Sanga
2006-10-07, 15:27
I have had this pop up on my toolbar for the past week. It sends me these phony system messages and virus protection ads. I have not figured how to remove it, but I hope you guys can help me out. Thanks.
Below are all my scan logs.
Scan done at 2:47:59.06, 10/07/2006 Sat
Run from C:\Documents and Settings\Administrator\桌面\SmitfraudFix
OS: Microsoft Windows XP [版本 5.1.2600] - Windows_NT
Fix run in safe mode
换换换换换换换换换换换换 Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7be183d2-a42d-4915-bf60-ec86fbf002cf}"="horologium"
[HKEY_CLASSES_ROOT\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\system32\httge.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\system32\httge.dll"
换换换换换换换换换换换换 Killing process
换换换换换换换换换换换换 Generic Renos Fix
GenericRenosFix by S!Ri
换换换换换换换换换换换换 Deleting infected files
C:\Program Files\iMediaCodec\ Deleted
换换换换换换换换换换换换 Deleting Temp Files
换换换换换换换换换换换换 Registry Cleaning
Registry Cleaning done.
换换换换换换换换换换换换 After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
换换换换换换换换换换换换 End
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:52:40 AM 10/7/2006
+ Scan result:
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr7058\3721\alLiveEx.dll -> Adware.Cdn : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr7058\alliveex.dll -> Adware.Cdn : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr7058\alrex.dll -> Adware.Cdn : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr8ff4\alliveex.dll -> Adware.Cdn : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr8ff4\alrex.dll -> Adware.Cdn : Cleaned.
C:\WINDOWS\system32\cns.exe -> Adware.Cdn : Cleaned.
HKLM\SOFTWARE\3721 -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\3721\CnsMin -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Classes\CnsHelper.CH.1 -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\AutoUpdate -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\ResetCatch -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Adware.CnsMin : Cleaned.
HKU\S-1-5-21-1801674531-299502267-725345543-500\Software\3721 -> Adware.CnsMin : Cleaned.
HKU\S-1-5-21-1801674531-299502267-725345543-500\Software\3721\CnsMin -> Adware.CnsMin : Cleaned.
HKU\S-1-5-21-1801674531-299502267-725345543-500\Software\3721\CnsMin\Variant -> Adware.CnsMin : Cleaned.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsbF.tmp\isecur.dll -> Downloader.Zlob.aoe : Cleaned.
C:\Documents and Settings\Administrator\My Documents\Bots\Bots\BS\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned.
C:\Documents and Settings\Administrator\My Documents\Bots\Bots\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned.
::Report end
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [P2kAutostart] V330
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ????ì¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: ???¢WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: ?é?°á?ìì - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O11 - Options group: [!CNS] ?D??é?í?
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Below are all my scan logs.
Scan done at 2:47:59.06, 10/07/2006 Sat
Run from C:\Documents and Settings\Administrator\桌面\SmitfraudFix
OS: Microsoft Windows XP [版本 5.1.2600] - Windows_NT
Fix run in safe mode
换换换换换换换换换换换换 Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7be183d2-a42d-4915-bf60-ec86fbf002cf}"="horologium"
[HKEY_CLASSES_ROOT\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\system32\httge.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7be183d2-a42d-4915-bf60-ec86fbf002cf}\InProcServer32]
@="C:\WINDOWS\system32\httge.dll"
换换换换换换换换换换换换 Killing process
换换换换换换换换换换换换 Generic Renos Fix
GenericRenosFix by S!Ri
换换换换换换换换换换换换 Deleting infected files
C:\Program Files\iMediaCodec\ Deleted
换换换换换换换换换换换换 Deleting Temp Files
换换换换换换换换换换换换 Registry Cleaning
Registry Cleaning done.
换换换换换换换换换换换换 After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
换换换换换换换换换换换换 End
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:52:40 AM 10/7/2006
+ Scan result:
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr7058\3721\alLiveEx.dll -> Adware.Cdn : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr7058\alliveex.dll -> Adware.Cdn : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr7058\alrex.dll -> Adware.Cdn : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr8ff4\alliveex.dll -> Adware.Cdn : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr8ff4\alrex.dll -> Adware.Cdn : Cleaned.
C:\WINDOWS\system32\cns.exe -> Adware.Cdn : Cleaned.
HKLM\SOFTWARE\3721 -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\3721\CnsMin -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Classes\CnsHelper.CH.1 -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\AutoUpdate -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\ResetCatch -> Adware.CnsMin : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Adware.CnsMin : Cleaned.
HKU\S-1-5-21-1801674531-299502267-725345543-500\Software\3721 -> Adware.CnsMin : Cleaned.
HKU\S-1-5-21-1801674531-299502267-725345543-500\Software\3721\CnsMin -> Adware.CnsMin : Cleaned.
HKU\S-1-5-21-1801674531-299502267-725345543-500\Software\3721\CnsMin\Variant -> Adware.CnsMin : Cleaned.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Administrator\Local Settings\Temp\nsbF.tmp\isecur.dll -> Downloader.Zlob.aoe : Cleaned.
C:\Documents and Settings\Administrator\My Documents\Bots\Bots\BS\WpeSpy.dll -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned.
C:\Documents and Settings\Administrator\My Documents\Bots\Bots\WPE PRO.exe -> Not-A-Virus.Sniffer.Win32.WpePro.a : Cleaned.
::Report end
C:\Documents and Settings\Administrator\桌面\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [P2kAutostart] V330
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.9\PlaxoHelper.exe -a
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ????ì¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: ·????¨?° - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: ???¢WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: ?é?°á?ìì - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O11 - Options group: [!CNS] ?D??é?í?
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe