Computer Tips -Tech Info

So, AVG has been scanning away finding things we’ve really got a foothold on the system and the malware has a fight on it’s hands. It’s good to see progress. Up to this point we’ve had multiple Spool32 errors (printer related). These errors are what prompted the system to be brought in initially. There’s a lexmark system tray item that loads on boot. No time to investigate that yet. Here’s the log of the AVG antivirus scan…

“Partition table (MBR)”,”ok”,”Quick checked”
“Boot sector of disk C:”,”ok”,”Quick checked”
“System registry SoftwareMicrosoftWindows NTCurrentVersionWindowsLoad”,”",”Scanned”
“System registry SoftwareMicrosoftWindows NTCurrentVersionWindowsRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnceEx”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServices”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServicesOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnceEx”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServices”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServicesOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionWinlogonUserinit”,”",”Scanned”
“System registry SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell”,”",”Scanned”
“System registry exefileshellopencommand”,”",”Scanned”
“System registry scrfileshellopencommand”,”",”Scanned”
“System registry scrfileshellconfigcommand”,”",”Scanned”
“System registry batfileshellopencommand”,”",”Scanned”
“System registry cmdfileshellopencommand”,”",”Scanned”
“System registry comfileshellopencommand”,”",”Scanned”
“System registry piffileshellopencommand”,”",”Scanned”
“System registry giffileshellopencommand”,”",”Scanned”
“System registry htmlfileshellopencommand”,”",”Scanned”
“System registry htafileshellopencommand”,”",”Scanned”
“System registry jpegfileshellopencommand”,”",”Scanned”
“System registry txtfileshellopencommand”,”",”Scanned”
“System registry regfileshellopencommand”,”",”Scanned”
“System registry cplfileshellcplopencommand”,”",”Scanned”
“System registry Word.Document.8shellopencommand”,”",”Scanned”
“System registry WordPad.Document.1shellopencommand”,”",”Scanned”
“C:PROGRAM FILESREALREALJUKEBOXtsystray.exe”,”ok”,”Quick checked”
“C:PROGRA~1ACCESS~1WORDPAD.EXE”,”ok”,”Quick checked”
“C:PROGRA~1BMCENT~1BMLauncher.exe”,”ok”,”Quick checked”
“C:PROGRA~1ESOFTEBOARDeBoard.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgamsvr.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgcc.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgemc.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgw.exe”,”ok”,”Quick checked”
“C:PROGRA~1INTERN~1IEXPLORE.EXE”,”ok”,”Quick checked”
“C:PROGRA~1MESSEN~1msmsgs.exe”,”ok”,”Quick checked”
“C:PROGRA~1ezulammod.exe”,”ok”,”Quick checked”
“C:Program FilesCommon Filesslmssslmss.exe”,”Trojan horse SecThought.B”,”Infected”
“C:Program FilesCommon filesupdaterwupdater.exe”,”Trojan horse Downloader.Keenval.J”,”Infected”
“C:Program FilesInternet Optimizeroptimize.exe”,”Trojan horse Downloader.Dyfica.2.AC”,”Infected”
“C:Program FilesMicrosoft MoneySystemMoney Express.exe”,”ok”,”Quick checked”
“C:Program FilesMicrosoft OfficeOfficeWINWORD.EXE”,”ok”,”Quick checked”
“C:Program FilesRealRealPlayerrealplay.exe”,”ok”,”Quick checked”
“C:Progra~1ClearSearchLoader.exe”,”Trojan horse BackDoor.Ruledor.D”,”Infected”
“C:WINDOWSLOADQM.EXE”,”ok”,”Quick checked”
“C:WINDOWSNOTEPAD.EXE”,”ok”,”Quick checked”
“C:WINDOWSPCHealthSupportPCHSCHD.EXE”,”ok”,”Quick checked”
“C:WINDOWSREGEDIT.EXE”,”ok”,”Quick checked”
“C:WINDOWSRUNDLL32.EXE”,”ok”,”Quick checked”
“C:WINDOWSSCANREGW.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMLEXSTART.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMMSHTA.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMMSTASK.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMPRINTRAY.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSHELL32.DLL”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSHIMGVW.DLL”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSSDPSRV.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSYSTRAY.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMpecxlc.exe”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMstcloader.exe”,”ok”,”Quick checked”
“C:WINDOWSSystemRestoreSTATEMGR.EXE”,”ok”,”Quick checked”
“C:WINDOWSTASKMON.EXE”,”ok”,”Quick checked”
“C:WINDOWSgoidr.exe”,”ok”,”Quick checked”
“C:WINDOWSmwsvm.exe”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMkernel32.dll”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMwsock32.dll”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMuser32.dll”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMshell32.dll”,”ok”,”Quick checked”
“C:WINDOWSTemporary Internet FilesContent.IE594LN9FJFHyperLinker[1].cab:HyperLinker.exe”,”Trojan horse BackDoor.Small.14.AM”,”Infected, Embedded object”
“C:WINDOWSTemporary Internet FilesContent.IE594LN9FJFHyperLinker[1].cab”,”Trojan horse BackDoor.Small.14.AM”,”Infected, Archive”
“System registry SoftwareMicrosoftWindows NTCurrentVersionWindowsLoad”,”",”Scanned”
“System registry SoftwareMicrosoftWindows NTCurrentVersionWindowsRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnceEx”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServices”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServicesOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRun”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunOnceEx”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServices”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionRunServicesOnce”,”",”Scanned”
“System registry SoftwareMicrosoftWindowsCurrentVersionWinlogonUserinit”,”",”Scanned”
“System registry SOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell”,”",”Scanned”
“System registry exefileshellopencommand”,”",”Scanned”
“System registry scrfileshellopencommand”,”",”Scanned”
“System registry scrfileshellconfigcommand”,”",”Scanned”
“System registry batfileshellopencommand”,”",”Scanned”
“System registry cmdfileshellopencommand”,”",”Scanned”
“System registry comfileshellopencommand”,”",”Scanned”
“System registry piffileshellopencommand”,”",”Scanned”
“System registry giffileshellopencommand”,”",”Scanned”
“System registry htmlfileshellopencommand”,”",”Scanned”
“System registry htafileshellopencommand”,”",”Scanned”
“System registry jpegfileshellopencommand”,”",”Scanned”
“System registry txtfileshellopencommand”,”",”Scanned”
“System registry regfileshellopencommand”,”",”Scanned”
“System registry cplfileshellcplopencommand”,”",”Scanned”
“System registry Word.Document.8shellopencommand”,”",”Scanned”
“System registry WordPad.Document.1shellopencommand”,”",”Scanned”
“C:PROGRAM FILESREALREALJUKEBOXtsystray.exe”,”ok”,”Quick checked”
“C:PROGRA~1ACCESS~1WORDPAD.EXE”,”ok”,”Quick checked”
“C:PROGRA~1BMCENT~1BMLauncher.exe”,”ok”,”Quick checked”
“C:PROGRA~1ESOFTEBOARDeBoard.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgamsvr.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgcc.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgemc.exe”,”ok”,”Quick checked”
“C:PROGRA~1GRISOFTAVGFRE~1avgw.exe”,”ok”,”Quick checked”
“C:PROGRA~1INTERN~1IEXPLORE.EXE”,”ok”,”Quick checked”
“C:PROGRA~1MESSEN~1msmsgs.exe”,”ok”,”Quick checked”
“C:PROGRA~1ezulammod.exe”,”ok”,”Quick checked”
“C:Program FilesMicrosoft MoneySystemMoney Express.exe”,”ok”,”Quick checked”
“C:Program FilesMicrosoft OfficeOfficeWINWORD.EXE”,”ok”,”Quick checked”
“C:Program FilesRealRealPlayerrealplay.exe”,”ok”,”Quick checked”
“C:WINDOWSLOADQM.EXE”,”ok”,”Quick checked”
“C:WINDOWSNOTEPAD.EXE”,”ok”,”Quick checked”
“C:WINDOWSPCHealthSupportPCHSCHD.EXE”,”ok”,”Quick checked”
“C:WINDOWSREGEDIT.EXE”,”ok”,”Quick checked”
“C:WINDOWSRUNDLL32.EXE”,”ok”,”Quick checked”
“C:WINDOWSSCANREGW.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMLEXSTART.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMMSHTA.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMMSTASK.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMPRINTRAY.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSHELL32.DLL”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSHIMGVW.DLL”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSSDPSRV.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMSYSTRAY.EXE”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMpecxlc.exe”,”ok”,”Quick checked”
“C:WINDOWSSYSTEMstcloader.exe”,”ok”,”Quick checked”
“C:WINDOWSSystemRestoreSTATEMGR.EXE”,”ok”,”Quick checked”
“C:WINDOWSTASKMON.EXE”,”ok”,”Quick checked”
“C:WINDOWSgoidr.exe”,”ok”,”Quick checked”
“C:WINDOWSmwsvm.exe”,”ok”,”Quick checked”
“C:updaterInstall_112.exe”,”",”Deleted”
“C:WINDOWSwsem300.dll”,”",”Deleted”
“C:WINDOWSaqadcup.exe”,”",”Deleted”
“C:WINDOWSGuqvqmm.exe”,”",”Deleted”
“C:WINDOWSXecrtyr.exe”,”",”Deleted”
“C:WINDOWSHyperLinker.exe”,”",”Deleted”
“C:WINDOWSHelper100.dll”,”",”Deleted”
“C:WINDOWSSYSTEM2ndsrch.dll”,”",”Deleted”
“C:WINDOWSSYSTEMATPartners.dll”,”",”Deleted”
“C:WINDOWSSYSTEMistinstall_adlogix.exe”,”",”Deleted”
“C:WINDOWSSYSTEMin10b6s.dll”,”",”Deleted”
“C:WINDOWSSYSTEMcdsm32.dll”,”",”Deleted”
“C:WINDOWSTEMPfEGhYef.exe”,”",”Deleted”
“C:WINDOWSTEMPoptimize.exe”,”",”Deleted”
“C:WINDOWSTEMPbdl14173.exe”,”",”Deleted”
“C:WINDOWSbundlesTvm_b5_269.exe”,”",”Deleted”
“C:WINDOWSbundles32wu54rd.exe”,”",”Deleted”
“C:WINDOWSbundlesSSK_B5.EXE”,”",”Deleted”
“C:WINDOWSbundlesshopinst.exe”,”",”Deleted”
“C:WINDOWSbundlessaie1101.exe”,”",”Deleted”
“C:WINDOWSbundlesHelperInstaller.exe”,”",”Deleted”
“C:Program FilesCommon FilesSlmssslmss.exe”,”",”Deleted”
“C:Program FilesCommon Filesupdaterdelupdat.exe”,”",”Deleted”
“C:Program FilesCommon Filesupdaterwupdater.exe”,”",”Deleted”
“C:Program FilesCommon Filesupdatersui.exe”,”",”Deleted”
“C:Program FilesWindows Media PlayerWMPLAYER.EXE”,”",”Deleted”
“C:Program FilesDiallerProgram11145.exe”,”",”Deleted”
“C:Program FilesSTCslmss.exe”,”",”Deleted”
“C:Program FilesSTCCSV5P070.exe”,”",”Deleted”
“C:Program FilesSTCs_win32.exe”,”",”Deleted”
“C:Program FilesClearSearchLoader.exe”,”",”Deleted”
“C:Program FilesInternet Optimizeroptimize.exe”,”",”Deleted”
“C:Program FilesInternet Optimizerinstall.exe”,”",”Deleted”
“C:Program FilesInternet Optimizerupdateinstall.exe”,”",”Deleted”
“C:Program FilesIncrediFindBHOIncFindBHO.dll”,”",”Deleted”

35 items deleted, 5 others identified as virus, quarantined, the archive is not movable at this time. (Manually delete later.) Details on the bugs in the next entry.

Popularity: 1% [?]

   Send article as PDF   

• Disinfecting a PC… part 3 Picking up from last time... AVG was failing to install with a peculiar registry error. (Which I didn't see much reference to online.) OK, so here is another fruit of the online search (so many bugs to identify...) jawa32.exe is listed as spyware.seekseek in sarc's database. OK - let's see......
• How to Remove Antivirus 360 This should not be confused with Norton 360 which is a legitimate antivirus program (although if you need help removing Norton 360 to reinstall it or another antivirus program you may want to visit my antivirus removal tool list.) What we are talking about this time is a rogue security......
• How to Remove Data Doctor 2010 | Data Doctor 2010 Removal Guide Data Doctor 2010 is a rogue antivirus application. It will pop up warnings and claim that your system is infected with viruses or has other security problems. In reality the worst problem you have is that Data Doctor 2010 is on your system. It will further claim that it can......

• Finding the Snow for Skiing in the Spring When it comes to skiing in the spring, we need to be able to find the snow, no matter what the costs are. Before we head out to the slopes to participate in spring skiing, we are going to have to find the snow. A quick check at certain websites......
• Stop Registry Error Message - How to Fix Windows Registry Errors the Easy Way It is very annoying when your computer displays a registry error message because it really affects the performance of your system. It is not recognized to a lot of people that this is one everyday problem that computer users are experiencing every so often. The performance of the computer is......
• Funny Windows Errors - How to Fix Registry Errors in Windows Have you ever wondered why your computer sometimes encounters funny windows errors after several weeks from your purchase? Your windows operating system may behave unusually, and if you think about it this happens when you install and uninstall programs in your computer. It is also common that over time, you......

Similar Posts

• Disinfecting a PC… part 2
• Disinfecting a PC… part 1
• If the cumulitive IE patch fails to install
• C:\windows\system32\kernels64.exe not found
• Nasty regedit bug

This entry was posted on Saturday, December 17th, 2005 at 1:23 am and is filed under Computers, Security, Spyware, Tech Support, Viruses, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.