Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

magiccontrol.agent [RESOLVED]


  • This topic is locked This topic is locked

#31
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

(Note 1: Please read through this post a couple of times before executing the following steps.)

(Note 2: This post will try to deal with the magiccontrol spyware on your computer. See the following link as a reference: http://www.kephyr.co...rol/index.phtml. )

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Click Start then Control Panel then Add and Remove Programs. Look for the following installed program/programs and if they are listed click on each one and then click on the Remove or Change button and if asked select "Yes" or "Ok" to remove:

mc and/or wintrim and/or navpmc and/or wincomp

Restart your computer.
**************************

Dear trucker, I would like you to edit your "registry settings", but before you do that, I want you to make a back up copy of your "registry" in case something goes wrong. Here is how this is done:

Back up your current registry

1) Click on the Start button.

2) From the menu that appears, choose Run.

3) In the window that appears, there is a text area labeled Open. In that area, type "regedit" (without the quotation marks").

4) Click the OK button (or hit the Enter or Return key on your keyboard).

5) The Registry Editor window should open.

6) If My Computer is not highlighted, click on it once so that it is highlighted.

7) On the menu bar, click on Registry and then click on Export Registry File.

8) The Export Registry File window will appear. In the Save In drop-down box at the top, choose Desktop.

9) In the File Name box at the bottom, type "backup" (without the quotation marks), then click the Save button.

10) A backup copy of the entire registry will now be saved to your desktop in case something goes wrong.

Notes:
  • To restore the registry from the backup file you made, follow the same steps as above, but in step 2 choose Import Registry File instead of Export Registry File. Or, alternatively, you could double-click on the backup file on the desktop and answer Yes when it asks if you want to import the information into the registry.
  • Once you've made changes to the registry and you are sure that you no longer need the backup file you made, simply delete it from the desktop.
See the following link: http://helpdesk.umd....ndows_2000/555/. Pay attention to the following sections: Starting the Registry Editor and Backing Up the Registry.
**************************

Edit your registry

Please run Notepad and paste the following text into a new file:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cpntmgc"=-
"MC"=-
"mslagent"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cpntmgc"=-
"MC"=-
"mslagent"=-


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".

Please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.
******************************

Delete the following folder/folders marked in blue (if they exist):

C:\Windows\mc
C:\Windows\wintrim
C:\Windows\wincomp
C:\Windows\winmgts
C:\Windows\navpmc

Restart your computer and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

Advertisements


#32
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
was i to do any of this from safe mode
  • 0

#33
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

no.

Edited by rambro, 05 October 2005 - 03:10 PM.

  • 0

#34
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
good


Logfile of HijackThis v1.99.1
Scan saved at 4:11:23 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [jfxsrn] c:\windows\system32\jfxsrn.exe -start
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

its still there but i have a ?? should i search for thos last files in reg or do a search from start
  • 0

#35
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker,

Are you sure you followed the instructions correctly? If you are talking about those folders marked in blue, use the windows search feature and delete the folders marked in blue.

Also, when you create that fix.reg file copy the information in the quote box. Read through the instructions again and if you have to, repeat the previous post.

rambro :tazz:
  • 0

#36
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
i think i got it right till the search part im doing that now... it merged ok with reg files so i think im ok on that, i am a trucker and i dont get lost often LOL ill repost hjt log after its done searching... i did see a popup as i rebooted that has never been there b4 couldnt tell what it said it was gone to fast just as the computer shut down
  • 0

#37
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

So what is the status of your computer?

rambro :)
  • 0

#38
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
**************************

1) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

2) Once in Safe Mode, please run Killbox.

3) In the main screen of Pocket KillBox, go to Tools in the top menu bar, and select: Delete Temp Files.

4) Select "Delete on Reboot".

5) Copy the file name below to the clipboard by highlighting it and pressing Control-C:

C:\WINDOWS\system32\msclock32.dll

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard". Now you will see, this is pasted in the "Full Path of File to Delete" field.

7) Click the red-and-white "Delete File" button.
Click "Ok" at the Delete on Reboot prompt.
Click "Ok" at the Reboot needed prompt.

Please restart your computer and then post a new HijackThis log, along with the log from the MWAV antivirus tool application.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

#39
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
good u r still on it wont let me search for C:\Windows\wincomp
it shuts down this computer on every try il try your last post now thaxs


here my logs

Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "lop.com Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "gonnasearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\bTile.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\bridge.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ticker13.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\ijl11.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Temp\Uninstall.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\create\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\fix\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\generateditems\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\grtphoto\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\nav\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\organize\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\getting_started\quick_guide\share\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Sandy\Start Menu\Programs\YEmote2+\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security\Norton AntiVirus\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton Internet Security\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".293". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mo". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".plf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prx". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ptn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sss". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Toolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "bridge". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Camfrog 3". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "FileSpecs plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HexDump plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IrfanView". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB810243". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB817778". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820291". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821253". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826939". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826942". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833998". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837272". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LSP Explorer plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "McAfee Personal Firewall Plus". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Messenger-Control plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "OE/W Messengerctrl plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Port Magic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q322011". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q819696". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QCDrivers". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "RelevantKnowledge". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Spyware Doctor_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Super Bounce Out! ". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TWC_RoadRunnerMedic". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Tweak-SE plug-in for Ad-Aware SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Ultra GIF Optimizer_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "VCatch Antivirus Basic Version". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ViewpointMediaPlayer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WeatherCast". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WildTangent CDA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinASO Registry Optimizer_is1". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SR 2.0". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WSEM Update". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ZoneAlarm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0496D9E8-224B-4AFA-8F37-23B98D52F1EB}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{11B569C2-4BF6-4ED0-9D17-A4273943CB24}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4CFD624C-B66C-42AA-A47E-21A78D91E06C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600133}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600137}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{ABEB838C-A1A7-4C5D-B7E1-8B4314600205}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-0000-0000-6028747ADE01}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000603}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-A00000000001}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C1008475-75B2-4475-B98C-51FAE8B62960}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{12B127F7-CC36-4A39-A334-AA39689155CE}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1A6ECAFD-C332-455E-9E25-F3BD3E5CFD23}" refers to invalid object "C:\WINDOWS\system32\dhtmlexe.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E588056-8F3C-4D2F-AA2A-32AA506F6E29}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32686C65-B40D-4899-B309-D93839D506FD}" refers to invalid object "c:\program files\mcafee.com\agent\mcagntps.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3977A455-CE38-4833-9A3A-BB25AF0B956B}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C6220AF-5B45-496A-8732-8600080F16E6}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4692316D-32E1-4A48-A3E7-548EDE1056E3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C6EEFB0-FEE6-4B58-8B8E-759A600E5CB1}" refers to invalid object "C:\Program Files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PhotoshopAlbum.exe -deviceConnect". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A63D47D-1BA2-48ff-9955-31207899BE01}" refers to invalid object "c:\program files\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5C18A3FF-943E-4B0D-BB7D-03A71F395452}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5E644C49-F8B0-4E9A-A2ED-5F176BB18CE6}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{638AF6A2-81A1-4655-9FFA-9FC09CDE22CF}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{69BBAA97-9670-4CAE-AC8A-9E1EBC611EF7}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6A105DB4-ABB0-4283-ACE4-3FABBC97A93D}" refers to invalid object "C:\WINDOWS\DOWNLO~1\PESTSC~1.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6FD29935-2FAE-4841-A248-271E51FC9DD5}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7FAB24D9-F81A-49A3-A0E9-A3198DEDF454}" refers to invalid object "C:\Program Files\Spyware Doctor\chilkatxml.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84A98986-C07C-4DF5-85DD-A077188B547D}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85AB3A9D-0165-4EF1-8C62-5C0F29359022}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\5,1,0,1\mcsubmgr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9ECF572B-8638-4FEB-BBAC-D6A9631B4D98}" refers to invalid object "c:\program files\mcafee.com\agent\mcscindx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1629739-6AE2-49f5-9A40-7FBD9CF5148F}" refers to invalid object "c:\program files\mcafee.com\agent\mcregwiz.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A1C60BE8-91C4-4777-B0DB-414C3D304C6F}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A30C94ED-ED1D-4cd9-931B-032481FED884}" refers to invalid object "c:\program files\mcafee.com\agent\mcaping.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A5317EC0-195A-4591-8E4C-0714ECF758D5}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B847BFAB-BC38-4267-A3E5-E370DF1B333C}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA7E107E-0A82-449E-A465-58A5CA137381}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C3A036FA-DA7D-45e2-AE16-6CADAAE5D75E}" refers to invalid object "C:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C29-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C30-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C35-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C37-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C3C-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C5743C42-5CAB-11D6-82C2-000021B74250}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\++RUSHV3++\++RUSHV3++\vbskpro.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C7E39D60-7A9F-42bf-ABB1-03DC0FA4F493}" refers to invalid object "c:\program files\mcafee.com\agent\mcagent.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CE2E4226-494A-4DB2-9B45-7C8586CC01A3}" refers to invalid object "C:\Program Files\Spyware Doctor\chilkatxml.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D4BBE4C0-BD72-4A33-817C-2E7E16DE20BC}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\Y! Daze Multi-Killer\Y! Daze Multi-Killer\KEWLBUTTONZ.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DA89F53D-ED3E-4451-8A90-0C20533571E4}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DA979D02-E584-11D4-8997-00104BD12D94}" refers to invalid object "C:\WINDOWS\DOWNLO~1\PCPITS~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E4285C2E-42AF-4C1C-BFAD-8236FDE2D7D3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FC510F57-82FF-407B-BFF8-81439039AB60}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00025E04-0000-0000-C000-000000000046}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{002E7DA2-BA9E-11D1-B526-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{02926246-D3D1-11D1-B545-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{04247F4D-8231-4800-BD49-DCED83D97187}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ppctl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{07728B40-6223-11D2-BA57-00002149093D}" refers to invalid object "C:\WINDOWS\system32\FMjr10.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0F2E79A8-2DC4-4364-9BC1-205ACEDE24E5}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{101F9C56-A0F3-455C-ABBB-191168ABCF94}" refers to invalid object "C:\Program Files\Spyware Doctor\chilkatxml.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{106A28CF-5DEF-4E37-913F-EB12C0443138}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{15DC5743-EE5E-43F8-8DA8-70FA2922E3CD}" refers to invalid object "C:\PROGRA~1\mcafee.com\agent\mcupdmgr.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1842B0E1-B597-11D4-8997-00104BD12D94}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1D57FBB7-F5AE-4FDC-BB82-C4F5AF6C3A1A}" refers to invalid object "c:\program files\mcafee.com\agent\mcscindx.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{232E6276-81A8-4C5D-8B2F-D64E3FE453DB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{37C16012-B50F-11D1-B513-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{390CE9E4-C4A0-11D4-8A92-0090271D4F88}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3933DE41-3551-11D3-AB53-00A0C976D016}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3A78B247-8014-4A8B-A9B6-9A2C5F13FFEB}" refers to invalid object "c:\program files\mcafee.com\agent\submgr\5,1,0,1\mcsubmgr.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{41695A81-6414-11D4-8FB3-00D0B7730277}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4C78B9E2-A887-11D1-B4FF-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5734474E-78D3-4254-99B9-C35F31BDF509}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5C8D7912-D5D2-4349-A29B-85AC9E21CB7F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{60614412-BCD8-11D1-BC03-00600811C705}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{643D8E15-B1F9-11D1-B50C-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6AE4CC61-999C-11D4-A3F0-009027427750}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6C0EE8FF-EEF2-4C9B-B0F5-EE66D952333B}" refers to invalid object "C:\WINDOWS\system32\dhtmlexe.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{6C68A7F7-6C82-11D2-BD50-E05AD2000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{71AD9F15-B2E1-11D1-B50F-0060085C418E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7888C00A-4808-4D27-9AAE-BD36EC13D16F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{873EFD18-33BC-4E25-921F-EBD42EB51126}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{87FE4C63-7D87-11D2-BE60-00A0244D2D22}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{88766EC6-85C8-11D2-BD77-C2F309000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8EB797D7-898E-4905-A603-8D1D3110C0A4}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{94D5E680-1307-11D1-B3BE-0020AF29A31E}" refers to invalid object "C:\WINDOWS\system32\ClassX.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{96039CF0-551B-48DC-9DC4-1D5D1E4AF98E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9B6D7F53-1CA0-4C4F-8BF1-3B6CA8DEEE65}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A5B5B867-9AD1-11D2-BD90-36C435000000}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A73B6F3D-FD35-4992-AB4B-4AD729BB20E7}" refers to invalid object "c:\program files\mcafee.com\shared\mcinfo.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B09FA593-2436-42F2-8A31-E5B4F6B25027}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B69F2A95-E470-11D3-AFA3-525400DB7692}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C1A8AF28-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C1AD690C-829F-4862-9CA2-61B9A6A815E4}" refers to invalid object "C:\WINDOWS\system32\TWNPRO3.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C2FCEF41-ACE9-11D3-BEBD-00105AA9B6AE}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C5743C1F-5CAB-11D6-82C2-000021B74250}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CA18B45F-D4AC-44FC-8C2C-E8414D1AC05B}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CB1BE982-5655-11D4-84EE-005004616739}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D18BBD1F-82BB-4385-BED3-E9D31A3E361E}" refers to invalid object "C:\Documents and Settings\Sandy\Desktop\Unused Desktop Shortcuts\booters\Y! Daze Multi-Killer\Y! Daze Multi-Killer\KEWLBUTTONZ.OCX". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E0442353-D633-434D-AD65-A06DF666781D}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E08DB627-C5D3-42B8-9F5E-99E0388D9F82}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E0FE2A4A-7831-4BD9-A9BB-DA233BEC8B18}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3723B86-AED0-11D1-A61E-00805F4905DE}" refers to invalid object "???????????????BH". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3BDB1C2-49AA-11D2-B96B-00A0243D54A2}" refers to invalid object "C:\WINDOWS\system32\PrtCtl30.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E9905F20-8417-11D2-B364-00805FCD3EFB}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FD0AE520-61C2-11D2-B980-00805FCDA1A3}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FD0AE535-61C2-11D2-B980-00805FCDA1A3}" refers to invalid object "blank". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.EBankProblem" refers to invalid object "{AE612304-E8F9-45D9-A444-32409D33E954}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.QuarantinedItemProxy" refers to invalid object "{C2CE6266-0404-4C54-96B4-8829852E3537}". Action Taken: No Action Taken.
Entry "HKCR\SpyDoctor.ScripterProxy" refers to invalid object "{9FEF02F5-B3B8-4D7B-8939-72A1C989D1B9}". Action Taken: No Action Taken.
Entry "HKCR\ZAMailSafe\shell\open\command" refers to invalid object ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" -warning "%1"". Action Taken: No Action Taken.


Logfile of HijackThis v1.99.1
Scan saved at 9:27:42 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\notepad.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [jfxsrn] c:\windows\system32\jfxsrn.exe -start
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Edited by trucker, 05 October 2005 - 08:29 PM.

  • 0

#40
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

You may want to print out these instructions or save them as a text file with "Notepad" to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
******************************

Please restart your computer.

Run HijackThis and click "Scan." Place checks next to the following entry/entries (if they exist):

O4 - HKLM\..\Run: [jfxsrn] c:\windows\system32\jfxsrn.exe -start

Close all browser and other windows except for HijackThis, and click "Fix Checked" button to finish the repair. Close the HijackThis application.

Please reboot your computer into Safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). For additional help in booting into Safe Mode, see the following site: http://www.pchell.co.../safemode.shtml

Next, make sure your PC is configured to show hidden files. Here is how to do this:

Windows XP

* Click "Start".
* Open "My Computer".
* Select the "Tools" menu and click "Folder Options".
* Select the "View" Tab.
* Under the "Hidden files and folders" heading select "Show hidden files and folders".
* Make sure "Hide extensions for known file types" is unchecked
* Uncheck the "Hide protected operating system files (recommended)" option.
* Click "Yes" to confirm.
* Click "OK".

Here is a link for further explanation: http://www.xtra.co.n...1916458,00.html

Delete the following file/files marked in blue (if they exist):

c:\windows\system32\jfxsrn.exe

Finally, clean out temporary and Temporary Internet files. Go to Start -> Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin

Restart your computer in normal mode, and then please post a new HijackThis log.

In addition, let me know in detail how your computer system is running after performing the above steps. :)
  • 0

Advertisements


#41
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
jfxsrn.exe this is in my programs should i delete it from there?
  • 0

#42
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

Can you explain in more detail, I don't understand what you mean.

rambro :)
  • 0

#43
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
on my add and remove list i deleted it but got an a masage saying it had been deleted already did i want to remove it from that list. so i did i did a search in safe mode nothing showed other then what we had put on ie the file name i deleted thos too. i rebooted an ran my spyware program pc cilln ADW_SLAGENT.A is still showing up :tazz: heres my log oh the entry u wanted me to delete was in there so i deleted it


Logfile of HijackThis v1.99.1
Scan saved at 10:19:30 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\EXSHOW.EXE
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

:)
  • 0

#44
trucker

trucker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 227 posts
hi rambo :tazz: another thing i have seen happen, when i shut down i used to get two alerts saying msclock32.dll and dosfil32.exe dll failed to excute. dosfil32.exe dll is still doing that. i did a search but when i do this computer reboots stopping the search dont know if that maens anything but i thought i would let you know :)
  • 0

#45
rambro

rambro

    Member 1K

  • Member
  • PipPipPipPip
  • 1,383 posts
Dear trucker, :tazz:

Please go to Start -> Run -> cmd and press Enter. At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested. Then please restart your computer.

Here is a link for reference: http://www.theelderg.../repair_ie6.htm.

rambro :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP