[Michelle]

I'll keep an eye out for you ActiveScan log.

I'll definitely have you run the scan I was talking about earlier especially since Ewido found 2800 viruses! but I won't post the instructions for that until after I see the ActiveScan log.

[Advertisements]

lol sorry for my little tantrum I am scanning with both ewido and activescan now and Ill try and get a report from ewido

[Element9846]

lol sorry for my little tantrum I am scanning with both ewido and activescan now and Ill try and get a report from ewido

[Michelle]

No need to post the results from Ewido, the log from ActiveScan will be fine

Hey, no need to apologize, I understand you're frustrated from being infected with this nasty stuff!

[Element9846]

activescan

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe
Adware:Adware/CWS No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\ide21201.vxd
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\299WOBM4\unstall[1].exe
Virus:Trj/Downloader.COY Disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\aun_0035[1].exe
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\diamond[1].cab[m67m.inf]
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\diamond[1].cab[m67m.ocx]
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\seeve[1].exe
Virus:Trj/Downloader.BYZ Disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\stubinstaller4292[1].exe
Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\KJ3O4BKD\mm15201518.Stub[1].exe
Adware:Adware/AzeSearch No disinfected C:\Documents and Settings\Preferred Customer\My Documents\hijackthis\backups\backup-20050524-122356-310.inf
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\MSINET.OCX
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe
ewido because i did it again a second time and got the see report prompt
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:09:04 PM, 6/2/2005
+ Report-Checksum: E15D6420

+ Date of database: 6/2/2005
+ Version of scan engine: v3.0

+ Duration: 65 min
+ Scanned Files: 108516
+ Speed: 27.49 Files/Second
+ Infected files: 15
+ Removed files: 13
+ Files put in quarantine: 13
+ Files that could not be opened: 0
+ Files that could not be cleaned: 2

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Preferred Customer\Cookies\preferred [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred [email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred [email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\CZCEUK8V\thin-143-1-x-x[1].exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\aun_0035[1].exe -> TrojanDownloader.Small.akz -> Error during cleaning
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\seeve[1].exe -> Spyware.MediaMotor.f -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\stubinstaller4292[1].exe -> TrojanDownloader.Small.asf -> Error during cleaning
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\KJ3O4BKD\mm15201518.Stub[1].exe -> Spyware.EZula.ah -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic -> Cleaned with backup
C:\WINDOWS\system32\bszip.dll -> Worm.Wurmark.c -> Cleaned with backup
C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup


::Report End

[Michelle]

I asked you to do this earlier just for that reason. You've got a bunch of stuff in temporary Internet files that need to go.

Please do this:

Download, install, and run CleanUp! Cleanup! deletes EVERYTHING out of temporary/temp files and does not make backups. If you have anything you need in temporary folders, back it up or move it prior to running cleanup!

You need to run Cleanup otherwise those infected items will stay in your Temporary files.

After running Cleanup!, please do this:

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\unstall.exe
C:\WINDOWS\system32\ide21201.vxd
C:\WINDOWS\Downloaded Program Files\m67m.inf
C:\WINDOWS\system32\MSINET.OCX

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, post a new HiJackThis log.

Edited by bananafanafo, 02 June 2005 - 09:58 PM.

[Element9846]

Ive done those steps but im doing them agn...it most likely just had more crap in it with that "gallery mishap" AFTER i did cleanup...jeebus lol..sorry its runin agn now

[Element9846]

Logfile of HijackThis v1.99.1
Scan saved at 12:12:47 AM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Preferred Customer\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ps2.ign.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://chat.privatef...000/java/cr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0035.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.c...et/applet_o.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C44AFB17-2647-4A94-8698-A6A730757F46}: NameServer = 204.117.214.10,199.2.252.10
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

[Michelle]

Run HijackThis. Place a check next to the following items and click FIX CHECKED:

O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0035.exe
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...abs/diamond.cab

Close HijackThis.

Allrighty! Here is the big scan I want you to run to make sure nothing else is hiding out...

I need you to download MWav

This scan might take around 3+ hours to finish when set to scan everything. I need you to run MWav, put a check next to below items before scanning:

*Memory
*Startup Folders
*Drive - All Local Drives
*Folder - then click "browse" to change the directory to C: (default is C:\Windows)
*Registry
*System Folders
*Services
*Include Sub-Directory
*Scan All Files

Please make sure ALL of these are checked, then press the scan button. This will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

When the scan is running, you will see a bottom window that is listing infected items. When the scan is complete, highlight the items in that window and hold CTRL + C to Copy then paste it here. The whole log will be extremely big so there is no way to copy the whole thing. I just need the infected items list that's in the window.

[Element9846]

Holy Moly I swear you are a guardian angel...obviously its not done but you are definately number one on the nicest person Ive ever associated in my life list

Ive explained I cannot pay you...my grandma just doesnt understand how bad a virus can be and how great it is to have someone like you fix it.

The least I can do is make you like a new Staff Expert banner since I do designz or some kind of present IDC which but I got to take time out of my life to reward you with not only my help but EVERYONE ELSE CONSULTED WITH HELP BY YOU....you are an extremely nice person...I am only 15 but if you're married your husband is very very lucky to have a nice woman like you!!!!

[Michelle]

Well that's very sweet of you to say!

I would love to have a Staff Expert banner, but you don't have to do anything for me because getting your system clean from this nasty stuff is rewarding

It'll take a while to run the scan, so I'll keep an eye out for your MWav log. Most likely we will need to use a registry cleaner and possibly delete some more files, but we're close!

[Element9846]

No worries...I do requests On my design website and would be more then pleased to make you a new one and a few butterfly logos!



not the best n the world buuut since ive come back to photoshop (was focused on school and final exams) thats my best one yet since my break

Ill try and make a very very nice one for you!!

[Michelle]

That Geeks To Go Rocks one is awesome!

Nice!

[Element9846]

Thx a lot...u are soooooo KIND AND NICE AND WONDERFUL BAAAAH lol

[Element9846]

Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MediaMotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "sidefind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerscan Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "DyFuCA Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MediaMotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MediaMotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ameopt Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kapabout Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180Solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180Solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearsharechatnotifymsg Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Roings Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AktiveSekurity.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ESBAdultInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\m67m.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\msinet.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\netia32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp0407.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp0409.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp040a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp040c.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp0410.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp0413.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp041d.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\NPSPatch.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\patchw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\NPSPatch.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QTPlugin.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\msinet.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\netia32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ESBAdultInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RSInstaller.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\_ISTMP5.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AktiveSekurity.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\m67m.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0ED40800-D38D-11D3-B562-00902771A435}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1251C89E-C28B-4523-934C-B8C25550AF8B}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{17580E5E-7B07-11D2-BF1F-00A024D73444}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\ProductRegComPS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1CEFD16C-91C2-4953-986E-EE77DE2DCF94}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\NetDetectController.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1D582140-CCCD-11CE-949A-00608CE82FF5}" refers to invalid object "pfauto.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2045EFE5-99CF-11D2-B40A-00600831DD76}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}" refers to invalid object "pfauto.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}" refers to invalid object "C:\PROGRA~1\AWS\WEATHE~1\MINIBU~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3591BCCA-6D3A-4C9E-9890-5EB6561D903E}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3910C366-78E9-11D4-8C24-00104BF6CAF3}" refers to invalid object "C:\Program Files\Common Files\Macromedia\SCS DLLs\VBaddin.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}" refers to invalid object "C:\WINDOWS\system32\MSINET.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}" refers to invalid object "C:\WINDOWS\system32\MSINET.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}" refers to invalid object "C:\WINDOWS\system32\MSINET.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{578D8287-FB03-466E-A404-DD772E6CBEAE}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{71839D31-3417-4F77-BADE-CBCFC88EA4BC}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\digital_city.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{75328D64-87CF-4848-A831-35DEAFE27822}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{76CE1CC0-7932-11D1-9509-00A0C9925315}" refers to invalid object "C:\PROGRA~1\PCFRIE~1\main\bin\ITIVIDEO.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C72ED9B-276C-4C18-8F37-CC22DCAD7F27}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\ssl_pogo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7CBBABF0-36B9-11CE-BF0D-00AA0044BB60}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7CF9B5A0-BDF5-11CE-949A-00608CE82FF5}" refers to invalid object "wpauto.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{871E56B6-59E6-48D9-AB00-85F66765ABC2}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{882BE13B-884D-466E-8530-89BF112DB150}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\digital_city.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB9FA086-83C4-4F56-B614-77CA8C349270}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AC9F2F90-E877-11CE-9F68-00AA00574A4F}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BF0044DB-36F1-4E50-959C-BAD750900A8D}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\ftp_ht.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}" refers to invalid object "C:\WINDOWS\System32\LVbuttons.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C9052A5D-F5D7-4F0A-ABAB-36C9275F4D43}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\ftp_ht.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}" refers to invalid object "c:\program files\javasoft\jre1.4\1.4.1\bin\bin\npjpi141.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D59CF868-3464-49D3-9A96-3E6890EDC7E8}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E745B262-93B6-4630-B26E-4E0CD4C435EC}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F748B5F0-15D0-11CE-BF0D-00AA0044BB60}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Bookmark.BHOMoneyGainer" refers to invalid object "{2559D0B1-AF60-4BD5-965D-0E51383A6367}". Action Taken: No Action Taken.
Entry "HKCR\Bookmark.BHOMoneyGainer.1" refers to invalid object "{2559D0B1-AF60-4BD5-965D-0E51383A6367}". Action Taken: No Action Taken.
Entry "HKCR\CompatUI.Microsoft.3" refers to invalid object "{F4DC309C-7E5B-32A5-E8F6-1B00CC0B6E00}". Action Taken: No Action Taken.
Entry "HKCR\COMSVCS.SWbemLocator" refers to invalid object "{D9FA1AC2-6345-EDC7-BF9B-F985FEE46D62}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.DAEndStyle.3" refers to invalid object "{F04EDFFD-F3C4-45AB-54DB-AA23AA6B835E}". Action Taken: No Action Taken.
Entry "HKCR\IObjSafety.DemoCtl" refers to invalid object "{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}". Action Taken: No Action Taken.
Entry "HKCR\JavaSoft.JavaBeansBridge" refers to invalid object "{8AD9C840-044E-11D1-B3E9-00805F499D93}". Action Taken: No Action Taken.
Entry "HKCR\JavaSoft.JavaBeansBridge.1" refers to invalid object "{8AD9C840-044E-11D1-B3E9-00805F499D93}". Action Taken: No Action Taken.
Entry "HKCR\MsnMessengerSetupDownloader.MsnMessen.1" refers to invalid object "{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}". Action Taken: No Action Taken.
Entry "HKCR\MsnMessengerSetupDownloader.MsnMessenge" refers to invalid object "{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\YAddBook.YAutoComplete.1" refers to invalid object "{B9191F79-5613-4C76-AA2A-398534BB8999}". Action Taken: No Action Taken.
Entry "HKCR\YBIOCtrl.YMailAttach.3" refers to invalid object "{8EFDE8C8-D6CC-E675-4C59-1973011E3879}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.activator" refers to invalid object "{FFF5092F-7172-4018-827B-FA5868FB0478}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.activator.1" refers to invalid object "{FFF5092F-7172-4018-827B-FA5868FB0478}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.ParamWr" refers to invalid object "{D7BF3304-138B-4DD5-86EE-491BB6A2286C}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.ParamWr.1" refers to invalid object "{D7BF3304-138B-4DD5-86EE-491BB6A2286C}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.StockBar" refers to invalid object "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.StockBar.1" refers to invalid object "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}". Action Taken: No Action Taken.
File C:\WINDOWS\iexplore.exe infected by "Trojan.Win32.StartPage.kk" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\iexplore.exe infected by "Trojan.Win32.StartPage.kk" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\iexplore.exe infected by "Trojan.Win32.StartPage.kk" Virus! Action Taken: No Action Taken.

[Michelle]

*Please dowload: RegSeeker.
*Click on "Clean The Registry" in the left panel.
*Check all boxes (make sure the backup box in the lower left corner is selected!).
*After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
*Click "Quit RegSeeker".

Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. When RegSeeker finds nothing else, please follow the instructions below (don't worry if there are a couple of items in RegSeeker that won't go away - they won't harm anything) *Make sure to reboot between each use of the program.

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\iexplore.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, post a new HiJackThis log.

The other items found by MWav (the first 30 lines or so) are most likely a CLSID in the registry. We'll try to see how many of them we can find to delete. But an entry in the registry without the actual program is just an orphaned reg key and it won't do anything but sit there.