Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Cant remove magiccontrol.agent

Started by matt b , Dec 05 2005 03:39 PM

  • This topic is locked This topic is locked
103 replies to this topic

#61 matt b

matt b

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 December 2005 - 01:28 PM

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»» HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snpstd SZ C:\\WINDOWS\\vsnpstd.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nwiz SZ nwiz.exe /install HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvMediaCenter SZ RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\%FP%Friendly fts.exe SZ "C:\\Program Files\\VoyagerTest\\fts.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched SZ C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Zone Labs Client SZ C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DSLSTATEXE SZ C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslstat.exe icon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DSLAGENTEXE SZ C:\\Program Files\\BT Voyager 105 ADSL Modem\\dslagent.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon SZ RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avast! SZ C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ NONE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL\Installed SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\NoChange SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\Installed SZ 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS\Installed SZ 1 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr SZ "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe" /background HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE SZ C:\\WINDOWS\\system32\\ctfmon.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AWMON SZ "C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices\ NONE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ NONE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ NONE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ NONE HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\ NONE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\ NONE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\ NONE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ NONE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk\location SZ Common Startup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk\command SZ C:\\PROGRA~1\\MSNTOO~1\\DS\\020500~1.108\\en-us\\bin\\WINDOW~3.EXE /startup HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk\item SZ Windows Desktop Search HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ NONE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Boots Insert Detect\key SZ SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Boots Insert Detect\item SZ InsDetect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Boots Insert Detect\hkey SZ HKCU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Boots Insert Detect\inimapping SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE\key SZ SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE\item SZ ctfmon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE\hkey SZ HKCU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE\command SZ C:\\WINDOWS\\system32\\ctfmon.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTFMON.EXE\inimapping SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS\key SZ SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS\item SZ msmsgs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS\hkey SZ HKCU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS\command SZ "C:\\Program Files\\Messenger\\msmsgs.exe" /background HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS\inimapping SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Soltek\key SZ SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Soltek\item SZ autorun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Soltek\hkey SZ HKLM HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Soltek\inimapping SZ 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\svcWRSSSDK DWORD 00000002 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-\QuickTime Task SZ "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-\CTFMON.EXE SZ C:\\WINDOWS\\system32\\ctfmon.exe

    Advertisements

Register to Remove

#62 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 December 2005 - 01:46 PM

This is the only one that looks weird to me.

Can you locate this one and find the spelling of the file name?
C:\\PROGRA~1\\MSNTOO~1\\DS\\020500~1.108\\en-us\\bin\\WINDOW~3.EXE /startup

c:\program files\msn

Also see if you have a folder called ‘mc’ in the Windows folder.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#63 matt b

matt b

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 December 2005 - 01:49 PM

Sorry for being stoopid but im not quite sure what to do :oops:

#64 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 December 2005 - 01:56 PM

Don't worry about it, I think that's just msn toolbar anyway.

See if you have a folder called ‘mc’ in the Windows folder.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#65 matt b

matt b

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 December 2005 - 01:56 PM

how do i search for that?

#66 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 December 2005 - 02:01 PM

click Start button> Search> All files and folders> type in MC tap enter

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#67 matt b

matt b

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 December 2005 - 02:05 PM

Oh good good, ive just done that and there's loads with the letters in but not one file with that name. It lets me copy the results but wont let me paste them into this thread?

#68 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 December 2005 - 02:06 PM

We were looking for a Folder named MC. I'm still looking for a fix.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#69 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 December 2005 - 02:08 PM

Lets try this:


Click HERE to download DllCompare. Start the Program with and click the Run Locate.com - be sure the \Windows\System32 directory is in the box and wait until the the blue text says it has 'completed the scan'.

Click the Compare button to start the next process. The results appear in two panes - files in the upper pane have been verified to 'exist', files in the lower pane were 'not able to be accessed'. Very few files should be listed in the lower pane when the Compare scan is complete. Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.

Click the Make a Log of what was found button and post the log here in this thread and wait for further instructions.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#70 matt b

matt b

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 December 2005 - 02:14 PM

it found 1 item in lower pane. this is the result. * DLLCompare Log version(1.0.0.127) Files Found that Windows does not See or cannot Access *Not everything listed here means you are infected! ________________________________________________ C:\WINDOWS\SYSTEM32\vb6stkit.dll Fri 26 Mar 1999 0:00:00 A.S.. 101,888 99.50 K ________________________________________________ 1,334 items found: 1,334 files (1 H/S), 0 directories. Total of file sizes: 287,049,312 bytes 273.75 M Administrator Account = True --------------------End log---------------------

    Advertisements

Register to Remove

#71 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 December 2005 - 02:24 PM

Launch Notepad (not wordpad), and copy and paste the BOLD below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

REGEDIT4

[-HKEY_USERS\S-1-5-21-2052111302-1757981266-725345543-1003\Software\LanConfig]
[-HKEY_USERS\S-1-5-21-2052111302-1757981266-725345543-1003\Software\mc\SA]



Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#72 matt b

matt b

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 December 2005 - 02:27 PM

done that.

#73 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 December 2005 - 02:30 PM

That should have killed it if it worked. Can you test to see if it's gone?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#74 matt b

matt b

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 December 2005 - 02:31 PM

Yeah sure. How do you want me to test?

#75 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 December 2005 - 02:32 PM

Doesn't Spybot pick it up?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·