|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#16
|
|||
|
|||
Combofix log.
ComboFix 08-01-07.5 - Jeanine 2008-01-10 8:36:26.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.100 [GMT -5:00] Running from: C:\Documents and Settings\Jeanine\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Jeanine\Desktop\CFScript * Created a new restore point FILE C:\Program Files\Ciy1.exe C:\Program Files\Ed1.exe C:\Program Files\Jxw1.exe C:\Program Files\Lgr1.exe C:\Program Files\Lrx1.exe C:\Program Files\Qjo1.exe C:\Program Files\Ted31.exe C:\Program Files\Tln1.exe C:\Program Files\Xre1.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Ciy1.exe C:\Program Files\Ed1.exe C:\Program Files\Jxw1.exe C:\Program Files\Lgr1.exe C:\Program Files\Lrx1.exe C:\Program Files\Qjo1.exe C:\Program Files\Ted31.exe C:\Program Files\Tln1.exe C:\Program Files\Xre1.exe . ((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))) . 2008-01-08 08:40 . 2008-01-08 08:40 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab 2008-01-08 08:40 . 2008-01-08 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-01-07 13:17 . 2000-08-31 08:00 51,200 --a------ C:\WINNT\NirCmd.exe 2008-01-07 12:53 . 2008-01-07 12:53 <DIR> d-------- C:\WINNT\ERUNT 2008-01-07 12:27 . 2008-01-07 12:27 72 --a------ C:\Documents and Settings\Jeanine\servstop.bat 2008-01-02 11:14 . 2008-01-02 11:50 <DIR> d-------- C:\Documents and Settings\Jeanine\Contacts 2008-01-02 11:14 . 2008-01-02 11:14 268 --ah----- C:\sqmdata00.sqm 2008-01-02 11:14 . 2008-01-02 11:14 244 --ah----- C:\sqmnoopt00.sqm 2008-01-02 09:52 . 2008-01-02 10:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-01-02 09:50 . 2008-01-02 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-30 22:23 . 2004-05-14 16:53 462,848 --a------ C:\WINNT\system32\ltkrn13n.dll 2007-12-30 22:23 . 2004-05-14 16:53 450,560 --a------ C:\WINNT\system32\ltimg13n.dll 2007-12-30 22:23 . 2004-05-14 16:53 401,408 --a------ C:\WINNT\system32\lfcmp13n.dll 2007-12-30 22:23 . 2004-05-14 16:53 299,008 --a------ C:\WINNT\system32\ltdis13n.dll 2007-12-30 22:23 . 2004-01-12 02:09 206,336 --a------ C:\WINNT\system32\ltefx13n.dll 2007-12-30 22:23 . 2004-05-14 16:53 163,840 --a------ C:\WINNT\system32\ltfil13n.dll 2007-12-30 22:23 . 2003-11-04 15:11 159,744 --a------ C:\WINNT\system32\lfpng13n.dll 2007-12-30 22:23 . 2003-11-04 15:10 69,632 --a------ C:\WINNT\system32\lfgif13n.dll 2007-12-30 22:23 . 2004-05-14 16:53 57,344 --a------ C:\WINNT\system32\lfbmp13n.dll 2007-12-30 18:05 . 2007-12-30 18:06 <DIR> d-------- C:\Documents and Settings\Jeanine\Application Data\Snapfish 2007-12-28 14:01 . 2007-12-28 14:01 <DIR> d-------- C:\Documents and Settings\Jeanine\Application Data\Ulead Systems 2007-12-28 13:15 . 2007-12-28 13:15 <DIR> d-------- C:\Program Files\Nova Development 2007-12-28 13:13 . 2007-12-28 13:39 <DIR> d-------- C:\Program Files\Web Publish 2007-12-25 14:35 . 2007-12-25 14:49 <DIR> d-------- C:\Program Files\Photo Viewer 2007-12-24 20:09 . 2007-10-10 18:55 6,065,664 --------- C:\WINNT\system32\dllcache\ieframe.dll 2007-12-24 20:09 . 2007-06-30 22:31 2,455,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dat 2007-12-24 20:09 . 2007-06-30 22:36 991,232 --------- C:\WINNT\system32\dllcache\ieframe.dll.mui 2007-12-24 20:09 . 2007-10-10 18:55 459,264 --------- C:\WINNT\system32\dllcache\msfeeds.dll 2007-12-24 20:09 . 2007-10-10 18:55 383,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dll 2007-12-24 20:09 . 2007-10-10 18:55 267,776 --------- C:\WINNT\system32\dllcache\iertutil.dll 2007-12-24 20:09 . 2007-10-10 18:55 63,488 --------- C:\WINNT\system32\dllcache\icardie.dll 2007-12-24 20:09 . 2007-10-10 18:55 52,224 --------- C:\WINNT\system32\dllcache\msfeedsbs.dll 2007-12-24 20:09 . 2007-10-10 05:59 13,824 --------- C:\WINNT\system32\dllcache\ieudinit.exe 2007-12-24 19:56 . 2007-08-13 18:54 33,792 --a------ C:\WINNT\system32\dllcache\custsat.dll 2007-12-24 11:42 . 2006-08-21 04:14 128,896 --------- C:\WINNT\system32\dllcache\fltmgr.sys 2007-12-24 11:42 . 2006-08-21 04:14 23,040 --------- C:\WINNT\system32\dllcache\fltmc.exe 2007-12-24 11:42 . 2006-08-21 07:21 16,896 --------- C:\WINNT\system32\dllcache\fltlib.dll 2007-12-23 14:48 . 2007-07-09 08:09 584,192 --------- C:\WINNT\system32\dllcache\rpcrt4.dll 2007-12-23 13:10 . 2007-12-25 08:46 <DIR> d--h----- C:\WINNT\$hf_mig$ 2007-12-22 16:38 . 2006-10-19 04:42 303,616 -ra------ C:\WINNT\system32\drivers\BLKWGNv7.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-01-10 13:22 --------- d-----w C:\Program Files\Greetings Workshop 2008-01-09 13:37 --------- d-----w C:\Program Files\PhoneTools 2008-01-09 13:36 --------- d-----w C:\Program Files\Microsoft Picture It! 9 2008-01-09 13:35 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-11-19 00:15 --------- d-----w C:\Documents and Settings\Jeanine\Application Data\Wal-Mart Digital Photo Viewer 2007-11-13 10:25 20,480 ----a-w C:\WINNT\system32\drivers\secdrv.sys 2007-10-31 10:12 3,590,656 ------w C:\WINNT\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINNT\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINNT\system32\dllcache\quartz.dll 2007-10-27 22:39 230,912 ----a-w C:\WINNT\system32\wmasf.dll 2007-10-27 22:39 230,912 ------w C:\WINNT\system32\dllcache\wmasf.dll 2007-10-27 22:37 2,109,440 ------w C:\WINNT\system32\dllcache\wmvcore.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINNT\system32\dllcache\shell32.dll 2007-10-11 06:13 474,112 ------w C:\WINNT\system32\dllcache\shlwapi.dll 2007-10-11 06:13 151,040 ------w C:\WINNT\system32\dllcache\cdfview.dll 2007-10-11 06:13 1,494,528 ------w C:\WINNT\system32\dllcache\shdocvw.dll 2007-10-11 06:13 1,054,208 ------w C:\WINNT\system32\dllcache\danim.dll 2007-10-11 06:13 1,023,488 ------w C:\WINNT\system32\dllcache\browseui.dll 2007-10-10 23:56 824,832 ------w C:\WINNT\system32\dllcache\wininet.dll 2007-10-10 23:56 232,960 ------w C:\WINNT\system32\dllcache\webcheck.dll 2007-10-10 23:56 1,159,680 ------w C:\WINNT\system32\dllcache\urlmon.dll 2007-10-10 23:55 671,232 ------w C:\WINNT\system32\dllcache\mstime.dll 2007-10-10 23:55 478,208 ------w C:\WINNT\system32\dllcache\mshtmled.dll 2007-10-10 23:55 44,544 ------w C:\WINNT\system32\dllcache\iernonce.dll 2007-10-10 23:55 384,512 ------w C:\WINNT\system32\dllcache\iedkcs32.dll 2007-10-10 23:55 27,648 ------w C:\WINNT\system32\dllcache\jsproxy.dll 2007-10-10 23:55 230,400 ------w C:\WINNT\system32\dllcache\ieaksie.dll 2007-10-10 23:55 214,528 ------w C:\WINNT\system32\dllcache\dxtrans.dll 2007-10-10 23:55 193,024 ------w C:\WINNT\system32\dllcache\msrating.dll 2007-10-10 23:55 153,088 ------w C:\WINNT\system32\dllcache\ieakeng.dll 2007-10-10 23:55 132,608 ------w C:\WINNT\system32\dllcache\extmgr.dll 2007-10-10 23:55 124,928 ------w C:\WINNT\system32\dllcache\advpack.dll 2007-10-10 23:55 105,984 ------w C:\WINNT\system32\dllcache\url.dll 2007-10-10 23:55 102,400 ------w C:\WINNT\system32\dllcache\occache.dll 2007-10-10 10:59 70,656 ------w C:\WINNT\system32\dllcache\ie4uinit.exe 2007-10-10 10:59 625,152 ------w C:\WINNT\system32\dllcache\iexplore.exe 2007-10-10 05:46 161,792 ------w C:\WINNT\system32\dllcache\ieakui.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-07_13.22.10.21 ))))))))))))))))))))))))))))))))))))))))) . + 2005-05-24 17:27:16 213,048 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 20:47:20 94,208 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 20:49:54 950,272 ----a-w C:\WINNT\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "CARPService"="carpserv.exe" [2001-09-30 19:50 4608 C:\WINNT\system32\carpserv.exe] "S3TRAY2"="S3tray2.exe" [2001-10-12 13:32 69632 C:\WINNT\system32\S3tray2.exe] "Multi-function Keyboard"="GWHotKey.exe" [2001-08-28 12:13 98361 C:\WINNT\GWHotKey.exe] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2001-08-09 18:21 118784] "1AEIWLRAD.EXE"="AEIWLRAD.EXE" [2001-12-06 17:03 24576 C:\WINNT\system32\AEIWLRAD.EXE] "HPDJ Taskbar Utility"="C:\WINNT\System32\spool\drivers\w32x86\3 \hpztsb04.exe" [2001-11-08 14:59 196608] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 06:32 50688] "CapFax"="C:\Program Files\PhoneTools\CapFax.EXE" [2001-11-07 13:25 20480] C:\Documents and Settings\Jeanine\Start Menu\Programs\Startup\ Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1997-09-03 23:00:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2004-04-21 06:07:09] R2 Aeiwsvc;Aeiwsvc;C:\WINNT\system32\AEIWLSVC.EXE [2001-11-06 12:00] R3 AEIWLBRG;AEIWLBRG;C:\WINNT\System32\aeiwlbrg.sys [2001-11-06 11:59] R3 Belkin701F;Belkin Wireless G Notebook Card Service v7;C:\WINNT\system32\DRIVERS\BLKWGNv7.sys [2006-10-19 04:42] R3 ViaModem;ViaModem;C:\WINNT\system32\DRIVERS\ViaMod em.sys [2001-11-13 19:14] S3 AEIWL;Actiontec PRISM Wireless LAN USB Driver;C:\WINNT\system32\DRIVERS\AEIWLUSB.sys [2001-12-14 10:24] S3 ati2mpaa;ati2mpaa;C:\WINNT\system32\DRIVERS\ati2mp aa.sys [2001-08-17 13:48] S3 ati2mtaa;ati2mtaa;C:\WINNT\system32\DRIVERS\ati2mt aa.sys [2004-08-04 00:29] S3 PCDRDRV;Pcdr Helper Driver;C:\Atf\Qctest\PCDoc\PCDRDRV.sys [] S3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-04 01:01] . Contents of the 'Scheduled Tasks' folder "2002-05-13 09:48:02 C:\WINNT\Tasks\ISP signup reminder 1.job" - C:\WINNT\System32\OOBE\oobebaln.exe "2002-05-13 09:48:03 C:\WINNT\Tasks\ISP signup reminder 2.job" - C:\WINNT\System32\OOBE\oobebaln.exe "2002-05-13 09:48:03 C:\WINNT\Tasks\ISP signup reminder 3.job" - C:\WINNT\System32\OOBE\oobebaln.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-10 08:39:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2008-01-10 8:40:40 ComboFix-quarantined-files.txt 2008-01-10 13:40:21 ComboFix2.txt 2008-01-09 14:01:01 ComboFix3.txt 2008-01-07 18:23:09 . 2007-12-25 14:12:38 --- E O F --- |
#17
|
||||
|
||||
Good - post the Panda log when ready.
|
#18
|
|||
|
|||
Ya its coming. Its taking awhile though.
|
#19
|
|||
|
|||
Panda log.
Incident Status Location Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Jeanine\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Jeanine\Desktop\ComboFix.exe[nircmd.cfexe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jeanine\Desktop\SDFix.exe[SDFix\apps\Process.exe] Possible Virus. Not disinfected C:\Program Files\Common Files\aolshare\Coach\Player\AolNySEV.exe Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{5C25849B-58DA-498F-BF0A-89B607971821}\Setup.exe Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\SDFix\apps\Process.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\NirCmd.exe ================================================== ======== Hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:54:24 AM, on 1/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\carpserv.exe C:\WINNT\system32\S3tray2.exe C:\WINNT\GWHotKey.exe C:\WINNT\system32\AEIWLSVC.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINNT\system32\AEIWLRAD.EXE C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04. exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\PhoneTools\CapFax.EXE C:\WINNT\system32\ctfmon.exe C:\Program Files\CASIO\Photo Loader\Plauto.exe C:\Program Files\Greetings Workshop\GWREMIND.EXE C:\Program Files\Apoint2K\Apntex.exe C:\WINNT\system32\wscntfy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Money\System\urlmap.exe C:\Documents and Settings\Jeanine\Desktop\hijack\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=2839 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [1AEIWLRAD.EXE] AEIWLRAD.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04. exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192369178635 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1192370888187 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Aeiwsvc - Unknown owner - C:\WINNT\system32\AEIWLSVC.EXE O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing) -- End of file - 5164 bytes Things seem to be going faster. |
#20
|
||||
|
||||
Looks good. Mistaken identity on some tools we use (pretty common) and two files it says are suspect:
This AOL file I see in searches as being picked up in other scans as identified as possible malware due to some functions it does, so should be okay: C:\Program Files\Common Files\aolshare\Coach\Player\AolNySEV.exe And an unknown setup file, again probably alerted due to functions it does. C:\Program Files\InstallShield Installation Information\{5C25849B-58DA-498F-BF0A-89B607971821}\Setup.exe If you navigate to that, right click, select Properties, see if you can locate the vendor info on it. If none, and you do not recognize it, then Go to this SITE. Click on the Browse button, and navigate to that file, upload and "Send" it. Copy the results with the notepad and copy/paste them back here please. And before we do some cleanup there let me know how the system is running now. |
#21
|
|||
|
|||
Well computer seems to be running better than before.
Antivirus Version Last Update Result AhnLab-V3 2008.1.14.10 2008.01.14 - AntiVir 7.6.0.46 2008.01.14 - Authentium 4.93.8 2008.01.13 - Avast 4.7.1098.0 2008.01.14 - AVG 7.5.0.516 2008.01.13 - BitDefender 7.2 2008.01.14 - CAT-QuickHeal 9.00 2008.01.12 - ClamAV 0.91.2 2008.01.13 - DrWeb 4.44.0.09170 2008.01.14 - eSafe 7.0.15.0 2008.01.13 - eTrust-Vet 31.3.5456 2008.01.14 - Ewido 4.0 2008.01.14 - FileAdvisor 1 2008.01.14 - Fortinet 3.14.0.0 2008.01.14 - F-Prot 4.4.2.54 2008.01.13 - F-Secure 6.70.13030.0 2008.01.14 - Ikarus T3.1.1.20 2008.01.14 - Kaspersky 7.0.0.125 2008.01.14 - McAfee 5205 2008.01.11 - Microsoft 1.3109 2008.01.14 - NOD32v2 2789 2008.01.14 - Norman 5.80.02 2008.01.14 - Panda 9.0.0.4 2008.01.13 - Prevx1 V2 2008.01.14 - Rising 20.27.02.00 2008.01.14 - Sophos 4.24.0 2008.01.14 - Sunbelt 2.2.907.0 2008.01.12 - TheHacker 6.2.9.187 2008.01.13 - VBA32 3.12.2.5 2008.01.13 - VirusBuster 4.3.26:9 2008.01.13 - Webwasher-Gateway 6.0.1 2008.01.14 Win32.Malware.gen!88 (suspicious) Additional information File size: 170499 bytes MD5: ff7739c73bab3353d0bb6180d89b5fee SHA1: 190158dc711d44467cf5f5fad3689d8989c0b80f PEiD: - |
#22
|
||||
|
||||
Hmmm - at least one suggestion that one is bad. Let's check it then - go here, press new topic, fill in the needed details and just give a link to your post back here. Then press the browse button and then navigate to & select the file on your computer.
C:\Program Files\InstallShield Installation Information\{5C25849B-58DA-498F-BF0A-89B607971821}\Setup.exe You DO NOT need to be a member to upload, anybody can upload the files. In the meantime go ahead and rename it, by adding ".old" to the end (Setup.exe.old). That will keep it idle until we are sure. |
#23
|
|||
|
|||
Ok I did the above.
|
#24
|
||||
|
||||
I received the file, thanks. Overall it appears to be a generic InstallShield (R) Setup Launcher, though the last Virus Total scan engine, which is one that does well in identifying malware, found something in it that it considered potentially malicious. As an installer whatever function it performed is likely completed, so for now you can just leave the original with the added ".old" extension, and after a few weeks delete that if you wish.
If the system is running good now just need to clean up what we brought there. Both Panda and Kaspersky uninstall through Add/Remove Programs if you do not plan to use them in the near future. Also delete any files/folders/logs we created there. To have ComboFix remove it's files/folders and undo some changes it made go to Start - Run, type the following then select OK: ComboFix /u Then good idea to reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply. You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer. When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK. |
#25
|
|||
|
|||
Thanks so much!
|
#26
|
||||
|
||||
Glad to assist here.
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
IE opens the closes right away! | darbs97 | Internet / Browsers | 0 | December 1st, 2006 11:52 PM |
DOS Box Closes as soon as it opens | Mystallion | Windows XP | 1 | October 22nd, 2005 06:57 PM |
task manager closes itself | dlocke99 | Windows XP | 2 | September 2nd, 2004 03:22 AM |
task manager opens and disappears | nibby | Windows XP | 4 | June 28th, 2004 03:55 PM |
word in office 2k closes in 2 seconds | kamal | Applications | 4 | November 23rd, 2002 11:05 PM |
All times are GMT +1. The time now is 02:45 PM.