|
| How to remove Vcmgcd32.dll, pctsTray.exe seems corrupt |
|
| Author:Vcmgcd32.dll, pctsTray.exe seems corrupt Hits: UpdateTime:2008-3-24 12:18:58 |
|
|
For remove Vcmgcd32.dll, pctsTray.exe seems corrupt virus,please clean/delete all Vcmgcd32.dll, pctsTray.exe seems corrupt infected files and Delete/Modify any values Vcmgcd32.dll, pctsTray.exe seems corrupt added to the registry as following:
Vcmgcd32.dll is not a valid windows image, pctsTray.exe seems corrupt
O4 - HKLM\..\Policies\Explorer\Run: [N3588c] "C:\WINDOWS\_default22962.pif"
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKCU\..\Policies\Explorer\Run: [f3444Adm] "C:\Documents and Settings\Administrator\Local Settings\Application Data\dv6211500x\yesbron.com"
O4 - HKUS\S-1-5-18\..\Run: [y3114SYS] "C:\WINDOWS\system32\n8127\sv711917030r.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [y3114SYS] "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [y3114SYS] "C:\WINDOWS\system32\n8127\sv711917030r.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [y3114SYS] "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'Default user')
Download DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
to your desktop.
Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked.
O4 - HKLM\..\Policies\Explorer\Run: [N3588c] "C:\WINDOWS\_default22962.pif"
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKCU\..\Policies\Explorer\Run: [f3444Adm] "C:\Documents and Settings\Administrator\Local Settings\Application Data\dv6211500x\yesbron.com"
O4 - HKUS\S-1-5-18\..\Run: [y3114SYS] "C:\WINDOWS\system32\n8127\sv711917030r.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [y3114SYS] "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [y3114SYS] "C:\WINDOWS\system32\n8127\sv711917030r.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [y3114SYS] "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\dv6191700x\yesbron.com" (User 'Default user')
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
Reboot to Safe mode
Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
Open Folder Options in Controlpanel >view and check your settings:
Select
Show hidden files and folders
Display the contents of system folders
Uncheck: Hide protected operating system files
Delete:
Files:
C:\WINDOWS\_default22962.pif
C:\Documents and Settings\Administrator\Local Settings\Application Data\dv6211500x\yesbron.com
C:\WINDOWS\system32\n8127\sv711917030r.exe
Folders:
C:\heap41a
Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the Options->Change settings.
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename
Click – Apply - OK
Click on Scan Tab. Move dot from Express scan to Complete Scan. Click on The Green arrow to the right. It will now scan your drive(s), say yes to all
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
For successful remove Vcmgcd32.dll, pctsTray.exe seems corrupt virus,you may also need do as following:
1. Temporarily Disable System Restore .
2. Update the virus definitions. Reboot computer in SafeMode;
3. Delete the IE temp files,some Vcmgcd32.dll, pctsTray.exe seems corrupt temp file exisit there.
4.If you failed to remove Vcmgcd32.dll, pctsTray.exe seems corrupt,please go to our remove help forum:http://help.antiviruses123.com
|
| End Of The Article How to remove Vcmgcd32.dll, pctsTray.exe seems corrupt remove process |
|
No correlative howtoremove |
