Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

magiccontrol.agent [RESOLVED]

Started by trucker , Sep 29 2005 11:33 AM

  • This topic is locked This topic is locked

#16
rambro
Posted 02 October 2005 - 07:49 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

No problem, just repeat the post again. Good Luck!!!

rambro :)
  • 0

Advertisements

#17
trucker
Posted 02 October 2005 - 08:13 AM

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
well good news and bad.. my doc page no longer opens when i boot up and the pages are loading alot faster to, but we are not done yet.. heres my log

Logfile of HijackThis v1.99.1
Scan saved at 8:57:10 AM, on 10/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/F...oad/tgctlar.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126657667375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126671046968
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://rtc3.webresp...p/TLIEFlash.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} - http://lopes.armstro...timage40803.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - http://fdl.msn.com/p.../v13/ticker.cab
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

it was still there when i scaned with PCcillin
  • 0

#18
trucker
Posted 02 October 2005 - 04:14 PM

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
hi rambo thought u may have missed my post plus ive made few changes. i have been on the phone most of the day working with microsoft the get my copy of windows to valadate. wow what a chore that was, anyway do u want a new highjack this log if so ill post it thxs for the help
  • 0

#19
rambro
Posted 02 October 2005 - 04:34 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

I've been busy with a few chores around the house. I will send you my next post soon.

rambro :)
  • 0

#20
rambro
Posted 02 October 2005 - 04:59 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

(Note 1: Don't add any new software to your computer until we have cleared the malware from your computer system.)

(Note 2: Uninstall your current version of "Ewido Security Suite", then follow the instructions below)

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

1. Prepare Ewido Security Suite for use:
  • Download the trial version of Ewido Security Suite.
  • Install the Program.
  • Click on the "update" button on the left hand side of the window.
  • Click on "Start Update".
2. When installing, under 'Additional Options' uncheck:
  • Install background guard
  • Install scan via context menu
3. You should not run the program yet so Exit the program.
4. Reboot into 'Safe mode'. To reboot in Safe mode:
  • Restart your computer and immediately begin tapping the F8 key on your keyboard.
  • If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
5. Run Ewido Security Suite:
  • Open Ewido Security Suite.
  • Click on the "scanner" button on the left hand side of the window.
  • Click on "Complete System Scan".
  • After the scan is completed, save the logfile from the scan.
6. Restart your computer normally to return to normal mode.
7. Prepare in your reply:
  • Please post a fresh HijackThis log.
  • Please post the Ewido Security Suite log.

Edited by rambro, 02 October 2005 - 05:00 PM.

  • 0

#21
trucker
Posted 02 October 2005 - 05:04 PM

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
:) no prob i got alot done today, my windows will validate now so i got that spyware program loaded and up it didnt fix it eather LOL. ill be off to bed i work from midnight till 4pm all week so i dont get much time to work on this ill ck from time to time. thxs again for your help,

ps Im learning alot here to, when this does get resovled my computer will get locked down right :tazz:
  • 0

#22
trucker
Posted 03 October 2005 - 10:51 AM

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
here they are







Logfile of HijackThis v1.99.1
Scan saved at 11:46:46 AM, on 10/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:42:20 AM, 10/3/2005
+ Report-Checksum: 9CBFA1E7

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/bridge.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/bridge.dll\\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-1409082233-602162358-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C51C0E2A-3040-4740-9C14-155758225807} -> Spyware.AdultFriendFinder : Cleaned with backup
C:\Program Files\Division\Cache\000027d3_43222d94_0005f5e1 -> TrojanDownloader.IstBar.j : Cleaned with backup
C:\WINDOWS\system32\msclock32.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__msclock32.dll -> Dialer.Generic : Cleaned with backup


::Report End
  • 0

#23
rambro
Posted 03 October 2005 - 05:05 PM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

(Note: Don't make any more major changes to your computer until we have cleared the malware from your computer system.)

(Note/Disclaimer: Hi trucker, in this next post, I would like you run another antivirus scan. When you download and install this application, it likes to install itself in a temporary folder by default, which is not a good idea. The thing is that if you ever tried to do a Disk Cleanup of your system (which is a good idea and should be done frequently) these files will be deleted and the program will not run. My instructions below, will give you a way to install this program, without it installing itself (by default) in a temporary folder which could be deleted (you probably should have the winzip application on your computer to install the application to a different directory.). See also my link on removing temporary files: http://www.tech-reci...cipes&rx_id=463. Good Luck!) :)

I would like you to download a program to your computer that will check for bad, hidden, files that the HijackThis program may not recognize.

Please create a folder on your desktop and rename it to something like "MWAV or MWAV application".

Please download the free MWAV antivirus tool from here: ftp://ftp.microworldsystems.com/download/tools/mwav.exe.

Save the downloaded "executable file" to this folder and "extract it" to this folder. Do a search for a file called mwavscan.com and double click on this file. The MWAV antivirus tool application should run.

Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window in a reply to this post.

(Note: When you run the MWAV antivirus tool scan, I do not want the log produced when pressing the view log button. When you run this application to scan your computer, you will see two panes or panels. By pressing the "view log button" it will give you the information in the top pane or panel. I want you to post the information in the bottom pane or panel. The title for the bottom pane/panel should say: Virus Log Information. Please post the information in the bottom pane/panel in a reply to this post.)

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

#24
trucker
Posted 03 October 2005 - 06:51 PM

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
i downloaded the program like u asked and ran scan but it wont copy so i can post :tazz:
  • 0

#25
rambro
Posted 04 October 2005 - 12:54 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

Run the mwav scan again. When it finishes scanning, highligt the information in the "bottom pane/panel" then on your keyboard press the following keys simultaneously: Ctrl + c. This will copy the information in the bottom pane to your clipboard. Then open up your notepad application, and paste the information from your clipboard into notepad and save the notepad file as "mwav.txt".

Or you can past the contents of the clipboard directly into your next post using the paste function or pressing the following keys on your keyboard simultaneously, Ctrl + v, from your keyboard.

rambro :)
  • 0

Advertisements

#26
trucker
Posted 04 October 2005 - 05:26 PM

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
ok here is mwav files

File C:\windows\system32\jfxsrn.exe tagged as "not-a-virus:AdWare.NaviPromo.g". Action Taken: No Action Taken.
File c:\windows\system32\jfxsrn.exe tagged as "not-a-virus:AdWare.NaviPromo.g". Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gonnasearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\bTile.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ticker13.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\ijl11.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Temp\Uninstall.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\create\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\fix\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\generateditems\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\grtphoto\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\nav\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\organize\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\share\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Sandy\Start Menu\Programs\YEmote2+\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".293". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mo". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".plf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ptn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sss". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "bridge". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Camfrog 3". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FileSpecs plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HexDump plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IrfanView". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LSP Explorer plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "McAfee Personal Firewall Plus". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Messenger-Control plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "OE/W Messengerctrl plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Port Magic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q819696". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QCDrivers". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RelevantKnowledge". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spyware Doctor_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Super Bounce Out! ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TWC_RoadRunnerMedic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tweak-SE plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ultra GIF Optimizer_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "VCatch Antivirus Basic Version". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ViewpointMediaPlayer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WeatherCast". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangent CDA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinASO Registry Optimizer_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SR 2.0". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WSEM Update". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ZoneAlarm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0496D9E8-224B-4AFA-8F37-23B98D52F1EB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4CFD624C-B66C-42AA-A47E-21A78D91E06C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600133}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-0000-0000-6028747ADE01}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000603}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C1008475-75B2-4475-B98C-51FAE8B62960}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12B127F7-CC36-4A39-A334-AA39689155CE}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1A6ECAFD-C332-455E-9E25-F3BD3E5CFD23}" refers to invalid object "C:\WINDOWS\system32\dhtmlexe.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E588056-8F3C-4D2F-AA2A-32AA506F6E29}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32686C65-B40D-4899-B309-D93839D506FD}" refers to invalid object "c:\program files\mcafee.com\agent\mcagntps.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3977A455-CE38-4833-9A3A-BB25AF0B956B}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C6220AF-5B45-496A-8732-8600080F16E6}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4692316D-32E1-4A48-A3E7-548EDE1056E3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A63D47D-1BA2-48ff-9955-31207899BE01}" refers to invalid object "c:\program files\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5C18A3FF-943E-4B0D-BB7D-03A71F395452}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E644C49-F8B0-4E9A-A2ED-5F176BB18CE6}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{638AF6A2-81A1-4655-9FFA-9FC09CDE22CF}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{69BBAA97-9670-4CAE-AC8A-9E1EBC611EF7}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6A105DB4-ABB0-4283-ACE4-3FABBC97A93D}" refers to invalid object "C:\WINDOWS\DOWNLO~1\PESTSC~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6FD29935-2FAE-4841-A248-271E51FC9DD5}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7FAB24D9-F81A-49A3-A0E9-A3198DEDF454}" refers to invalid object "C:\Program Files\Spyware Doctor\chilkatxml.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84A98986-C07C-4DF5-85DD-A077188B547D}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85AB3A9D-0165-4EF1-8C62-5C0F29359022}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\5,1,0,1\mcsubmgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9ECF572B-8638-4FEB-BBAC-D6A9631B4D98}" refers to invalid object "c:\program files\mcafee.com\agent\mcscindx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1629739-6AE2-49f5-9A40-7FBD9CF5148F}" refers to invalid object "c:\program files\mcafee.com\agent\mcregwiz.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1C60BE8-91C4-4777-B0DB-414C3D304C6F}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A30C94ED-ED1D-4cd9-931B-032481FED884}" refers to invalid object "c:\program files\mcafee.com\agent\mcaping.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A5317EC0-195A-4591-8E4C-0714ECF758D5}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B847BFAB-BC38-4267-A3E5-E370DF1B333C}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA7E107E-0A82-449E-A465-58A5CA137381}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C3A036FA-DA7D-45e2-AE16-6CADAAE5D75E}" refers to invalid object "C:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C29-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C30-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C35-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C37-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C3C-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C42-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7E39D60-7A9F-42bf-ABB1-03DC0FA4F493}" refers to invalid object "c:\program files\mcafee.com\agent\mcagent.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CE2E4226-494A-4DB2-9B45-7C8586CC01A3}" refers to invalid object "C:\Program Files\Spyware Doctor\chilkatxml.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D4BBE4C0-BD72-4A33-817C-2E7E16DE20BC}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\Y! Daze Multi-Killer\Y! Daze Multi-Killer\KEWLBUTTONZ.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DA89F53D-ED3E-4451-8A90-0C20533571E4}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DA979D02-E584-11D4-8997-00104BD12D94}" refers to invalid object "C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E4285C2E-42AF-4C1C-BFAD-8236FDE2D7D3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FC510F57-82FF-407B-BFF8-81439039AB60}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00025E04-0000-0000-C000-000000000046}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{002E7DA2-BA9E-11D1-B526-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{02926246-D3D1-11D1-B545-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{04247F4D-8231-4800-BD49-DCED83D97187}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{07728B40-6223-11D2-BA57-00002149093D}" refers to invalid object "C:\WINDOWS\system32\FMjr10.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0F2E79A8-2DC4-4364-9BC1-205ACEDE24E5}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{101F9C56-A0F3-455C-ABBB-191168ABCF94}" refers to invalid object "C:\Program Files\Spyware Doctor\chilkatxml.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{106A28CF-5DEF-4E37-913F-EB12C0443138}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{15DC5743-EE5E-43F8-8DA8-70FA2922E3CD}" refers to invalid object "C:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1842B0E1-B597-11D4-8997-00104BD12D94}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1D57FBB7-F5AE-4FDC-BB82-C4F5AF6C3A1A}" refers to invalid object "c:\program files\mcafee.com\agent\mcscindx.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{232E6276-81A8-4C5D-8B2F-D64E3FE453DB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{37C16012-B50F-11D1-B513-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{390CE9E4-C4A0-11D4-8A92-0090271D4F88}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3933DE41-3551-11D3-AB53-00A0C976D016}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3A78B247-8014-4A8B-A9B6-9A2C5F13FFEB}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\5,1,0,1\mcsubmgr.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{41695A81-6414-11D4-8FB3-00D0B7730277}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4C78B9E2-A887-11D1-B4FF-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5734474E-78D3-4254-99B9-C35F31BDF509}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5C8D7912-D5D2-4349-A29B-85AC9E21CB7F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{60614412-BCD8-11D1-BC03-00600811C705}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{643D8E15-B1F9-11D1-B50C-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6AE4CC61-999C-11D4-A3F0-009027427750}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6C0EE8FF-EEF2-4C9B-B0F5-EE66D952333B}" refers to invalid object "C:\WINDOWS\system32\dhtmlexe.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6C68A7F7-6C82-11D2-BD50-E05AD2000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{71AD9F15-B2E1-11D1-B50F-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7888C00A-4808-4D27-9AAE-BD36EC13D16F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{873EFD18-33BC-4E25-921F-EBD42EB51126}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{87FE4C63-7D87-11D2-BE60-00A0244D2D22}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{88766EC6-85C8-11D2-BD77-C2F309000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8EB797D7-898E-4905-A603-8D1D3110C0A4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{94D5E680-1307-11D1-B3BE-0020AF29A31E}" refers to invalid object "C:\WINDOWS\system32\ClassX.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{96039CF0-551B-48DC-9DC4-1D5D1E4AF98E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9B6D7F53-1CA0-4C4F-8BF1-3B6CA8DEEE65}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A5B5B867-9AD1-11D2-BD90-36C435000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A73B6F3D-FD35-4992-AB4B-4AD729BB20E7}" refers to invalid object "c:\program files\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B09FA593-2436-42F2-8A31-E5B4F6B25027}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B69F2A95-E470-11D3-AFA3-525400DB7692}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C1A8AF28-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C1AD690C-829F-4862-9CA2-61B9A6A815E4}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C2FCEF41-ACE9-11D3-BEBD-00105AA9B6AE}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C5743C1F-5CAB-11D6-82C2-000021B74250}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CA18B45F-D4AC-44FC-8C2C-E8414D1AC05B}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CB1BE982-5655-11D4-84EE-005004616739}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D18BBD1F-82BB-4385-BED3-E9D31A3E361E}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\Y! Daze Multi-Killer\Y! Daze Multi-Killer\KEWLBUTTONZ.OCX". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E0442353-D633-434D-AD65-A06DF666781D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E08DB627-C5D3-42B8-9F5E-99E0388D9F82}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E0FE2A4A-7831-4BD9-A9BB-DA233BEC8B18}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3723B86-AED0-11D1-A61E-00805F4905DE}" refers to invalid object "???????????????BH". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3BDB1C2-49AA-11D2-B96B-00A0243D54A2}" refers to invalid object "C:\WINDOWS\system32\PrtCtl30.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E9905F20-8417-11D2-B364-00805FCD3EFB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FD0AE520-61C2-11D2-B980-00805FCDA1A3}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FD0AE535-61C2-11D2-B980-00805FCDA1A3}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\ZAMailSafe\shell\open\command" refers to invalid object ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" -warning "%1"". Action Taken: No Action Taken.
File C:\WINDOWS\system32\__delete_on_reboot__msclock32.dll tagged as "not-a-virus:[bleep]-Dialer.Win32.AsianRaw.bi". Action Taken: No Action Taken.


now hjt files

Logfile of HijackThis v1.99.1
Scan saved at 6:18:10 PM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe

Edited by rambro, 05 October 2005 - 06:51 AM.

  • 0

#27
rambro
Posted 05 October 2005 - 07:28 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
**************************

1) Please download the Killbox. Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) In the main screen of Pocket KillBox, go to Tools in the top menu bar, and select: Delete Temp Files.

5) Select "Delete on Reboot".

6) Copy the file names below to the clipboard by highlighting them and pressing Control-C:


C:\windows\system32\jfxsrn.exe
C:\WINDOWS\system32\__delete_on_reboot__msclock32.dll


7) Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Now you will see, this is pasted in the "Full Path of File to Delete" field. There's a little arrow (dropdown-arrow) next to that field. If you expand it, these lines must be there together!

8) Click the red-and-white "Delete File" button.
Click "Ok" at the Delete on Reboot prompt.
Click "Ok" at the Reboot needed prompt.

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps. :)

Dear trucker, are you still having "magiccontrol.agent" problems? If you are having "magiccontrol.agent" problems, let me know in detail what is the problem. :)

Edited by rambro, 05 October 2005 - 07:35 AM.

  • 0

#28
trucker
Posted 05 October 2005 - 08:38 AM

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
ok when i drop down to ck if both items are there this 1 isnt

C:\WINDOWS\system32\__delete_on_reboot__msclock32.dll

so i aborted and came to post
  • 0

#29
rambro
Posted 05 October 2005 - 09:52 AM

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

Ok, just go through the post again, highlight both files and copy them to the clipboard (i.e Contro + c) then follow the rest of the instructions and then post a new HijackThis log, along with the log from the MWAV antivirus tool application. Don't worry to much about looking for the files in the drop down box (but both files should be there).

rambro :)
  • 0

#30
trucker
Posted 05 October 2005 - 11:42 AM

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
ok heres the new log.... i highlighted both files but only 1 showed up. and after reboot magiccontrol still shows up


Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gonnasearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\bTile.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ticker13.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\ijl11.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Temp\Uninstall.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\create\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\fix\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\generateditems\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\grtphoto\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\nav\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\organize\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\share\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Sandy\Start Menu\Programs\YEmote2+\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".293". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mo". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".plf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ptn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sss". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "bridge". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Camfrog 3". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FileSpecs plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HexDump plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IrfanView". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LSP Explorer plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "McAfee Personal Firewall Plus". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Messenger-Control plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "OE/W Messengerctrl plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Port Magic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q819696". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QCDrivers". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RelevantKnowledge". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spyware Doctor_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Super Bounce Out! ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TWC_RoadRunnerMedic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tweak-SE plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ultra GIF Optimizer_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "VCatch Antivirus Basic Version". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ViewpointMediaPlayer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WeatherCast". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangent CDA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinASO Registry Optimizer_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SR 2.0". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WSEM Update". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ZoneAlarm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0496D9E8-224B-4AFA-8F37-23B98D52F1EB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4CFD624C-B66C-42AA-A47E-21A78D91E06C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600133}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-0000-0000-6028747ADE01}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000603}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C1008475-75B2-4475-B98C-51FAE8B62960}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12B127F7-CC36-4A39-A334-AA39689155CE}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1A6ECAFD-C332-455E-9E25-F3BD3E5CFD23}" refers to invalid object "C:\WINDOWS\system32\dhtmlexe.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E588056-8F3C-4D2F-AA2A-32AA506F6E29}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32686C65-B40D-4899-B309-D93839D506FD}" refers to invalid object "c:\program files\mcafee.com\agent\mcagntps.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3977A455-CE38-4833-9A3A-BB25AF0B956B}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C6220AF-5B45-496A-8732-8600080F16E6}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4692316D-32E1-4A48-A3E7-548EDE1056E3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A63D47D-1BA2-48ff-9955-31207899BE01}" refers to invalid object "c:\program files\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5C18A3FF-943E-4B0D-BB7D-03A71F395452}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E644C49-F8B0-4E9A-A2ED-5F176BB18CE6}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{638AF6A2-81A1-4655-9FFA-9FC09CDE22CF}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{69BBAA97-9670-4CAE-AC8A-9E1EBC611EF7}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6A105DB4-ABB0-4283-ACE4-3FABBC97A93D}" refers to invalid object "C:\WINDOWS\DOWNLO~1\PESTSC~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6FD29935-2FAE-4841-A248-271E51FC9DD5}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7FAB24D9-F81A-49A3-A0E9-A3198DEDF454}" refers to invalid object "C:\Program Files\Spyware Doctor\chilkatxml.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84A98986-C07C-4DF5-85DD-A077188B547D}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85AB3A9D-0165-4EF1-8C62-5C0F29359022}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\5,1,0,1\mcsubmgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9ECF572B-8638-4FEB-BBAC-D6A9631B4D98}" refers to invalid object "c:\program files\mcafee.com\agent\mcscindx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1629739-6AE2-49f5-9A40-7FBD9CF5148F}" refers to invalid object "c:\program files\mcafee.com\agent\mcregwiz.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1C60BE8-91C4-4777-B0DB-414C3D304C6F}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A30C94ED-ED1D-4cd9-931B-032481FED884}" refers to invalid object "c:\program files\mcafee.com\agent\mcaping.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A5317EC0-195A-4591-8E4C-0714ECF758D5}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B847BFAB-BC38-4267-A3E5-E370DF1B333C}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA7E107E-0A82-449E-A465-58A5CA137381}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C3A036FA-DA7D-45e2-AE16-6CADAAE5D75E}" refers to invalid object "C:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C29-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C30-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C35-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C37-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C3C-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C42-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7E39D60-7A9F-42bf-ABB1-03DC0FA4F493}" refers to invalid object "c:\program files\mcafee.com\agent\mcagent.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CE2E4226-494A-4DB2-9B45-7C8586CC01A3}" refers to invalid object "C:\Program Files\Spyware Doctor\chilkatxml.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D4BBE4C0-BD72-4A33-817C-2E7E16DE20BC}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\Y! Daze Multi-Killer\Y! Daze Multi-Killer\KEWLBUTTONZ.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DA89F53D-ED3E-4451-8A90-0C20533571E4}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DA979D02-E584-11D4-8997-00104BD12D94}" refers to invalid object "C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E4285C2E-42AF-4C1C-BFAD-8236FDE2D7D3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FC510F57-82FF-407B-BFF8-81439039AB60}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00025E04-0000-0000-C000-000000000046}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{002E7DA2-BA9E-11D1-B526-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{02926246-D3D1-11D1-B545-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{04247F4D-8231-4800-BD49-DCED83D97187}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{07728B40-6223-11D2-BA57-00002149093D}" refers to invalid object "C:\WINDOWS\system32\FMjr10.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0F2E79A8-2DC4-4364-9BC1-205ACEDE24E5}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{101F9C56-A0F3-455C-ABBB-191168ABCF94}" refers to invalid object "C:\Program Files\Spyware Doctor\chilkatxml.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{106A28CF-5DEF-4E37-913F-EB12C0443138}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{15DC5743-EE5E-43F8-8DA8-70FA2922E3CD}" refers to invalid object "C:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1842B0E1-B597-11D4-8997-00104BD12D94}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1D57FBB7-F5AE-4FDC-BB82-C4F5AF6C3A1A}" refers to invalid object "c:\program files\mcafee.com\agent\mcscindx.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{232E6276-81A8-4C5D-8B2F-D64E3FE453DB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{37C16012-B50F-11D1-B513-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{390CE9E4-C4A0-11D4-8A92-0090271D4F88}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3933DE41-3551-11D3-AB53-00A0C976D016}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3A78B247-8014-4A8B-A9B6-9A2C5F13FFEB}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\5,1,0,1\mcsubmgr.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{41695A81-6414-11D4-8FB3-00D0B7730277}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4C78B9E2-A887-11D1-B4FF-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5734474E-78D3-4254-99B9-C35F31BDF509}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5C8D7912-D5D2-4349-A29B-85AC9E21CB7F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{60614412-BCD8-11D1-BC03-00600811C705}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{643D8E15-B1F9-11D1-B50C-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6AE4CC61-999C-11D4-A3F0-009027427750}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6C0EE8FF-EEF2-4C9B-B0F5-EE66D952333B}" refers to invalid object "C:\WINDOWS\system32\dhtmlexe.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6C68A7F7-6C82-11D2-BD50-E05AD2000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{71AD9F15-B2E1-11D1-B50F-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7888C00A-4808-4D27-9AAE-BD36EC13D16F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{873EFD18-33BC-4E25-921F-EBD42EB51126}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{87FE4C63-7D87-11D2-BE60-00A0244D2D22}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{88766EC6-85C8-11D2-BD77-C2F309000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8EB797D7-898E-4905-A603-8D1D3110C0A4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{94D5E680-1307-11D1-B3BE-0020AF29A31E}" refers to invalid object "C:\WINDOWS\system32\ClassX.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{96039CF0-551B-48DC-9DC4-1D5D1E4AF98E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9B6D7F53-1CA0-4C4F-8BF1-3B6CA8DEEE65}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A5B5B867-9AD1-11D2-BD90-36C435000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A73B6F3D-FD35-4992-AB4B-4AD729BB20E7}" refers to invalid object "c:\program files\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B09FA593-2436-42F2-8A31-E5B4F6B25027}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B69F2A95-E470-11D3-AFA3-525400DB7692}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C1A8AF28-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C1AD690C-829F-4862-9CA2-61B9A6A815E4}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C2FCEF41-ACE9-11D3-BEBD-00105AA9B6AE}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C5743C1F-5CAB-11D6-82C2-000021B74250}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CA18B45F-D4AC-44FC-8C2C-E8414D1AC05B}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CB1BE982-5655-11D4-84EE-005004616739}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D18BBD1F-82BB-4385-BED3-E9D31A3E361E}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\Y! Daze Multi-Killer\Y! Daze Multi-Killer\KEWLBUTTONZ.OCX". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E0442353-D633-434D-AD65-A06DF666781D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E08DB627-C5D3-42B8-9F5E-99E0388D9F82}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E0FE2A4A-7831-4BD9-A9BB-DA233BEC8B18}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3723B86-AED0-11D1-A61E-00805F4905DE}" refers to invalid object "???????????????BH". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3BDB1C2-49AA-11D2-B96B-00A0243D54A2}" refers to invalid object "C:\WINDOWS\system32\PrtCtl30.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E9905F20-8417-11D2-B364-00805FCD3EFB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FD0AE520-61C2-11D2-B980-00805FCDA1A3}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FD0AE535-61C2-11D2-B980-00805FCDA1A3}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\ZAMailSafe\shell\open\command" refers to invalid object ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" -warning "%1"". Action Taken: No Action Taken.
File C:\WINDOWS\system32\msclock32.dll tagged as "not-a-virus:[bleep]-Dialer.Win32.AsianRaw.bi". Action Taken: No Action Taken.


Logfile of HijackThis v1.99.1
Scan saved at 12:35:40 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [jfxsrn] c:\windows\system32\jfxsrn.exe -start
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP