and deleted.
But it still shows up as "16" in the HJT log. Retuned after deletion.
Now, i found the "asw" entry only as referred to as an Avast pre-boot scan file, so I left it.
Now, the problem:
What is "MSPUNIN.EXE? It is found in C:Windows, and I do not remember seeing it before now.
Is this a valid Windows file?
here is my HJT log, after running the HJT log analyzer:
I am concerned with the 09 and 16 entries...
----------
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:26:59 PM, on 6/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Documents and Settings\John\My Documents\AntiVirus\HiJackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = John
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher\SpyCatcher.exe" reminder
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - Startup: Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/scanner/TestScanner.ocx
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Tenebril antispyware satellite (TNBRLDS) - Tenebril Inc. - C:\Program Files\SpyCatcher\DeleteSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of KRC HijackThis Analyzer Log.
====================================================================

Thank you for your assistance...

[MicroBell]

NO..it's NOT a valid windows file. That said lets scan it...
Please upload MSPUNIN.EXE to http://www.kaspersky.com/scanforvirus

Scan the file and post the results. In the meantime lets look deeper...

Download Silent runners.Vbs http://www.silentrunners.org/
1. Make sure you have any script blocking software disabled
2. Run the program. It will take a few minutes to complete.
3. Once complete it will produce a log named “StartupPrograms” with Your user and date in the filename. Open that txt file and posts it contents in your next post.

Run an online scan at http://www.pandasoftware.com/actives..._principal.htm

Save the activescan log and post it here.


Download Rkfiles.zip http://skads.org/special/rkfiles.zip
UNZIP the contents to a permanent folder on your desktop.

Download the following attachment remv3.zip http://forums.skads.org/index.php?showtopic=80
Make a folder on the root drive C:\ and unzip the files into it.



REBOOT TO SAFE MODE… These tools MUST be run in safe mode!!
Once in safe mode…

Double click rkfiles.bat
It will scan for a while, so please be patient.
Wait till the dos window closes.
Open the C:\log.txt it created and rename it log1.txt.

Now Open the folder were you saved remv3.zip files and click the rem.bat file and let it run. It will delete the files and remove the infection and then make a log of the files it finds. The log file will be C:\log.txt and bad1.txt

**Note** Each tool uses log.txt as it’s output file so make sure you save the entry’s from one tool before running the other as it will overwrite the file if you don’t.

Reboot back to normal mode and post the contents of both the log.txt and log1.txt in your next post along with those other logs.

So I need the following logs....

SilentRunners
Panda Activescan
Rkfiles (log1.txt)
Remv3 (log.txt)

Report the findings on the file you scanned.

[drwngflies]

Thank You, MicroBell for your prompt response.
Unfortunately, I recieved a similar response in another forum, and was informed that it was not a valid Windows File, so, I deleted it Yesteday.
I already ran regSeeker and G-Lock's Adv. Amin. Tools reg cleaner also, so there is little info I can provide now.
I ran the Panda Online Scanner, (without any viruses detected), prior to finding it with SpyCatcher.
I do appreciate your detailed response, and I am greatful for your time put forth to my question, however, I am sorry I did not check back in a timely manner before I acted on another's advice. I would have been more than happy to have contributed some info for review. I was only trying to "get it out" ASAP.
If, for some reason, it returns, I will gladly reply here, as you instructed.
I will save your reply, in case it, or another "problem" returns.
Thanks again for having this forum availiable for those of us who are not "adept" in AV issues.

[drwngflies]

I forgot I had saved a screenshot of the C:Windows folder containing the MSPUNIN.EXE file before I deleted it. This is the only remnant I have left.
http://i3.photobucket.com/albums/y99...MSPUNINPic.jpg

[MicroBell]

Ok. Since the issue has been resolved..I'm moving this to resolved.