Tech Support Forum - View Single Post

Phuong · 12-04-2006, 02:20 PM

Once again I'm so sorry for the late reply. You have no idea how much I appreciate you being patient with me. I got the chance to follow your instructions and here are the two logs for you to view.

In the kaspersky onliner scanner, it mentioned that I had 3 viruses, 12 infected files and 2 suspicious objects =/

Monday, December 04, 2006 1:16:48 PM
Operating System: Microsoft Windows Millennium Edition
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/12/2006
Kaspersky Anti-Virus database records: 248044
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
a:\
c:\
d:\
e:\
f:\
Scan Statistics
Total number of scanned objects 25196
Number of viruses found 3
Number of infected objects 12 / 0
Number of suspicious objects 2
Duration of the scan process 00:33:38

Infected Object Name Virus Name Last Action
c:\_RESTORE\ARCHIVE\FS78.CAB/A0011035.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
c:\_RESTORE\ARCHIVE\FS78.CAB/A0011035.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.VB.y skipped
c:\_RESTORE\ARCHIVE\FS78.CAB/A0011035.CPY/stream Infected: not-a-virus:AdWare.Win32.VB.y skipped
c:\_RESTORE\ARCHIVE\FS78.CAB/A0011035.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped
c:\_RESTORE\ARCHIVE\FS78.CAB CAB: infected - 4 skipped
c:\_RESTORE\ARCHIVE\FS576.CAB/A1819674280.CPY Infected: not-a-virus:AdWare.Win32.BHO.ba skipped
c:\_RESTORE\ARCHIVE\FS576.CAB CAB: infected - 1 skipped
c:\_RESTORE\ARCHIVE\FS572.CAB/A1819673965.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped
c:\_RESTORE\ARCHIVE\FS572.CAB/A1819673966.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped
c:\_RESTORE\ARCHIVE\FS572.CAB/A1819673967.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped
c:\_RESTORE\ARCHIVE\FS572.CAB/A1819673968.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped
c:\_RESTORE\ARCHIVE\FS572.CAB CAB: infected - 4 skipped
c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped
c:\_RESTORE\LOGS\vxdalt1.log Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped
c:\WINDOWS\SchedLog.Txt Object is locked skipped
c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\WINDOWS\Application Data\AVG7\Log\emc.log Object is locked skipped
c:\WINDOWS\Sti_Trace.log Object is locked skipped
c:\WINDOWS\Sti_Event.log Object is locked skipped
c:\WINDOWS\wiaservc.log Object is locked skipped
c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS\Cookies\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
c:\WINDOWS\WIN386.SWP Object is locked skipped
c:\Recycled\Dc372.zip/RemoveMM.exe Suspicious: Password-protected-EXE skipped
c:\Recycled\Dc372.zip ZIP: suspicious - 1 skipped
Scan process completed.

And here is my hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 1:17:39 PM, on 12/4/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\WSCRIPT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [CamWizard] C:\PROGRAM FILES\COMMON FILES\LABTEC\QCDRV\BIN\CamWizrd.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SCIEPLUGIN.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...bscan_ansi.cab

12-04-2006, 02:20 PM	#8 (permalink)
Phuong Registered User Join Date: Nov 2006 Posts: 7 OS: Windows ME	Once again I'm so sorry for the late reply. You have no idea how much I appreciate you being patient with me. I got the chance to follow your instructions and here are the two logs for you to view. In the kaspersky onliner scanner, it mentioned that I had 3 viruses, 12 infected files and 2 suspicious objects =/ Monday, December 04, 2006 1:16:48 PM Operating System: Microsoft Windows Millennium Edition Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 4/12/2006 Kaspersky Anti-Virus database records: 248044 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer a:\ c:\ d:\ e:\ f:\ Scan Statistics Total number of scanned objects 25196 Number of viruses found 3 Number of infected objects 12 / 0 Number of suspicious objects 2 Duration of the scan process 00:33:38 Infected Object Name Virus Name Last Action c:\_RESTORE\ARCHIVE\FS78.CAB/A0011035.CPY/stream/data0005 Infected: not-a-virus:AdWare.Win32.BHO.ba skipped c:\_RESTORE\ARCHIVE\FS78.CAB/A0011035.CPY/stream/data0006 Infected: not-a-virus:AdWare.Win32.VB.y skipped c:\_RESTORE\ARCHIVE\FS78.CAB/A0011035.CPY/stream Infected: not-a-virus:AdWare.Win32.VB.y skipped c:\_RESTORE\ARCHIVE\FS78.CAB/A0011035.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped c:\_RESTORE\ARCHIVE\FS78.CAB CAB: infected - 4 skipped c:\_RESTORE\ARCHIVE\FS576.CAB/A1819674280.CPY Infected: not-a-virus:AdWare.Win32.BHO.ba skipped c:\_RESTORE\ARCHIVE\FS576.CAB CAB: infected - 1 skipped c:\_RESTORE\ARCHIVE\FS572.CAB/A1819673965.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped c:\_RESTORE\ARCHIVE\FS572.CAB/A1819673966.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped c:\_RESTORE\ARCHIVE\FS572.CAB/A1819673967.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped c:\_RESTORE\ARCHIVE\FS572.CAB/A1819673968.CPY Infected: not-a-virus:AdWare.Win32.VB.y skipped c:\_RESTORE\ARCHIVE\FS572.CAB CAB: infected - 4 skipped c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped c:\_RESTORE\LOGS\vxdalt1.log Object is locked skipped c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped c:\WINDOWS\SchedLog.Txt Object is locked skipped c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped c:\WINDOWS\Application Data\AVG7\Log\emc.log Object is locked skipped c:\WINDOWS\Sti_Trace.log Object is locked skipped c:\WINDOWS\Sti_Event.log Object is locked skipped c:\WINDOWS\wiaservc.log Object is locked skipped c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped c:\WINDOWS\Cookies\index.dat Object is locked skipped c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped c:\WINDOWS\WIN386.SWP Object is locked skipped c:\Recycled\Dc372.zip/RemoveMM.exe Suspicious: Password-protected-EXE skipped c:\Recycled\Dc372.zip ZIP: suspicious - 1 skipped Scan process completed. And here is my hijack log: Logfile of HijackThis v1.99.1 Scan saved at 1:17:39 PM, on 12/4/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\WSCRIPT.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\WINDOWS\SYSTEM\LVCOMS.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\HPZTSB04.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\AIM\AIM.EXE C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [CamWizard] C:\PROGRAM FILES\COMMON FILES\LABTEC\QCDRV\BIN\CamWizrd.exe O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 6.0\SCIEPLUGIN.DLL O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...bscan_ansi.cab