Spybot Logo
Go Back   Safer Networking Forums > General Malware > Archives
Reload this Page Getting popups for antivirus software
Register ProjectsBlogs FAQ Search Today's Posts Mark Forums Read Home Support Download Donate

 
Page 1 of 2 1 2
 
Thread Tools Display Modes
Old 2008-08-31, 03:56   #1
just7ofus
Junior Member
 
Join Date: Aug 2008
Posts: 5
Default Getting popups for antivirus software
Know the ads I am getting are for malware - here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:59 PM, on 8/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Mom and Dad\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [A00F9AF5E.exe] C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\_A00F9AF5E.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1207282243500
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Mis...RichUpload.cab
O20 - Winlogon Notify: __c008FE40 - C:\WINDOWS\system32\__c008FE40.dat
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

--
End of file - 6501 bytes
just7ofus is offline  
Old 2008-09-01, 10:30   #2
Shaba
Security Expert
 
Shaba's Avatar
 
Join Date: Oct 2006
Location: Finland
Posts: 28,470
Default
Hi just7ofus

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

After that, please post back a fresh HijackThis log
__________________
Microsoft MVP Consumer Security 2008 2009

Member of ASAP and UNITE since 2006

Please don't use PMs for requesting help. The Forums are there for a reason.
Shaba is offline  
Old 2008-09-04, 08:46   #3
just7ofus
Junior Member
 
Join Date: Aug 2008
Posts: 5
Default
Thanks for the reply. I was using spybot - it's in the log, but I uninstalled it - installed Avira and ran it - found 4 items which were removed. The malware popups have been almost constant but since I ran the Avira - I haven't had one. Here is my newest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:48 PM, on 9/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Mom and Dad\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [A00F9AF5E.exe] C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\_A00F9AF5E.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1207282243500
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Mis...RichUpload.cab
O20 - Winlogon Notify: __c008FE40 - C:\WINDOWS\system32\__c008FE40.dat (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

--
End of file - 6591 bytes


Thanks again!
just7ofus is offline  
Old 2008-09-04, 12:58   #4
Shaba
Security Expert
 
Shaba's Avatar
 
Join Date: Oct 2006
Location: Finland
Posts: 28,470
Default
Yes it looks like that Avira removed some.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
__________________
Microsoft MVP Consumer Security 2008 2009

Member of ASAP and UNITE since 2006

Please don't use PMs for requesting help. The Forums are there for a reason.
Shaba is offline  
Old 2008-09-05, 04:35   #5
just7ofus
Junior Member
 
Join Date: Aug 2008
Posts: 5
Default
Here they are...

Logfile of random's system information tool (written by random/random)
Run by Mom and Dad at 2008-09-04 18:33:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 29 GB (75%) free of 38 GB
Total RAM: 478 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:58 PM, on 9/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Documents and Settings\Mom and Dad\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mom and Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Mom and Dad\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [A00F9AF5E.exe] C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\_A00F9AF5E.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1207282243500
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Mis...RichUpload.cab
O20 - Winlogon Notify: __c008FE40 - C:\WINDOWS\system32\__c008FE40.dat (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

--
End of file - 6596 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! 工具列 - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2003-07-29 638976]
""= []
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2003-07-18 49152]
"CeEPOWER"=C:\Program Files\TOSHIBA\Power Management\CePMTray.exe [2003-07-23 135168]
"NDSTray.exe"=C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2003-01-17 458752]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2003-05-29 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-05-29 114688]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"cdloader"=C:\Documents and Settings\Mom and Dad\Application Data\mjusbsp\cdloader2.exe [2008-06-12 50520]
"A00F9AF5E.exe"=C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\_A00F9AF5E.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-05-29 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008FE40]
C:\WINDOWS\system32\__c008FE40.dat []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Mom and Dad\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Mom and Dad\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{672dcd62-4e2e-11dd-901b-0090966dff20}]
shell\AutoRun\command - E:\autorun.exe
shell\phone\command - E:\autorun.exe


List of files/folders created in the last three months

2008-09-04 18:33:47 ----D---- C:\rsit
2008-09-03 21:15:19 ----D---- C:\Program Files\Avira
2008-09-03 21:15:19 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-02 17:05:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-30 17:42:31 ----D---- C:\Program Files\Trend Micro
2008-08-30 11:25:33 ----D---- C:\WINDOWS\Prefetch
2008-08-30 11:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-30 11:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-30 11:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-30 11:15:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-30 11:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-30 11:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-30 11:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-30 11:14:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-30 11:14:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-30 11:04:58 ----D---- C:\WINDOWS\system32\scripting
2008-08-30 11:04:55 ----D---- C:\WINDOWS\l2schemas
2008-08-30 11:04:54 ----D---- C:\WINDOWS\system32\en
2008-08-30 10:38:25 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-22 23:16:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-08-22 23:16:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 11:29:50 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-08-15 22:15:39 ----D---- C:\WINDOWS\Minidump
2008-08-14 15:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-14 15:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-14 15:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 15:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-14 15:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 15:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-14 15:55:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-01 19:50:02 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-01 19:49:56 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-01 19:49:53 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-01 19:49:53 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-01 19:49:44 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-01 19:49:44 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-01 19:49:30 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-01 19:49:26 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-01 19:49:25 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-01 19:49:23 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-01 19:49:22 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-01 19:49:22 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-01 19:49:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-01 19:49:20 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-01 19:49:17 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-01 19:49:06 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-01 19:49:06 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-01 19:49:06 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-01 19:49:05 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-01 19:49:04 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-01 19:49:02 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-01 19:49:02 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-01 19:48:44 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-01 19:48:44 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-01 19:48:44 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-01 19:48:44 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-01 19:48:31 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-01 19:48:30 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-01 19:48:29 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-01 19:48:29 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-01 19:48:29 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-01 19:48:29 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-01 19:48:11 ----A---- C:\WINDOWS\005303_.tmp
2008-08-01 19:48:09 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-01 19:48:09 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-01 19:48:09 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-01 19:48:09 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-01 19:48:09 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-01 19:48:09 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-01 19:48:08 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-01 19:48:08 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-01 19:48:05 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-01 19:48:05 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-01 19:48:05 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-01 19:48:05 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-01 19:48:05 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-01 19:48:04 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-01 19:48:04 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-01 19:48:03 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-01 19:48:03 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-01 19:48:01 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-01 19:47:58 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-01 19:47:51 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-01 19:47:51 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-01 19:47:42 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-07-14 12:07:59 ----D---- C:\Program Files\MSXML 4.0
2008-07-14 12:07:01 ----D---- C:\Program Files\Datel
2008-07-09 21:31:36 ----D---- C:\Documents and Settings\Mom and Dad\Application Data\mjusbsp
2008-07-09 20:15:54 ----D---- C:\Documents and Settings\Mom and Dad\Application Data\EA
2008-07-09 20:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\EA
2008-07-09 20:15:20 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-09 09:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-06-30 13:37:59 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-06-23 16:50:26 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-06-22 19:41:58 ----D---- C:\WINDOWS\Sun
2008-06-22 19:41:58 ----D---- C:\Documents and Settings\Mom and Dad\Application Data\Sun
2008-06-22 19:41:35 ----A---- C:\WINDOWS\system32\javaws.exe
2008-06-22 19:41:35 ----A---- C:\WINDOWS\system32\javaw.exe
2008-06-22 19:41:35 ----A---- C:\WINDOWS\system32\java.exe
2008-06-22 19:40:53 ----D---- C:\Program Files\Java
2008-06-22 19:40:33 ----D---- C:\Program Files\Common Files\Java
2008-06-22 13:38:31 ----D---- C:\WINDOWS\ie7updates
2008-06-22 13:37:27 ----D---- C:\WINDOWS\WBEM
2008-06-22 13:37:25 ----D---- C:\WINDOWS\system32\en-US
2008-06-22 13:35:38 ----HDC---- C:\WINDOWS\ie7
2008-06-22 13:35:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-06-22 13:35:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-06-22 13:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-06-22 13:34:31 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-06-22 13:33:18 ----D---- C:\WINDOWS\network diagnostic
2008-06-22 13:33:16 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-06-22 13:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-06-22 07:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-06-22 07:05:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-06-22 07:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-06-22 07:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-06-22 07:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-06-22 07:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2008-06-22 07:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-06-22 07:04:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-06-22 07:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2008-06-22 07:04:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-06-22 07:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-06-22 07:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-06-22 07:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-06-22 07:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-06-22 07:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2008-06-22 07:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2008-06-22 07:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-06-22 07:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2008-06-22 07:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-06-22 07:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-06-22 07:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2008-06-22 07:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-06-22 07:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-06-22 07:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2008-06-22 07:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-06-22 07:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-06-22 07:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-06-22 07:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-06-22 07:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-06-22 07:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-06-22 07:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-06-22 07:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-06-22 07:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-06-22 07:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-06-22 07:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2008-06-22 07:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-06-22 07:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-06-22 07:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-22 07:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-06-22 06:59:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-06-22 06:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB944338$
2008-06-22 06:59:40 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-06-22 06:59:33 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-06-22 06:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-06-22 06:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-06-22 06:59:15 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-06-22 06:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-06-22 06:59:03 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-06-22 06:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
2008-06-22 06:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-06-22 06:58:35 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-06-22 06:58:29 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-06-22 06:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-06-22 06:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-06-22 06:57:21 ----A---- C:\WINDOWS\CeEKey.INI
2008-06-21 14:45:34 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-06-20 22:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-06-20 22:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-06-20 22:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-06-20 22:16:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-06-20 22:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-06-20 22:14:52 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-06-20 22:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-06-20 22:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-06-20 22:12:49 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-06-20 22:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-06-20 22:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-06-20 22:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-06-20 22:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-06-20 22:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-06-20 22:07:47 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-06-20 22:06:00 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-06-20 22:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-06-20 22:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-06-20 22:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-06-20 22:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-06-20 22:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-06-20 21:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-06-20 21:58:48 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-06-20 21:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-06-20 21:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-06-20 21:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-06-20 21:56:29 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-06-20 21:55:47 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-06-20 21:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-06-20 21:54:20 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-06-20 21:53:39 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-06-20 21:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-06-20 21:52:23 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-06-20 21:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-06-20 21:51:15 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-06-20 21:50:40 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-06-20 21:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-06-20 21:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-06-20 21:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-06-20 21:48:27 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-06-20 21:47:52 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-06-20 21:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-06-20 21:46:42 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-06-20 21:45:56 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-06-20 21:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-06-20 21:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-06-20 21:38:10 ----D---- C:\WINDOWS\peernet
2008-06-20 21:38:09 ----D---- C:\WINDOWS\provisioning
2008-06-20 21:35:14 ----D---- C:\WINDOWS\ServicePackFiles
2008-06-20 21:26:10 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-06-20 21:26:04 ----D---- C:\WINDOWS\EHome
2008-06-20 20:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB899587_0$
2008-06-20 20:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB924191_0$
2008-06-20 20:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB922819_0$
2008-06-20 20:29:00 ----A---- C:\WINDOWS\system32\MRT.exe
2008-06-20 20:28:32 ----HDC---- C:\WINDOWS\$NtUninstallKB885835_0$
2008-06-20 20:27:47 ----HDC---- C:\WINDOWS\$NtUninstallKB885836_0$
2008-06-20 20:27:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923414_0$
2008-06-20 20:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB921883_0$
2008-06-20 20:25:53 ----HDC---- C:\WINDOWS\$NtUninstallKB911927_0$
2008-06-20 20:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB922616_0$
2008-06-20 20:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB901017_0$
2008-06-20 20:23:56 ----HDC---- C:\WINDOWS\$NtUninstallKB899591_0$
2008-06-20 20:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB920685_0$
2008-06-20 20:22:45 ----HDC---- C:\WINDOWS\$NtUninstallKB896424_0$
2008-06-20 20:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB893756_0$
2008-06-20 20:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB911280_0$
2008-06-20 20:21:04 ----HDC---- C:\WINDOWS\$NtUninstallKB911562_0$
2008-06-20 20:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB896423_0$
2008-06-20 20:20:03 ----HDC---- C:\WINDOWS\$NtUninstallKB873339_0$
2008-06-20 20:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB924496_0$
2008-06-20 20:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$
2008-06-20 20:18:11 ----HDC---- C:\WINDOWS\$NtUninstallKB921398_0$
2008-06-20 20:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$
2008-06-20 20:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB896358_0$
2008-06-20 20:17:00 ----HDC---- C:\WINDOWS\$NtUninstallKB910437_0$
2008-06-20 20:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB905495$
2008-06-20 20:16:09 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-06-20 20:15:30 ----HDC---- C:\WINDOWS\$NtUninstallKB902400_0$
2008-06-20 20:15:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920670_0$
2008-06-20 20:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB891781_0$
2008-06-20 20:14:32 ----A---- C:\WINDOWS\setdebug.exe
2008-06-20 20:14:31 ----A---- C:\WINDOWS\system32\jit.dll
2008-06-20 20:14:31 ----A---- C:\WINDOWS\system32\javaee.dll
2008-06-20 20:14:31 ----A---- C:\WINDOWS\system32\dx3j.dll
2008-06-20 20:14:25 ----A---- C:\WINDOWS\system32\wjview.exe
2008-06-20 20:14:25 ----A---- C:\WINDOWS\system32\vmhelper.dll
2008-06-20 20:14:24 ----A---- C:\WINDOWS\system32\msjdbc10.dll
2008-06-20 20:14:24 ----A---- C:\WINDOWS\system32\msjava.dll
2008-06-20 20:14:23 ----A---- C:\WINDOWS\system32\msawt.dll
2008-06-20 20:14:23 ----A---- C:\WINDOWS\system32\jview.exe
2008-06-20 20:14:23 ----A---- C:\WINDOWS\system32\jdbgmgr.exe
2008-06-20 20:14:22 ----A---- C:\WINDOWS\system32\javart.dll
2008-06-20 20:14:22 ----A---- C:\WINDOWS\system32\javaprxy.dll
2008-06-20 20:14:22 ----A---- C:\WINDOWS\system32\javacypt.dll
2008-06-20 20:14:21 ----A---- C:\WINDOWS\system32\clspack.exe
2008-06-20 20:14:00 ----HDC---- C:\WINDOWS\$NtUninstallKB890046_0$
2008-06-20 20:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB919007_0$
2008-06-20 20:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB914388_0$
2008-06-20 20:12:46 ----HDC---- C:\WINDOWS\$NtUninstallKB917344_0$
2008-06-20 20:11:53 ----HDC---- C:\WINDOWS\$NtUninstallKB905414_0$
2008-06-20 20:11:40 ----D---- C:\Program Files\MSECache
2008-06-20 20:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB917953_0$
2008-06-20 20:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB917734_WMP8$
2008-06-20 20:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB901214_0$
2008-06-20 20:09:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923191_0$
2008-06-20 20:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB917422_0$
2008-06-20 20:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB888302_0$
2008-06-20 20:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB900725_0$
2008-06-20 20:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB912919_0$
2008-06-20 20:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$
2008-06-20 20:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$
2008-06-20 20:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB904706_0$
2008-06-20 20:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB908531_0$
2008-06-20 20:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB905749_0$
2008-06-20 20:05:48 ----HDC---- C:\WINDOWS\$NtUninstallKB913580_0$
2008-06-20 20:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB896428_0$
2008-06-20 20:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB835409$
2008-06-20 20:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB908519_0$
2008-06-20 20:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB920683_0$
2008-06-20 20:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB914389_0$
2008-06-20 20:00:03 ----HDC---- C:\WINDOWS\$NtUninstallKB890859_0$
2008-06-20 19:56:52 ----N---- C:\WINDOWS\system32\spnpinst.exe
2008-06-20 19:39:00 ----A---- C:\WINDOWS\system32\esent.dll

List of drivers

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2002-12-18 5888]
R1 SrvcEPIOMngr;SrvcEPIOMngr; C:\WINDOWS\System32\Drivers\EPIoMngr.sys [2002-12-18 5888]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2002-12-18 5888]
R1 SrvcTPIOMngr;SrvcTPIOMngr; C:\WINDOWS\System32\Drivers\TPIoMngr.sys [2002-07-17 4183]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-06-13 114880]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-06-13 80512]
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011; C:\WINDOWS\system32\drivers\wA301a.sys [2003-06-13 33847]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-05-14 740044]
R3 AR5211;Atheros AR5001 Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5211.sys [2003-07-29 322720]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EPOWER;Compal E-POWER Driver; C:\WINDOWS\System32\Drivers\hkdrv.sys [2008-04-01 6896]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-06-13 89787]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

List of services

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 CeEPwrSvc;CeEPwrSvc; C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe [2003-07-11 73728]

-----------------EOF-----------------


info.txt logfile of random's system information tool 2008-09-04 18:34:05

Uninstall list

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\Setup.exe"
TOSHIBA Hotkey Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{41DBA4F1-E295-41B3-9922-7B346C5B8EBF} /l1033
TOSHIBA Power Management Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B83DA26B-5237-41E8-8612-8F3F63F69811} /l1033
TouchPad On/Off Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{107C7E59-F4CF-444F-BCCC-8223137D1AD1} /l1033
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! 工具列-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Security center information

AV: Avira AntiVir PersonalEdition

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

thanks for your help - haven't had a popup since yesterday...
just7ofus is offline  
Old 2008-09-05, 10:44   #6
Shaba
Security Expert
 
Shaba's Avatar
 
Join Date: Oct 2006
Location: Finland
Posts: 28,470
Default
That's nice to hear

Open HijackThis, click do a system scan only and checkmark these:

O4 - HKCU\..\Run: [A00F9AF5E.exe] C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\_A00F9AF5E.exe
O20 - Winlogon Notify: __c008FE40 - C:\WINDOWS\system32\__c008FE40.dat (file missing)

Close all windows including browser and press fix checked.

Reboot.

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
__________________
Microsoft MVP Consumer Security 2008 2009

Member of ASAP and UNITE since 2006

Please don't use PMs for requesting help. The Forums are there for a reason.
Shaba is offline  
Old 2008-09-09, 08:38   #7
just7ofus
Junior Member
 
Join Date: Aug 2008
Posts: 5
Default
The Kapersky scan came up clean - nothing found. Here is my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:41 PM, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Mom and Dad\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1207282243500
O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Mis...RichUpload.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe

--
End of file - 6474 bytes
just7ofus is offline  
Old 2008-09-09, 15:55   #8
Shaba
Security Expert
 
Shaba's Avatar
 
Join Date: Oct 2006
Location: Finland
Posts: 28,470
Default
Nice to hear

Any problems left?
__________________
Microsoft MVP Consumer Security 2008 2009

Member of ASAP and UNITE since 2006

Please don't use PMs for requesting help. The Forums are there for a reason.
Shaba is offline  
Old 2008-09-09, 16:44   #9
just7ofus
Junior Member
 
Join Date: Aug 2008
Posts: 5
Smile
No, haven't had any more of those popups since running the Avira. Prior to this, I had never heard of it. I like it and will keep using it.

Thanks a TON!
just7ofus is offline  
Old 2008-09-09, 16:49   #10
Shaba
Security Expert
 
Shaba's Avatar
 
Join Date: Oct 2006
Location: Finland
Posts: 28,470
Default
Great

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 7.

Next we remove all used tools.

You can delete RSIT.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
__________________
Microsoft MVP Consumer Security 2008 2009

Member of ASAP and UNITE since 2006

Please don't use PMs for requesting help. The Forums are there for a reason.
Shaba is offline  
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 08:55.

Contact Us - Safer Networking Limited - Archive - Privacy Statement - Top

Copyright © 2000-2009 Safer Networking Limited. All rights reserved.