[==========] AnalyzerXP 3.7 by TL - IANAG (forum.networktechs.com) [==========]
W32i - - - - 129,536 07-23-1999 c:\windows\auhccup1.dll <-- Part of TrandMicro House call online scanner, likely to be a leftover that can be deleted.
W32i - - - - 30,720 07-15-2000 c:\windows\regtlib.exe <-- Part of MS Vidual Studio, do NOT delete it if it is installed.
Directory of C:\WINDOWS
07/17/2004 02:40 PM 19,528 002391_.tmp <-- Highly suspicious, I'd suggest you delete it.
W32i - - - - 346,112 05-12-2006 c:\windows\system32\as-ifce1.oca <-- Unknown, very suspicious!
W32i - - - - 44,032 05-12-2006 c:\windows\system32\cmdbtnx5.oca <-- Unknown, very suspicious!
W32i - - - - 83,008 09-20-2007 c:\windows\system32\gyvfbnuw.dll <-- Unknown, very suspicious!
W32i - - - - 4,096 02-05-2007
c:\windows\system32\lmmonres.dll <-- Identified Malware related file, must be removed! See this link for further info: http://spywaredlls.prevx.com/RRGHHJ3...ONRES.DLL.html
W32i - - - - 29,184 04-26-2007 c:\windows\system32\msinet.oca <-- I believe this is related to a Vundo variant, have this file scanned on virustotal.com.
W32i - - - - 46,592 01-26-2000 c:\windows\system32\prtserv.dll <-- Suspicious but SpywareData.com stated this file to be safe.
W32i - - - - 95,744 08-23-2007 c:\windows\system32\sptll.dll <-- I believe this is related to a Vundo variant, have this file scanned on virustotal.com.
W32i - - - - 153,600 03-12-2007 c:\windows\system32\ssdw3b32.oca <-- I believe this is related to a Vundo variant, have this file scanned on virustotal.com!
W32i - - - - 100,864 05-12-2006 c:\windows\system32\sstabs32.oca <-- I believe this is related to a Vundo variant, have this file scanned on virustotal.com!
W32i - - - - 131,072 01-11-2000 c:\windows\system32\stringres_en.dll <-- Suspicious but I think it might be a part of Crystal Reports application, if it is not installed then have it scanned on VirusTotal.com.
W32i - - - - 37,888 05-12-2006 c:\windows\system32\treeview.oca <-- Unknown, very suspicious!
W32i - - - - 348,160 01-21-2006 c:\windows\system32\uninstallsqlx42.exe <-- Unknown, very suspicious!
Directory of C:\
I would strongly urge the removal of all files with .tmp extension especially on a system that is experiencing malware infection.
CleanupXP+ should be able to do the job:
09/18/2007 03:16 PM 0 4.tmp
08/30/2007 10:29 AM 0 AF.tmp
08/30/2007 10:29 AM 0 B1.tmp
08/30/2007 10:29 AM 0 B6.tmp
08/30/2007 10:29 AM 0 B8.tmp
01/16/2007 11:51 PM 517,414 Backup Folder.jpg
08/30/2007 10:29 AM 0 C2.tmp
08/30/2007 10:29 AM 0 C4.tmp
08/30/2007 10:29 AM 0 CE.tmp
08/30/2007 10:29 AM 0 D0.tmp
08/30/2007 10:29 AM 0 DC.tmp
08/30/2007 10:29 AM 0 DE.tmp
08/30/2007 10:29 AM 0 EF.tmp
08/30/2007 10:29 AM 0 F1.tmp
08/30/2007 10:29 AM 0 F9.tmp
08/30/2007 10:29 AM 0 FB.tmp
03/13/2007 08:38 AM 4,775,936 EnviroCap3-13.exe <-- Unknown!
08/06/2007 02:30 PM 1,516 fgfg.sav <-- Unknown!
08/28/2007 02:18 PM 19 PccntIOT.log <-- Unknown!
04/27/2007 11:47 AM 55,296 RebateApril.xls <-- Unknown!
02/01/2007 04:50 PM 16,384 repMonthlyClaimsReport.rpt <-- Unknown, do you know if this is used by an installed applications?
02/01/2007 04:50 PM 7,833 repMonthlyClaimsReport.vb <-- Unknown, do you know if this is used by an installed applications?
guard.exe <--- This is used by AVG AV-Scanner, is that what you are using? I also noticed Avast program folder, is that still installed and used as well? Remember you should only have one Virus and one Spyware scanner actively running on the same system!!
mdm.exe <-- Do you debug applications? If not you could disable this service to free up resources and speed up your system.
AcroTray.exe <-- Another unneeded startup entry imo.
qttask.exe 2936 Console 0 2,328 K <-- Apple QuickTime related and quite unneeded.
snagit32.exe 2352 Console 0 2,640 K <-- Unnecessary resource hog to have it in startup unless you are using it all the time.
"C:\WINDOWS\SYSTEM32\"
dwwplcon.exe Sep 20 2007 75328 "dwwplcon.exe" <-- Unknown, suspicious!
wxqqluxr.exe Sep 20 2007 75328 "wxqqluxr.exe" <-- Unknown, suspicious!
"C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\"
icon.exe Aug 15 2007 32768 "icon.exe" <-- Identified Malware (a variant of RapidBlaster parasite)!
"C:\WINDOWS\Installer\{FDB883E8-C101-472C-B30E-09BBD51D44B0}\"
iconf6~1.exe Sep 21 2007 401408 "IconF61D3384.exe" <-- Very suspicious, possibly Malware related file.
"C:\Applications Development\VB NET\ServicingApp\Complete Source Code\Software\EnviroCap-Client\bin\"
enviro~1.exe Sep 20 2007 2936832 "EnviroCap.exe" <-- Unknown, suspicious if you do not know anything about it!
"C:\Applications Development\VB NET\ServicingApp\Complete Source Code\Software\EnviroCap-Client\obj\Debug\"
enviro~1.exe Sep 20 2007 2936832 "EnviroCap.exe" <-- Unknown, suspicious if you do not know anything about it!
"C:\Documents and Settings\jlassiter\Application Data\Microsoft\VisualStudio\7.1\ProjectAssemblies\ u9sgymku01\"
enviro~1.exe Sep 20 2007 2936832 "EnviroCap.exe" <-- Unknown, suspicious if you do not know anything about it!
Hope this helps you guys, good luck!
Reply With Quote