Disinfecting a PC… part 4



So, AVG has been scanning away finding things we’ve really got a foothold on the system and the malware has a fight on it’s hands. It’s good to see progress. Up to this point we’ve had multiple Spool32 errors (printer related). These errors are what prompted the system to be brought in initially. There’s a lexmark system tray item that loads on boot. No time to investigate that yet. Here’s the log of the AVG antivirus scan…


“Partition table (MBR)”,”ok”,”Quick checked”
“Boot sector of disk C:”,”ok”,”Quick checked”
“System registry SoftwareMicrosoftWindows NTCurrentVersionWindowsLoad”,”",”Scanned”
“System registry SoftwareMicrosoftWindows NTCurrentVersionWindowsRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnceEx”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServices”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServicesOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnceEx”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServices”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServicesOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionWinlogonUserinit”,”",”Scanned”
“System registry SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell”,”",”Scanned”
“System registry exefileshellopencommand”,”",”Scanned”
“System registry scrfileshellopencommand”,”",”Scanned”
“System registry scrfileshellconfigcommand”,”",”Scanned”
“System registry batfileshellopencommand”,”",”Scanned”
“System registry cmdfileshellopencommand”,”",”Scanned”
“System registry comfileshellopencommand”,”",”Scanned”
“System registry piffileshellopencommand”,”",”Scanned”
“System registry giffileshellopencommand”,”",”Scanned”
“System registry htmlfileshellopencommand”,”",”Scanned”
“System registry htafileshellopencommand”,”",”Scanned”
“System registry jpegfileshellopencommand”,”",”Scanned”
“System registry txtfileshellopencommand”,”",”Scanned”
“System registry regfileshellopencommand”,”",”Scanned”
“System registry cplfileshellcplopencommand”,”",”Scanned”
“System registry Word.Document.8shellopencommand”,”",”Scanned”
“System registry WordPad.Document.1shellopencommand”,”",”Scanned”
“C:PROGRAM FILESREALREALJUKEBOXtsystray.exe”,”ok”,”Quick checked”
“C:PROGRA~1ACCESS~1WORDPAD.EXE”,”ok”,”Quick checked”
“C:PROGRA~1BMCENT~1BMLauncher.exe”,”ok”,”Quick checked”
“C:PROGRA~1ESOFTEBOARDeBoard.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgamsvr.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgcc.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgemc.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgw.exe”,”ok”,”Quick checked”
“C:PROGRA~1INTERN~1IEXPLORE.EXE”,”ok”,”Quick checked”
“C:PROGRA~1MESSEN~1msmsgs.exe”,”ok”,”Quick checked”
“C:PROGRA~1ezulammod.exe”,”ok”,”Quick checked”
“C:Program FilesCommon Filesslmssslmss.exe”,”Trojan horse SecThought.B”,”Infected”
“C:Program FilesCommon filesupdaterwupdater.exe”,”Trojan horse Downloader.Keenval.J”,”Infected”
“C:Program FilesInternet Optimizeroptimize.exe”,”Trojan horse Downloader.Dyfica.2.AC”,”Infected”
“C:Program FilesMicrosoft MoneySystemMoney Express.exe”,”ok”,”Quick checked”
“C:Program FilesMicrosoft OfficeOfficeWINWORD.EXE”,”ok”,”Quick checked”
“C:Program FilesRealRealPlayerrealplay.exe”,”ok”,”Quick checked”
“C:Progra~1ClearSearchLoader.exe”,”Trojan horse BackDoor.Ruledor.D”,”Infected”
“C:WINDOWSLOADQM.EXE”,”ok”,”Quick checked”
“C:WINDOWSNOTEPAD.EXE”,”ok”,”Quick checked”
“C:WINDOWSPCHealthSupportPCHSCHD.EXE”,”ok”,”Quick checked”
“C:WINDOWSREGEDIT.EXE”,”ok”,”Quick checked”
“C:WINDOWSRUNDLL32.EXE”,”ok”,”Quick checked”
“C:WINDOWSSCANREGW.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMLEXSTART.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMMSHTA.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMMSTASK.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMPRINTRAY.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSHELL32.DLL”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSHIMGVW.DLL”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSSDPSRV.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSYSTRAY.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMpecxlc.exe”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMstcloader.exe”,”ok”,”Quick checked”
“C:WINDOWSSystemRestoreSTATEMGR.EXE”,”ok”,”Quick checked”
“C:WINDOWSTASKMON.EXE”,”ok”,”Quick checked”
“C:WINDOWSgoidr.exe”,”ok”,”Quick checked”
“C:WINDOWSmwsvm.exe”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMkernel32.dll”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMwsock32.dll”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMuser32.dll”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMshell32.dll”,”ok”,”Quick checked”
“C:WINDOWSTemporary Internet FilesContent.IE594LN9FJFHyperLinker[1].cab:HyperLinker.exe”,”Trojan horse BackDoor.Small.14.AM”,”Infected, Embedded object”
“C:WINDOWSTemporary Internet FilesContent.IE594LN9FJFHyperLinker[1].cab”,”Trojan horse BackDoor.Small.14.AM”,”Infected, Archive”
“System registry SoftwareMicrosoftWindows NTCurrentVersionWindowsLoad”,”",”Scanned”
“System registry SoftwareMicrosoftWindows NTCurrentVersionWindowsRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnceEx”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServices”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServicesOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnceEx”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServices”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServicesOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionWinlogonUserinit”,”",”Scanned”
“System registry SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell”,”",”Scanned”
“System registry exefileshellopencommand”,”",”Scanned”
“System registry scrfileshellopencommand”,”",”Scanned”
“System registry scrfileshellconfigcommand”,”",”Scanned”
“System registry batfileshellopencommand”,”",”Scanned”
“System registry cmdfileshellopencommand”,”",”Scanned”
“System registry comfileshellopencommand”,”",”Scanned”
“System registry piffileshellopencommand”,”",”Scanned”
“System registry giffileshellopencommand”,”",”Scanned”
“System registry htmlfileshellopencommand”,”",”Scanned”
“System registry htafileshellopencommand”,”",”Scanned”
“System registry jpegfileshellopencommand”,”",”Scanned”
“System registry txtfileshellopencommand”,”",”Scanned”
“System registry regfileshellopencommand”,”",”Scanned”
“System registry cplfileshellcplopencommand”,”",”Scanned”
“System registry Word.Document.8shellopencommand”,”",”Scanned”
“System registry WordPad.Document.1shellopencommand”,”",”Scanned”
“C:PROGRAM FILESREALREALJUKEBOXtsystray.exe”,”ok”,”Quick checked”
“C:PROGRA~1ACCESS~1WORDPAD.EXE”,”ok”,”Quick checked”
“C:PROGRA~1BMCENT~1BMLauncher.exe”,”ok”,”Quick checked”
“C:PROGRA~1ESOFTEBOARDeBoard.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgamsvr.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgcc.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgemc.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgw.exe”,”ok”,”Quick checked”
“C:PROGRA~1INTERN~1IEXPLORE.EXE”,”ok”,”Quick checked”
“C:PROGRA~1MESSEN~1msmsgs.exe”,”ok”,”Quick checked”
“C:PROGRA~1ezulammod.exe”,”ok”,”Quick checked”
“C:Program FilesMicrosoft MoneySystemMoney Express.exe”,”ok”,”Quick checked”
“C:Program FilesMicrosoft OfficeOfficeWINWORD.EXE”,”ok”,”Quick checked”
“C:Program FilesRealRealPlayerrealplay.exe”,”ok”,”Quick checked”
“C:WINDOWSLOADQM.EXE”,”ok”,”Quick checked”
“C:WINDOWSNOTEPAD.EXE”,”ok”,”Quick checked”
“C:WINDOWSPCHealthSupportPCHSCHD.EXE”,”ok”,”Quick checked”
“C:WINDOWSREGEDIT.EXE”,”ok”,”Quick checked”
“C:WINDOWSRUNDLL32.EXE”,”ok”,”Quick checked”
“C:WINDOWSSCANREGW.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMLEXSTART.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMMSHTA.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMMSTASK.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMPRINTRAY.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSHELL32.DLL”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSHIMGVW.DLL”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSSDPSRV.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSYSTRAY.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMpecxlc.exe”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMstcloader.exe”,”ok”,”Quick checked”
“C:WINDOWSSystemRestoreSTATEMGR.EXE”,”ok”,”Quick checked”
“C:WINDOWSTASKMON.EXE”,”ok”,”Quick checked”
“C:WINDOWSgoidr.exe”,”ok”,”Quick checked”
“C:WINDOWSmwsvm.exe”,”ok”,”Quick checked”
“C:updaterInstall_112.exe”,”",”Deleted”
“C:WINDOWSwsem300.dll”,”",”Deleted”
“C:WINDOWSaqadcup.exe”,”",”Deleted”
“C:WINDOWSGuqvqmm.exe”,”",”Deleted”
“C:WINDOWSXecrtyr.exe”,”",”Deleted”
“C:WINDOWSHyperLinker.exe”,”",”Deleted”
“C:WINDOWSHelper100.dll”,”",”Deleted”
“C:WINDOWSSYSTEM2ndsrch.dll”,”",”Deleted”
“C:WINDOWSSYSTEMATPartners.dll”,”",”Deleted”
“C:WINDOWSSYSTEMistinstall_adlogix.exe”,”",”Deleted”
“C:WINDOWSSYSTEMin10b6s.dll”,”",”Deleted”
“C:WINDOWSSYSTEMcdsm32.dll”,”",”Deleted”
“C:WINDOWSTEMPfEGhYef.exe”,”",”Deleted”
“C:WINDOWSTEMPoptimize.exe”,”",”Deleted”
“C:WINDOWSTEMPbdl14173.exe”,”",”Deleted”
“C:WINDOWSbundlesTvm_b5_269.exe”,”",”Deleted”
“C:WINDOWSbundles32wu54rd.exe”,”",”Deleted”
“C:WINDOWSbundlesSSK_B5.EXE”,”",”Deleted”
“C:WINDOWSbundlesshopinst.exe”,”",”Deleted”
“C:WINDOWSbundlessaie1101.exe”,”",”Deleted”
“C:WINDOWSbundlesHelperInstaller.exe”,”",”Deleted”
“C:Program FilesCommon FilesSlmssslmss.exe”,”",”Deleted”
“C:Program FilesCommon Filesupdaterdelupdat.exe”,”",”Deleted”
“C:Program FilesCommon Filesupdaterwupdater.exe”,”",”Deleted”
“C:Program FilesCommon Filesupdatersui.exe”,”",”Deleted”
“C:Program FilesWindows Media PlayerWMPLAYER.EXE”,”",”Deleted”
“C:Program FilesDiallerProgram11145.exe”,”",”Deleted”
“C:Program FilesSTCslmss.exe”,”",”Deleted”
“C:Program FilesSTCCSV5P070.exe”,”",”Deleted”
“C:Program FilesSTCs_win32.exe”,”",”Deleted”
“C:Program FilesClearSearchLoader.exe”,”",”Deleted”
“C:Program FilesInternet Optimizeroptimize.exe”,”",”Deleted”
“C:Program FilesInternet Optimizerinstall.exe”,”",”Deleted”
“C:Program FilesInternet Optimizerupdateinstall.exe”,”",”Deleted”
“C:Program FilesIncrediFindBHOIncFindBHO.dll”,”",”Deleted”

35 items deleted, 5 others identified as virus, quarantined, the archive is not movable at this time. (Manually delete later.) Details on the bugs in the next entry.

Related Posts

Blog Traffic Exchange Related Posts
  • Remove Windows Police Pro I'm seeing a lot of searches for how to remove Windows Police Pro this evening. It looks like it's ALSO the latest flavor of the minute in the rogue security application crowd (take a look at remove Green AV for another rogue). As stated before... my usual path for removing......
  • Windows Vista? OK, I'm just seeing the news that Microsoft has announced the name for the next version of Windows which has gone under the working name of Longhorn. It's going to be Windows Vista That may take some getting used to. I guess it's better than Windows View? There are some......
  • Cleaning up after WMF exploit - BHO removal Browser helper objects (BHO's) are listed in the registry and load with explorer when it runs (Internet Explorer/ File explorer are so closely tied it affects both.) I've used BHOdemon in the past to identify and disable BHO's and a tool like that is the preferred method. However, in my......
Blog Traffic Exchange Related Websites
  • Improve Vista Performance - How to Detect Registry Errors and Repair Them Your computer is a precious resource that allows you to do numerous things like store your work, communicate with friends, get the latest information, and provide you with quality entertainment. Therefore, you should ensure regular maintenance by detecting error for your computer. Without proper care and maintenance, your computer may......
  • Stop Registry Error Message - How to Fix Windows Registry Errors the Easy Way It is very annoying when your computer displays a registry error message because it really affects the performance of your system. It is not recognized to a lot of people that this is one everyday problem that computer users are experiencing every so often. The performance of the computer is......
  • Shopping at a Perfume Outlet Your local mall probably has at least one perfume outlet. You can find these stores sometimes in strip malls, kiosks and even online. But is it a good idea to shop at a perfume outlet, or are you getting an inferior product for the smaller price tag? A perfume outlet......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site