Ok well before I start off, I'd like to say that I have cleared the main annoyances of my problem. I registered here because I still think, however, that I am vulnerable to attacks. The firewall within Spy Sweeper is still picking up and blocking things.
The problem I had before included many different trojans and spyware, that got wrapped into a single download my sister got. Apparently she doesn't know not to open 21kb .exe files...
The precautions I've taken so far were as follows:
1. Turned off my internet, I knew a trojan would likely redownload itself until all of its virus and spyware files were removed. I put my internet back on when I thought this was the case.
2. Did a scan with AVG Anti-Virus Free, and it was unable to remove most of what it found... What remained, I was able to delete by finding manually with the help of the AVG logs. (Details about viruses will be below)
3. Did a scan with WebRoot Spy Sweeper, it found a lot of things and got rid of them. (Details about this will be below)
4. Found some IE plugins that didn't belong with the Spy Sweeper's Browser Helper Objects section and removed them. For the first time after doing that, I finally stopped having a hijacked homepage.
Anyway, the problems were as follows:
1. Homepage was jacked by one of a million different "your pc is insecure" programs that tried to sell me on scams. This one took me to uptodateprotection(dot)com (don't want to make a link), as well as syssecuritypage(dot)net at some point in time. All of this was in Internet Explorer, with Firefox completely untouched and properly working.
2. Randomly when not even using IE, I would get popups.
3. The URLs of these popups from history were all from these 4 IP's - 216.255.178.206, 70.86.120.154, 70.87.13.78, and 85.12.25.90.
4. The hijacked homepage downloaded many files that I believe started with is... One I do remember was called ishost. There were probably 40 files in Temp that started with is and finished with .tmp.exe or .exe.tmp (don't remember which for sure). One or more would start up any time I opened IE to that homepage, and then I'd start seeing other problems returning.
5. I had something called SafetyBar, obviously junk as well. It's now gone as well, picked up by Spy Sweeper and quarantined.
6. I had a problem with winlogon.exe or some similar name, though I believe that was it. I would get the errors that allowed me to send an error report to Microsoft (I had my Internet off), so I hit Dont Send, and ignored things. Later, I'd get the Blue Screen of Death with an error relating to winlogon.exe.
------
My current problems
------
Currently my firewall is picking up attempted connections from different IP's and websites, which is why I think I'm still vulnerable. Obviously something is still on the computer attempting to give me problems or at least display advertisements, and I can't seem to find it.
If it helps, these are 2 of the websites it just refused.
here4search(dot)biz
smart-security(dot)biz
And, there was another one that included musa in there, if that's of any help.
------
Exact viruses/spyware found
------
Viruses:
Downloader.Generic2.LOl (might be a zero in LOl) - C:\WINDOWS\g1732734.dll
Downloader.Generic2.MOH (might be a zero in MOH) - C:\WINDOWS\compstuih.dll
Generic.WUE - C:\Documents and Settings\Beau\Local Settings\Temporary Internet Files\Content.IE5\DB31N0JN\srvaoq[1].exe
Spyware:
security2k hijacker
trojan-downloader-2pursuit
trojan-downloader-zlob
trojan agent winlogonhook
maxifiles
safety bar
system doctor 2006 fakealert
And then just a bunch of cookies.
----------------
The reason I've given so much detail is because I believe my problem was bundled with some of that, it all came launched into this 21kb file my sister downloaded and now I'm in hell >.< So just to repeat, my main problem is that my firewall is still blocking attempted connections, while experiencing no serious symptoms.
Here's my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 4:41:53 AM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Xampp\xampp\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Xampp\xampp\apache\bin\apache.exe
C:\Xampp\xampp\FileZillaFTP\FileZillaServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Xampp\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Veoh\VeohClientService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\idd2F0.tmp.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Beau\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runemasters.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runemasters.net/
O3 - Toolbar: My Toolbar - {38D2A281-0444-433C-9ED6-A2851795F32A} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Spy Sweeper.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: My toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll
O9 - Extra 'Tools' menuitem: My Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\WINDOWS\awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_43.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_04) -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD70B6D6-C476-4682-9700-F0BAED923172}: NameServer = 192.168.0.1,205.171.3.65
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Xampp\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Xampp\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: mysql - Unknown owner - C:\Xampp\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Program Files\Veoh\VeohClientService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Xampp\xampp\service.exe
The problem I had before included many different trojans and spyware, that got wrapped into a single download my sister got. Apparently she doesn't know not to open 21kb .exe files...
The precautions I've taken so far were as follows:
1. Turned off my internet, I knew a trojan would likely redownload itself until all of its virus and spyware files were removed. I put my internet back on when I thought this was the case.
2. Did a scan with AVG Anti-Virus Free, and it was unable to remove most of what it found... What remained, I was able to delete by finding manually with the help of the AVG logs. (Details about viruses will be below)
3. Did a scan with WebRoot Spy Sweeper, it found a lot of things and got rid of them. (Details about this will be below)
4. Found some IE plugins that didn't belong with the Spy Sweeper's Browser Helper Objects section and removed them. For the first time after doing that, I finally stopped having a hijacked homepage.
Anyway, the problems were as follows:
1. Homepage was jacked by one of a million different "your pc is insecure" programs that tried to sell me on scams. This one took me to uptodateprotection(dot)com (don't want to make a link), as well as syssecuritypage(dot)net at some point in time. All of this was in Internet Explorer, with Firefox completely untouched and properly working.
2. Randomly when not even using IE, I would get popups.
3. The URLs of these popups from history were all from these 4 IP's - 216.255.178.206, 70.86.120.154, 70.87.13.78, and 85.12.25.90.
4. The hijacked homepage downloaded many files that I believe started with is... One I do remember was called ishost. There were probably 40 files in Temp that started with is and finished with .tmp.exe or .exe.tmp (don't remember which for sure). One or more would start up any time I opened IE to that homepage, and then I'd start seeing other problems returning.
5. I had something called SafetyBar, obviously junk as well. It's now gone as well, picked up by Spy Sweeper and quarantined.
6. I had a problem with winlogon.exe or some similar name, though I believe that was it. I would get the errors that allowed me to send an error report to Microsoft (I had my Internet off), so I hit Dont Send, and ignored things. Later, I'd get the Blue Screen of Death with an error relating to winlogon.exe.
------
My current problems
------
Currently my firewall is picking up attempted connections from different IP's and websites, which is why I think I'm still vulnerable. Obviously something is still on the computer attempting to give me problems or at least display advertisements, and I can't seem to find it.
If it helps, these are 2 of the websites it just refused.
here4search(dot)biz
smart-security(dot)biz
And, there was another one that included musa in there, if that's of any help.
------
Exact viruses/spyware found
------
Viruses:
Downloader.Generic2.LOl (might be a zero in LOl) - C:\WINDOWS\g1732734.dll
Downloader.Generic2.MOH (might be a zero in MOH) - C:\WINDOWS\compstuih.dll
Generic.WUE - C:\Documents and Settings\Beau\Local Settings\Temporary Internet Files\Content.IE5\DB31N0JN\srvaoq[1].exe
Spyware:
security2k hijacker
trojan-downloader-2pursuit
trojan-downloader-zlob
trojan agent winlogonhook
maxifiles
safety bar
system doctor 2006 fakealert
And then just a bunch of cookies.
----------------
The reason I've given so much detail is because I believe my problem was bundled with some of that, it all came launched into this 21kb file my sister downloaded and now I'm in hell >.< So just to repeat, my main problem is that my firewall is still blocking attempted connections, while experiencing no serious symptoms.
Here's my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 4:41:53 AM, on 9/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Xampp\xampp\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Xampp\xampp\apache\bin\apache.exe
C:\Xampp\xampp\FileZillaFTP\FileZillaServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Xampp\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Veoh\VeohClientService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\idd2F0.tmp.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Beau\Desktop\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runemasters.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runemasters.net/
O3 - Toolbar: My Toolbar - {38D2A281-0444-433C-9ED6-A2851795F32A} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Spy Sweeper.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: My toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll
O9 - Extra 'Tools' menuitem: My Toolbar - {9BE4715D-8249-4f24-9ED6-3F3543A5A221} - C:\Program Files\Text-Reader programs\My Toolbar\TRReaderBar_.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://D:\WINDOWS\awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_43.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_04) -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD70B6D6-C476-4682-9700-F0BAED923172}: NameServer = 192.168.0.1,205.171.3.65
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Xampp\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Xampp\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - rundll32.exe (file missing)
O23 - Service: mysql - Unknown owner - C:\Xampp\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Program Files\Veoh\VeohClientService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Xampp\xampp\service.exe