Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

***I NEED SEVERE HELP MY PC IS DYING!*** [RESOLVED]


  • This topic is locked This topic is locked

#16
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I'll keep an eye out for you ActiveScan log.

I'll definitely have you run the scan I was talking about earlier especially since Ewido found 2800 viruses! :tazz: but I won't post the instructions for that until after I see the ActiveScan log. ;)
  • 0

Advertisements


#17
Element9846

Element9846

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
lol sorry for my little tantrum I am scanning with both ewido and activescan now and Ill try and get a report from ewido
  • 0

#18
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
No need to post the results from Ewido, the log from ActiveScan will be fine :tazz:

Hey, no need to apologize, I understand you're frustrated from being infected with this nasty stuff! ;)
  • 0

#19
Element9846

Element9846

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
activescan

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe
Adware:Adware/CWS No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\ide21201.vxd
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\299WOBM4\unstall[1].exe
Virus:Trj/Downloader.COY Disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\aun_0035[1].exe
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\diamond[1].cab[m67m.inf]
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\diamond[1].cab[m67m.ocx]
Spyware:Spyware/Media-motor No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\seeve[1].exe
Virus:Trj/Downloader.BYZ Disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\stubinstaller4292[1].exe
Adware:Adware/DelFinMedia No disinfected C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\KJ3O4BKD\mm15201518.Stub[1].exe
Adware:Adware/AzeSearch No disinfected C:\Documents and Settings\Preferred Customer\My Documents\hijackthis\backups\backup-20050524-122356-310.inf
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\Downloaded Program Files\m67m.inf
Adware:Adware/BrilliantDigitalNo disinfected C:\WINDOWS\system32\MSINET.OCX
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe
ewido because i did it again a second time and got the see report prompt
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:09:04 PM, 6/2/2005
+ Report-Checksum: E15D6420

+ Date of database: 6/2/2005
+ Version of scan engine: v3.0

+ Duration: 65 min
+ Scanned Files: 108516
+ Speed: 27.49 Files/Second
+ Infected files: 15
+ Removed files: 13
+ Files put in quarantine: 13
+ Files that could not be opened: 0
+ Files that could not be cleaned: 2

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@ads.addynamix[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@bilbo.counted[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@perf.overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Cookies\preferred customer@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\CZCEUK8V\thin-143-1-x-x[1].exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\aun_0035[1].exe -> TrojanDownloader.Small.akz -> Error during cleaning
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\seeve[1].exe -> Spyware.MediaMotor.f -> Cleaned with backup
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\FGQIATUD\stubinstaller4292[1].exe -> TrojanDownloader.Small.asf -> Error during cleaning
C:\Documents and Settings\Preferred Customer\Local Settings\Temporary Internet Files\Content.IE5\KJ3O4BKD\mm15201518.Stub[1].exe -> Spyware.EZula.ah -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic -> Cleaned with backup
C:\WINDOWS\system32\bszip.dll -> Worm.Wurmark.c -> Cleaned with backup
C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup


::Report End
  • 0

#20
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I asked you to do this earlier just for that reason. You've got a bunch of stuff in temporary Internet files that need to go.

Please do this:

Download, install, and run CleanUp! Cleanup! deletes EVERYTHING out of temporary/temp files and does not make backups. If you have anything you need in temporary folders, back it up or move it prior to running cleanup!

You need to run Cleanup otherwise those infected items will stay in your Temporary files.

After running Cleanup!, please do this:

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\unstall.exe
C:\WINDOWS\system32\ide21201.vxd
C:\WINDOWS\Downloaded Program Files\m67m.inf
C:\WINDOWS\system32\MSINET.OCX


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, post a new HiJackThis log.

Edited by bananafanafo, 02 June 2005 - 09:58 PM.

  • 0

#21
Element9846

Element9846

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Ive done those steps but im doing them agn...it most likely just had more crap in it with that "gallery mishap" AFTER i did cleanup...jeebus lol..sorry its runin agn now :tazz:
  • 0

#22
Element9846

Element9846

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:12:47 AM, on 6/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Preferred Customer\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ps2.ign.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://chat.privatef...000/java/cr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0035.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...abs/diamond.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.c...et/applet_o.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C44AFB17-2647-4A94-8698-A6A730757F46}: NameServer = 204.117.214.10,199.2.252.10
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
  • 0

#23
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Run HijackThis. Place a check next to the following items and click FIX CHECKED:

O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupd...ll/aun_0035.exe
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-mo...abs/diamond.cab


Close HijackThis.

Allrighty! Here is the big scan I want you to run to make sure nothing else is hiding out...

I need you to download MWav

This scan might take around 3+ hours to finish when set to scan everything. I need you to run MWav, put a check next to below items before scanning:

*Memory
*Startup Folders
*Drive - All Local Drives
*Folder - then click "browse" to change the directory to C: (default is C:\Windows)
*Registry
*System Folders
*Services
*Include Sub-Directory
*Scan All Files

Please make sure ALL of these are checked, then press the scan button. This will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

When the scan is running, you will see a bottom window that is listing infected items. When the scan is complete, highlight the items in that window and hold CTRL + C to Copy then paste it here. The whole log will be extremely big so there is no way to copy the whole thing. I just need the infected items list that's in the window.
  • 0

#24
Element9846

Element9846

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Holy Moly I swear you are a guardian angel...obviously its not done but you are definately number one on the nicest person Ive ever associated in my life list

Ive explained I cannot pay you...my grandma just doesnt understand how bad a virus can be and how great it is to have someone like you fix it.

The least I can do is make you like a new Staff Expert banner since I do designz or some kind of present IDC which but I got to take time out of my life to reward you with not only my help but EVERYONE ELSE CONSULTED WITH HELP BY YOU....you are an extremely nice person...I am only 15 but if you're married your husband is very very lucky to have a nice woman like you!!!!
  • 0

#25
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Well that's very sweet of you to say! ;)

I would love to have a Staff Expert banner, but you don't have to do anything for me because getting your system clean from this nasty stuff is rewarding ;)

It'll take a while to run the scan, so I'll keep an eye out for your MWav log. Most likely we will need to use a registry cleaner and possibly delete some more files, but we're close! :tazz:
  • 0

Advertisements


#26
Element9846

Element9846

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
No worries...I do requests On my design website and would be more then pleased to make you a new one and a few butterfly logos! :tazz:

Posted Image

not the best n the world buuut since ive come back to photoshop (was focused on school and final exams) thats my best one yet since my break

Ill try and make a very very nice one for you!!
  • 0

#27
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
That Geeks To Go Rocks one is awesome!

Nice! :tazz:
  • 0

#28
Element9846

Element9846

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Thx a lot...u are soooooo KIND AND NICE AND WONDERFUL BAAAAH lol
  • 0

#29
Element9846

Element9846

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SideFind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MediaMotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "sidefind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerscan Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "DyFuCA Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MediaMotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MediaMotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ameopt Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kapabout Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180Solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180Solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearsharechatnotifymsg Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Roings Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AktiveSekurity.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ESBAdultInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\m67m.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\msinet.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\netia32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp0407.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp0409.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp040a.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp040c.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp0410.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp0413.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\npsp041d.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\NPSPatch.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\patchw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Electronic Arts\Network Play System\NPSPatch.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\QTPlugin.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\msinet.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\netia32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ESBAdultInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RSInstaller.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\_ISTMP5.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AktiveSekurity.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\m67m.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0ED40800-D38D-11D3-B562-00902771A435}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1251C89E-C28B-4523-934C-B8C25550AF8B}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{17580E5E-7B07-11D2-BF1F-00A024D73444}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\ProductRegComPS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{17580E5F-7B07-11D2-BF1F-00A024D73444}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1CEFD16C-91C2-4953-986E-EE77DE2DCF94}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\NetDetectController.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1D582140-CCCD-11CE-949A-00608CE82FF5}" refers to invalid object "pfauto.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2045EFE5-99CF-11D2-B40A-00600831DD76}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}" refers to invalid object "pfauto.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}" refers to invalid object "C:\PROGRA~1\AWS\WEATHE~1\MINIBU~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{338E9310-7C07-11CE-8CA9-00AA0044BB60}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3591BCCA-6D3A-4C9E-9890-5EB6561D903E}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3910C366-78E9-11D4-8C24-00104BF6CAF3}" refers to invalid object "C:\Program Files\Common Files\Macromedia\SCS DLLs\VBaddin.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}" refers to invalid object "C:\WINDOWS\system32\MSINET.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}" refers to invalid object "C:\WINDOWS\system32\MSINET.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}" refers to invalid object "C:\WINDOWS\system32\MSINET.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C599241-6926-101B-9992-00000B65C6F9}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5728F10E-27CC-101B-A8EF-00000B65C5F8}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{578D8287-FB03-466E-A404-DD772E6CBEAE}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{71839D31-3417-4F77-BADE-CBCFC88EA4BC}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\digital_city.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{75328D64-87CF-4848-A831-35DEAFE27822}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{76CE1CC0-7932-11D1-9509-00A0C9925315}" refers to invalid object "C:\PROGRA~1\PCFRIE~1\main\bin\ITIVIDEO.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7C72ED9B-276C-4C18-8F37-CC22DCAD7F27}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\ssl_pogo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7CBBABF0-36B9-11CE-BF0D-00AA0044BB60}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7CF9B5A0-BDF5-11CE-949A-00608CE82FF5}" refers to invalid object "wpauto.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{871E56B6-59E6-48D9-AB00-85F66765ABC2}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{882BE13B-884D-466E-8530-89BF112DB150}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\digital_city.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{972C4270-11FD-11CE-B841-00AA004CD6D8}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB9FA086-83C4-4F56-B614-77CA8C349270}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AC9F2F90-E877-11CE-9F68-00AA00574A4F}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AFC20920-DA4E-11CE-B943-00AA006887B4}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BF0044DB-36F1-4E50-959C-BAD750900A8D}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\ftp_ht.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}" refers to invalid object "C:\WINDOWS\System32\LVbuttons.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C9052A5D-F5D7-4F0A-ABAB-36C9275F4D43}" refers to invalid object "C:\Documents and Settings\Preferred Customer\My Documents\icycrack\plugins\ftp_ht.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}" refers to invalid object "c:\program files\javasoft\jre1.4\1.4.1\bin\bin\npjpi141.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D59CF868-3464-49D3-9A96-3E6890EDC7E8}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E745B262-93B6-4630-B26E-4E0CD4C435EC}" refers to invalid object "C:\DOCUME~1\PREFER~1\LOCALS~1\Temp\{57E492E7-1269-4975-9B8E-642455A6E59C}\SDPlugins\DXAxHost.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F748B5F0-15D0-11CE-BF0D-00AA0044BB60}" refers to invalid object "C:\WINDOWS\System32\FM20.DLL". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Bookmark.BHOMoneyGainer" refers to invalid object "{2559D0B1-AF60-4BD5-965D-0E51383A6367}". Action Taken: No Action Taken.
Entry "HKCR\Bookmark.BHOMoneyGainer.1" refers to invalid object "{2559D0B1-AF60-4BD5-965D-0E51383A6367}". Action Taken: No Action Taken.
Entry "HKCR\CompatUI.Microsoft.3" refers to invalid object "{F4DC309C-7E5B-32A5-E8F6-1B00CC0B6E00}". Action Taken: No Action Taken.
Entry "HKCR\COMSVCS.SWbemLocator" refers to invalid object "{D9FA1AC2-6345-EDC7-BF9B-F985FEE46D62}". Action Taken: No Action Taken.
Entry "HKCR\DirectAnimation.DAEndStyle.3" refers to invalid object "{F04EDFFD-F3C4-45AB-54DB-AA23AA6B835E}". Action Taken: No Action Taken.
Entry "HKCR\IObjSafety.DemoCtl" refers to invalid object "{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}". Action Taken: No Action Taken.
Entry "HKCR\JavaSoft.JavaBeansBridge" refers to invalid object "{8AD9C840-044E-11D1-B3E9-00805F499D93}". Action Taken: No Action Taken.
Entry "HKCR\JavaSoft.JavaBeansBridge.1" refers to invalid object "{8AD9C840-044E-11D1-B3E9-00805F499D93}". Action Taken: No Action Taken.
Entry "HKCR\MsnMessengerSetupDownloader.MsnMessen.1" refers to invalid object "{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}". Action Taken: No Action Taken.
Entry "HKCR\MsnMessengerSetupDownloader.MsnMessenge" refers to invalid object "{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\YAddBook.YAutoComplete.1" refers to invalid object "{B9191F79-5613-4C76-AA2A-398534BB8999}". Action Taken: No Action Taken.
Entry "HKCR\YBIOCtrl.YMailAttach.3" refers to invalid object "{8EFDE8C8-D6CC-E675-4C59-1973011E3879}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.activator" refers to invalid object "{FFF5092F-7172-4018-827B-FA5868FB0478}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.activator.1" refers to invalid object "{FFF5092F-7172-4018-827B-FA5868FB0478}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.ParamWr" refers to invalid object "{D7BF3304-138B-4DD5-86EE-491BB6A2286C}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.ParamWr.1" refers to invalid object "{D7BF3304-138B-4DD5-86EE-491BB6A2286C}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.StockBar" refers to invalid object "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}". Action Taken: No Action Taken.
Entry "HKCR\ZToolbar.StockBar.1" refers to invalid object "{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}". Action Taken: No Action Taken.
File C:\WINDOWS\iexplore.exe infected by "Trojan.Win32.StartPage.kk" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\iexplore.exe infected by "Trojan.Win32.StartPage.kk" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\iexplore.exe infected by "Trojan.Win32.StartPage.kk" Virus! Action Taken: No Action Taken.
  • 0

#30
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
*Please dowload: RegSeeker.
*Click on "Clean The Registry" in the left panel.
*Check all boxes (make sure the backup box in the lower left corner is selected!).
*After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
*Click "Quit RegSeeker".

Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. When RegSeeker finds nothing else, please follow the instructions below (don't worry if there are a couple of items in RegSeeker that won't go away - they won't harm anything) *Make sure to reboot between each use of the program.

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\iexplore.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, post a new HiJackThis log.

The other items found by MWav (the first 30 lines or so) are most likely a CLSID in the registry. We'll try to see how many of them we can find to delete. But an entry in the registry without the actual program is just an orphaned reg key and it won't do anything but sit there.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP