-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 15, 2007 4:52:09 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/04/2007
Kaspersky Anti-Virus database records: 297497
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\2SPPatcher\
C:\51b2c8350f7a3ea86da0\
C:\684f9e0fc16f6e2bab\
C:\7a47444e95b4c54aecfa4b\
C:\98517ad18df1422977\
C:\ATI\
C:\CanonMP\
C:\Config.Msi\
C:\Documents and Settings\Administrator\
C:\Documents and Settings\All Users\
C:\Documents and Settings\Default User\
C:\Documents and Settings\LocalService\
C:\Documents and Settings\Mike\Application Data\
C:\Documents and Settings\Mike\Cookies\
C:\Documents and Settings\Mike\Desktop\
C:\Documents and Settings\Mike\Favorites\
C:\Documents and Settings\Mike\Local Settings\
C:\Documents and Settings\Mike\My Documents\Alcohol 120%\
C:\Documents and Settings\Mike\My Documents\CyberLink\
C:\Documents and Settings\Mike\My Documents\My Music\
C:\Documents and Settings\Mike\My Documents\My Pictures\
C:\Documents and Settings\Mike\My Documents\My Received Files\
C:\Documents and Settings\Mike\My Documents\My Videos\
C:\Documents and Settings\Mike\My Documents\Nero Home\
C:\Documents and Settings\Mike\My Documents\Nero Recode\
C:\Documents and Settings\Mike\My Documents\NeroVision\
C:\Documents and Settings\Mike\My Documents\PcSetup\
C:\Documents and Settings\Mike\My Recent Documents\
C:\Documents and Settings\Mike\NetHood\
C:\Documents and Settings\Mike\PrintHood\
C:\Documents and Settings\Mike\SendTo\
C:\Documents and Settings\Mike\Start Menu\
C:\Documents and Settings\Mike\Templates\
C:\Documents and Settings\Mike\UserData\
C:\Documents and Settings\NetworkService\
C:\e51408a88ce39ef47ef1591ccd68\
C:\Program Files\
C:\RECYCLER\
C:\System Volume Information\
C:\UT2004\
C:\VundoFix Backups\
C:\WINDOWS\
Scan Statistics:
Total number of scanned objects: 43815
Number of viruses found: 7
Number of infected objects: 85 / 0
Number of suspicious objects: 0
Duration of the scan process: 06:47:47
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03012007-003756.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Desktop\New Briefcase\Nero-7.7.5.1_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Mike\Desktop\New Briefcase\Nero-7.7.5.1_eng_trial.exe RAR: infected - 1 skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012007041520070416\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP71\A0023502.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP72\A0023586.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP78\A0023748.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025716.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025718.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025719.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025720.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025721.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025722.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025724.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025725.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025727.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025728.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025729.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025733.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025734.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025736.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025738.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025739.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025743.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025744.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025747.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025748.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025749.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025750.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025753.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025754.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025755.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025756.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025758.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025759.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025760.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP90\A0026446.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP94\A0026507.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP94\A0026507.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP94\A0026507.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP95\change.log Object is locked skipped
C:\VundoFix Backups\aihnjrpf.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\awtqo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\VundoFix Backups\axafrdhw.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\bkfxnuti.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\cxibdlhb.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\dajtskbl.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\eoorognw.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\etgfskqs.dll.bad Infected: Packed.Win32.Klone.j skipped
C:\VundoFix Backups\fqoujmrs.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\fuvgkqeh.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\geilofps.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\gprkdkgo.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\iewwuypo.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\jmphqjff.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\kaeqfeky.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\lftfrwqo.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\llwjktrl.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\odltmqcc.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\oqpfaswd.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\pmnlm.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fl skipped
C:\VundoFix Backups\ppshuqpt.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\qcqutxdg.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\rfbtirdc.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\ujrlwxhp.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\vobrxijr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\wvywnjcp.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xpcbrthr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xtrdfihy.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\xvdaybfe.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\VundoFix Backups\yaeyshwg.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bdmtjqiv.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\bxtfhvda.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cqaqadhq.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\daseteum.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\fhqrtmqo.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\fwtqdktt.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\hhqqlmuy.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\jsojpsfy.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\ksmptuuv.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\kurseohx.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\lubiroaj.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\lvlsxgpg.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\oobubtxp.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\orwwbiql.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\twargwlh.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xmwduhmr.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\xxwqrwpr.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000004-00000000-00000006-00001102-00000004-00511102}.CDF Object is locked skipped
Scan process completed.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:52:47 PM 14/04/2007
+ Scan result:
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025730.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025740.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{59F47AAD-C1F5-4875-B7B5-2C79F753BED5}\RP83\A0025751.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\hgghhfc.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljihhh.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\rqrpppo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 4:55:37 PM, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Mike\Desktop\HJT\removal.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175623727953
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe