problem with popups

Iain-Finnigan · November 2008

Hi, I'm having problems with popups on my computer trying to get me to buy antispyware. Its the same grey window popup every time that says your computer has problems blah blah blah.... buy our product and we'll fix your problem. I've run spybot and adaware, but am still getting the popup. Thank you in advance for your help - also if you have any suggestions on a good free antivirus program I would greatly appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:34 PM, on 11/21/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Picasa3\Picasa3.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Iain Finnigan\Desktop\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-746137067-1580818891-854245398-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Julie Finnigan')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe

--
End of file - 3218 bytes

Veka · November 2008

Please download to your desktop:

Malwarebytes' Anti-Malware (MBAM)
Random's System Iformation Tool (RSIT)

Step 2:
Run MBAM

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Reboot your computer after the scan!

Step 3:
Run RSIT

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (will be maximized) and info.txt (will be minimized).

Iain-Finnigan · November 2008

Hi - I ran both scans. Here are the logs:

Malwarebytes:

Malwarebytes' Anti-Malware 1.30
Database version: 1416
Windows 5.1.2600

11/22/2008 5:54:19 PM
mbam-log-2008-11-22 (17-54-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 52173
Time elapsed: 34 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

rsit log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Iain Finnigan at 2008-11-22 17:56:56
Microsoft Windows XP Home Edition
System drive C: has 34 GB (89%) free of 38 GB
Total RAM: 382 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:04 PM, on 11/22/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Picasa3\Picasa3.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Iain Finnigan\Desktop\RSIT.exe
C:\Documents and Settings\Iain Finnigan\Desktop\Iain Finnigan.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\System32\GPhotos.scr/200
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe

--
End of file - 3341 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2001-08-18 843804]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2000-08-08 24576]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2000-08-08 311350]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2001-08-02 1077277]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-22 17:56:56 ----D---- C:\rsit
2008-11-22 17:07:49 ----D---- C:\Documents and Settings\Iain Finnigan\Application Data\Malwarebytes
2008-11-22 17:07:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-22 17:07:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-21 01:10:24 ----D---- C:\WINDOWS\System32\bits
2008-11-21 01:10:19 ----N---- C:\WINDOWS\System32\spmsg.dll
2008-11-21 01:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-11-20 01:13:16 ----N---- C:\WINDOWS\System32\xpob2res.dll
2008-11-20 01:13:16 ----N---- C:\WINDOWS\System32\bitsprx3.dll
2008-11-20 01:13:16 ----N---- C:\WINDOWS\System32\bitsprx2.dll
2008-11-20 01:13:16 ----A---- C:\WINDOWS\System32\winhttp.dll
2008-11-20 01:13:16 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2008-11-16 21:30:16 ----A---- C:\WINDOWS\System32\fpimage.dll
2008-11-16 21:30:15 ----D---- C:\Program Files\Respondus LockDown Browser
2008-11-16 21:30:00 ----D---- C:\Documents and Settings\Iain Finnigan\Application Data\InstallShield
2008-11-15 15:26:47 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-11-15 14:44:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-15 14:44:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 14:40:33 ----D---- C:\Program Files\Lavasoft
2008-11-15 14:40:32 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-15 14:39:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-15 02:14:50 ----D---- C:\WINDOWS\System32\SoftwareDistribution
2008-11-15 02:13:17 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-15 02:13:13 ----A---- C:\WINDOWS\System32\wuweb.dll
2008-11-15 02:13:13 ----A---- C:\WINDOWS\System32\wups.dll
2008-11-15 02:13:13 ----A---- C:\WINDOWS\System32\wucltui.dll
2008-11-15 02:13:13 ----A---- C:\WINDOWS\System32\wuaueng1.dll
2008-11-15 02:13:13 ----A---- C:\WINDOWS\System32\wuauclt1.exe
2008-11-15 02:13:13 ----A---- C:\WINDOWS\System32\wuapi.dll
2008-11-12 23:02:33 ----N---- C:\WINDOWS\System32\pxhpinst.exe
2008-11-12 23:02:32 ----N---- C:\WINDOWS\System32\vxblock.dll
2008-11-12 23:02:32 ----N---- C:\WINDOWS\System32\pxwave.dll
2008-11-12 23:02:32 ----N---- C:\WINDOWS\System32\pxdrv.dll
2008-11-12 23:02:31 ----N---- C:\WINDOWS\System32\pxmas.dll
2008-11-12 23:02:30 ----N---- C:\WINDOWS\System32\px.dll
2008-11-12 23:02:09 ----D---- C:\WINDOWS\System32\IOSUBSYS
2008-11-12 23:00:28 ----D---- C:\Program Files\Google
2008-11-12 22:46:54 ----A---- C:\WINDOWS\System32\GTW32N50.dll
2008-11-12 22:46:52 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 22:46:52 ----D---- C:\Program Files\Linksys Wireless-G PCI Adapter
2008-11-12 22:46:44 ----D---- C:\Program Files\Common Files\InstallShield
2008-11-12 22:42:27 ----D---- C:\WINDOWS\Profiles
2008-11-12 22:42:25 ----D---- C:\WINDOWS\System32\Adobe
2008-11-12 22:42:25 ----D---- C:\Program Files\Common Files\Adobe
2008-11-12 22:42:25 ----D---- C:\Program Files\Adobe
2008-11-12 22:42:25 ----D---- C:\Documents and Settings\Iain Finnigan\Application Data\InterTrust
2008-11-11 18:18:45 ----D---- C:\Documents and Settings\Iain Finnigan\Application Data\Macromedia
2008-11-11 18:18:45 ----D---- C:\Documents and Settings\Iain Finnigan\Application Data\Adobe
2008-11-10 22:10:15 ----D---- C:\WINDOWS\Minidump
2008-11-10 16:26:41 ----SHD---- C:\RECYCLER
2008-11-10 16:25:45 ----D---- C:\Documents and Settings\Iain Finnigan\Application Data\Mozilla
2008-11-10 16:25:31 ----D---- C:\Program Files\Mozilla Firefox
2008-11-10 15:55:56 ----SD---- C:\WINDOWS\System32\Microsoft
2008-11-10 15:33:02 ----A---- C:\WINDOWS\ODBC.INI
2008-11-10 15:32:16 ----D---- C:\Program Files\Common Files\Designer
2008-11-10 15:32:04 ----D---- C:\WINDOWS\ShellNew
2008-11-10 15:31:27 ----D---- C:\Program Files\Microsoft Office
2008-11-10 15:31:27 ----D---- C:\Documents and Settings\Iain Finnigan\Application Data\Microsoft Web Folders
2008-11-10 15:30:42 ----D---- C:\Program Files\FoneSync
2008-11-10 15:30:40 ----A---- C:\WINDOWS\IsUninst.exe
2008-11-10 15:27:34 ----D---- C:\Program Files\Microsoft Works
2008-11-10 15:19:55 ----D---- C:\Program Files\Microsoft Works Suite 2001
2008-11-10 15:18:04 ----D---- C:\Documents and Settings\Iain Finnigan\Application Data\Identities
2008-11-10 15:17:50 ----ASH---- C:\Documents and Settings\Iain Finnigan\Application Data\desktop.ini
2008-11-10 15:17:49 ----SD---- C:\Documents and Settings\Iain Finnigan\Application Data\Microsoft
2008-11-10 14:48:23 ----SHD---- C:\WINDOWS\Installer
2008-11-10 14:48:12 ----HD---- C:\Program Files\Uninstall Information
2008-11-10 14:39:14 ----SHD---- C:\System Volume Information
2008-11-10 14:39:12 ----D---- C:\WINDOWS\Prefetch
2008-11-10 14:39:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-10 14:34:35 ----D---- C:\WINDOWS\System32\xircom
2008-11-10 14:34:35 ----D---- C:\Program Files\xerox
2008-11-10 14:34:35 ----D---- C:\Program Files\microsoft frontpage
2008-11-10 14:34:29 ----D---- C:\DELL
2008-11-10 14:34:09 ----A---- C:\WINDOWS\control.ini
2008-11-10 14:34:09 ----A---- C:\AUTOEXEC.BAT
2008-11-10 14:33:55 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-10 14:33:48 ----A---- C:\WINDOWS\System32\mapi32.dll
2008-11-10 14:31:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-10 14:31:58 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-10 14:31:57 ----RAH---- C:\WINDOWS\System32\logonui.exe.manifest
2008-11-10 14:31:45 ----RAH---- C:\WINDOWS\System32\cdplayer.exe.manifest
2008-11-10 14:31:14 ----D---- C:\WINDOWS\srchasst
2008-11-10 14:31:03 ----D---- C:\WINDOWS\System32\Macromed
2008-11-10 14:31:03 ----D---- C:\WINDOWS\System32\DirectX
2008-11-10 14:30:51 ----A---- C:\WINDOWS\System32\qmgr.dll
2008-11-10 14:30:50 ----D---- C:\Program Files\Movie Maker
2008-11-10 14:30:30 ----A---- C:\WINDOWS\System32\safrslv.dll
2008-11-10 14:30:30 ----A---- C:\WINDOWS\System32\safrdm.dll
2008-11-10 14:30:30 ----A---- C:\WINDOWS\System32\safrcdlg.dll
2008-11-10 14:30:29 ----A---- C:\WINDOWS\System32\racpldlg.dll
2008-11-10 14:30:29 ----A---- C:\WINDOWS\System32\atrace.dll
2008-11-10 14:30:25 ----A---- C:\WINDOWS\System32\desktop.ini
2008-11-10 14:30:25 ----A---- C:\WINDOWS\desktop.ini
2008-11-10 14:30:19 ----D---- C:\WINDOWS\System32\Restore
2008-11-10 14:30:19 ----A---- C:\WINDOWS\System32\srrstr.dll
2008-11-10 14:30:18 ----D---- C:\Program Files\Windows Media Player
2008-11-10 14:30:18 ----A---- C:\WINDOWS\System32\srsvc.dll
2008-11-10 14:30:18 ----A---- C:\WINDOWS\System32\srclient.dll
2008-11-10 14:30:17 ----A---- C:\WINDOWS\System32\nmmkcert.dll
2008-11-10 14:30:17 ----A---- C:\WINDOWS\System32\nmevtmsg.dll
2008-11-10 14:30:17 ----A---- C:\WINDOWS\System32\mnmdd.dll
2008-11-10 14:30:17 ----A---- C:\WINDOWS\System32\isrdbg32.dll
2008-11-10 14:30:17 ----A---- C:\WINDOWS\System32\ils.dll
2008-11-10 14:30:16 ----A---- C:\WINDOWS\System32\msconf.dll
2008-11-10 14:30:16 ----A---- C:\WINDOWS\System32\mnmsrvc.exe
2008-11-10 14:30:13 ----D---- C:\WINDOWS\PCHEALTH
2008-11-10 14:30:13 ----D---- C:\Program Files\NetMeeting
2008-11-10 14:30:13 ----A---- C:\WINDOWS\System32\msoert2.dll
2008-11-10 14:30:13 ----A---- C:\WINDOWS\System32\msoeacct.dll
2008-11-10 14:30:13 ----A---- C:\WINDOWS\System32\acctres.dll
2008-11-10 14:30:12 ----D---- C:\Program Files\Common Files\Services
2008-11-10 14:30:11 ----A---- C:\WINDOWS\System32\inetres.dll
2008-11-10 14:30:11 ----A---- C:\WINDOWS\System32\inetcomm.dll
2008-11-10 14:30:07 ----SD---- C:\WINDOWS\Tasks
2008-11-10 14:30:07 ----D---- C:\Program Files\Outlook Express
2008-11-10 14:30:07 ----A---- C:\WINDOWS\System32\schedsvc.dll
2008-11-10 14:30:06 ----A---- C:\WINDOWS\System32\mstinit.exe
2008-11-10 14:30:06 ----A---- C:\WINDOWS\System32\mstask.dll
2008-11-10 14:30:06 ----A---- C:\WINDOWS\System32\isign32.dll
2008-11-10 14:30:06 ----A---- C:\WINDOWS\System32\inetcfg.dll
2008-11-10 14:30:06 ----A---- C:\WINDOWS\System32\icwphbk.dll
2008-11-10 14:30:06 ----A---- C:\WINDOWS\System32\icwdial.dll
2008-11-10 14:30:06 ----A---- C:\WINDOWS\System32\icfgnt5.dll
2008-11-10 14:30:03 ----D---- C:\Program Files\Common Files\MSSoap
2008-11-10 14:29:58 ----D---- C:\Program Files\Common Files\System
2008-11-10 14:29:56 ----D---- C:\Program Files\Internet Explorer
2008-11-10 14:29:33 ----D---- C:\Program Files\ComPlus Applications
2008-11-10 14:29:30 ----A---- C:\WINDOWS\vbaddin.ini
2008-11-10 14:29:30 ----A---- C:\WINDOWS\vb.ini
2008-11-10 14:29:22 ----D---- C:\WINDOWS\Registration
2008-11-10 14:28:16 ----HD---- C:\Program Files\WindowsUpdate
2008-11-10 14:28:16 ----D---- C:\Program Files\Online Services
2008-11-10 14:28:07 ----D---- C:\Program Files\Messenger
2008-11-10 14:28:00 ----D---- C:\Program Files\MSN
2008-11-10 14:27:56 ----D---- C:\Program Files\MSN Gaming Zone
2008-11-10 14:27:56 ----A---- C:\WINDOWS\System32\write.exe
2008-11-10 14:27:38 ----A---- C:\WINDOWS\System32\sndvol32.exe
2008-11-10 14:27:38 ----A---- C:\WINDOWS\System32\sndrec32.exe
2008-11-10 14:27:38 ----A---- C:\WINDOWS\System32\mplay32.exe
2008-11-10 14:27:38 ----A---- C:\WINDOWS\System32\hypertrm.dll
2008-11-10 14:27:38 ----A---- C:\WINDOWS\System32\hticons.dll
2008-11-10 14:27:38 ----A---- C:\WINDOWS\System32\accwiz.exe
2008-11-10 14:27:37 ----D---- C:\Program Files\Windows NT
2008-11-10 14:27:37 ----A---- C:\WINDOWS\System32\winchat.exe
2008-11-10 14:27:37 ----A---- C:\WINDOWS\System32\avwav.dll
2008-11-10 14:27:37 ----A---- C:\WINDOWS\System32\avtapi.dll
2008-11-10 14:27:37 ----A---- C:\WINDOWS\System32\avmeter.dll
2008-11-10 14:27:35 ----A---- C:\WINDOWS\System32\mspaint.exe
2008-11-10 14:27:30 ----A---- C:\WINDOWS\System32\getuname.dll
2008-11-10 14:27:30 ----A---- C:\WINDOWS\System32\clipbrd.exe
2008-11-10 14:27:29 ----A---- C:\WINDOWS\System32\spider.exe
2008-11-10 14:27:29 ----A---- C:\WINDOWS\System32\charmap.exe
2008-11-10 14:27:29 ----A---- C:\WINDOWS\System32\calc.exe
2008-11-10 14:27:28 ----A---- C:\WINDOWS\System32\wuaueng.dll
2008-11-10 14:27:28 ----A---- C:\WINDOWS\System32\wuauclt.exe
2008-11-10 14:27:28 ----A---- C:\WINDOWS\System32\winmine.exe
2008-11-10 14:27:28 ----A---- C:\WINDOWS\System32\sol.exe
2008-11-10 14:27:28 ----A---- C:\WINDOWS\System32\mshearts.exe
2008-11-10 14:27:28 ----A---- C:\WINDOWS\System32\freecell.exe
2008-11-10 14:27:27 ----A---- C:\WINDOWS\System32\wuauserv.dll
2008-11-10 14:27:27 ----A---- C:\WINDOWS\System32\tscfgwmi.dll
2008-11-10 14:27:27 ----A---- C:\WINDOWS\System32\mstscax.dll
2008-11-10 14:27:27 ----A---- C:\WINDOWS\System32\mstsc.exe
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\usrlogon.cmd
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\tsshutdn.exe
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\tslabels.ini
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\tskill.exe
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\tscupgrd.exe
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\sessmgr.exe
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\reset.exe
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\remotepg.dll
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\rdshost.exe
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\rdsaddin.exe
2008-11-10 14:27:26 ----A---- C:\WINDOWS\System32\rdchost.dll
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\tsdiscon.exe
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\tscon.exe
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\termsrv.dll
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\shadow.exe
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\rwinsta.exe
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\regini.exe
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\rdpwsx.dll
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\rdpsnd.dll
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\rdpclip.exe
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\rdpcfgex.dll
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\qwinsta.exe
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\qprocess.exe
2008-11-10 14:27:25 ----A---- C:\WINDOWS\System32\qappsrv.exe
2008-11-10 14:27:24 ----D---- C:\WINDOWS\System32\MsDtc
2008-11-10 14:27:24 ----A---- C:\WINDOWS\System32\mtxoci.dll
2008-11-10 14:27:24 ----A---- C:\WINDOWS\System32\msg.exe
2008-11-10 14:27:24 ----A---- C:\WINDOWS\System32\msdtcuiu.dll
2008-11-10 14:27:24 ----A---- C:\WINDOWS\System32\msdtcprx.dll
2008-11-10 14:27:24 ----A---- C:\WINDOWS\System32\logoff.exe
2008-11-10 14:27:24 ----A---- C:\WINDOWS\System32\icaapi.dll
2008-11-10 14:27:24 ----A---- C:\WINDOWS\System32\cfgbkend.dll
2008-11-10 14:27:24 ----A---- C:\WINDOWS\System32\cdmodem.dll
2008-11-10 14:27:23 ----A---- C:\WINDOWS\System32\xolehlp.dll
2008-11-10 14:27:23 ----A---- C:\WINDOWS\System32\msdtctm.dll
2008-11-10 14:27:23 ----A---- C:\WINDOWS\System32\msdtcprf.ini
2008-11-10 14:27:23 ----A---- C:\WINDOWS\System32\msdtclog.dll
2008-11-10 14:27:23 ----A---- C:\WINDOWS\System32\msdtc.exe
2008-11-10 14:27:22 ----D---- C:\WINDOWS\System32\Com
2008-11-10 14:27:22 ----A---- C:\WINDOWS\System32\mtxlegih.dll
2008-11-10 14:27:22 ----A---- C:\WINDOWS\System32\mtxex.dll
2008-11-10 14:27:22 ----A---- C:\WINDOWS\System32\mtxdm.dll
2008-11-10 14:27:22 ----A---- C:\WINDOWS\System32\dcomcnfg.exe
2008-11-10 14:27:22 ----A---- C:\WINDOWS\System32\colbact.dll
2008-11-10 14:27:21 ----A---- C:\WINDOWS\System32\stclient.dll
2008-11-10 14:27:21 ----A---- C:\WINDOWS\System32\comrepl.dll
2008-11-10 14:27:21 ----A---- C:\WINDOWS\System32\comaddin.dll
2008-11-10 14:27:21 ----A---- C:\WINDOWS\System32\clbcatex.dll
2008-11-10 14:27:21 ----A---- C:\WINDOWS\System32\catsrvut.dll
2008-11-10 14:27:21 ----A---- C:\WINDOWS\System32\catsrvps.dll
2008-11-10 14:27:21 ----A---- C:\WINDOWS\System32\catsrv.dll
2008-11-10 14:27:20 ----A---- C:\WINDOWS\System32\comuid.dll
2008-11-10 14:27:20 ----A---- C:\WINDOWS\System32\comsvcs.dll
2008-11-10 14:27:20 ----A---- C:\WINDOWS\System32\comsnap.dll
2008-11-10 14:27:20 ----A---- C:\WINDOWS\System32\clbcatq.dll
2008-11-10 14:27:10 ----A---- C:\WINDOWS\System32\wmimgmt.msc
2008-11-10 14:27:09 ----A---- C:\WINDOWS\System32\servdeps.dll
2008-11-10 14:27:09 ----A---- C:\WINDOWS\System32\mmfutil.dll
2008-11-10 14:27:09 ----A---- C:\WINDOWS\System32\licwmi.dll
2008-11-10 14:27:09 ----A---- C:\WINDOWS\System32\cmprops.dll
2008-11-10 06:24:14 ----A---- C:\WINDOWS\System32\h323log.txt
2008-11-10 06:03:28 ----A---- C:\WINDOWS\System32\HSF_INST.dll
2008-11-10 06:03:23 ----A---- C:\WINDOWS\System32\ksuser.dll
2008-11-10 06:02:56 ----A---- C:\WINDOWS\System32\i81xdnt5.dll
2008-11-10 06:02:44 ----A---- C:\WINDOWS\System32\usbui.dll
2008-11-10 06:01:03 ----A---- C:\WINDOWS\imsins.BAK
2008-11-10 06:00:57 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2008-11-10 06:00:56 ----D---- C:\Program Files\Common Files\ODBC
2008-11-10 06:00:56 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-10 06:00:52 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-11-10 06:00:51 ----RD---- C:\Program Files
2008-11-10 06:00:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-10 06:00:51 ----D---- C:\Program Files\Common Files
2008-11-10 06:00:49 ----RA---- C:\WINDOWS\System32\kbdazel.dll
2008-11-10 06:00:48 ----RA---- C:\WINDOWS\System32\kbdtuq.dll
2008-11-10 06:00:48 ----RA---- C:\WINDOWS\System32\kbdtuf.dll
2008-11-10 06:00:47 ----RA---- C:\WINDOWS\System32\kbduzb.dll
2008-11-10 06:00:47 ----RA---- C:\WINDOWS\System32\kbdtat.dll
2008-11-10 06:00:47 ----RA---- C:\WINDOWS\System32\kbdmon.dll
2008-11-10 06:00:47 ----RA---- C:\WINDOWS\System32\kbdkyr.dll
2008-11-10 06:00:47 ----RA---- C:\WINDOWS\System32\kbdkaz.dll
2008-11-10 06:00:47 ----RA---- C:\WINDOWS\System32\kbdaze.dll
2008-11-10 06:00:46 ----RA---- C:\WINDOWS\System32\kbdycc.dll
2008-11-10 06:00:46 ----RA---- C:\WINDOWS\System32\kbdur.dll
2008-11-10 06:00:46 ----RA---- C:\WINDOWS\System32\kbdru1.dll
2008-11-10 06:00:46 ----RA---- C:\WINDOWS\System32\kbdru.dll
2008-11-10 06:00:46 ----RA---- C:\WINDOWS\System32\kbdbu.dll
2008-11-10 06:00:46 ----RA---- C:\WINDOWS\System32\kbdblr.dll
2008-11-10 06:00:45 ----RA---- C:\WINDOWS\System32\kbdhept.dll
2008-11-10 06:00:45 ----RA---- C:\WINDOWS\System32\kbdhela3.dll
2008-11-10 06:00:45 ----RA---- C:\WINDOWS\System32\kbdhela2.dll
2008-11-10 06:00:45 ----RA---- C:\WINDOWS\System32\kbdhe319.dll
2008-11-10 06:00:45 ----RA---- C:\WINDOWS\System32\kbdhe220.dll
2008-11-10 06:00:45 ----RA---- C:\WINDOWS\System32\kbdgkl.dll
2008-11-10 06:00:44 ----RA---- C:\WINDOWS\System32\kbdhe.dll
2008-11-10 06:00:43 ----RA---- C:\WINDOWS\System32\kbdlv1.dll
2008-11-10 06:00:43 ----RA---- C:\WINDOWS\System32\kbdlv.dll
2008-11-10 06:00:43 ----RA---- C:\WINDOWS\System32\kbdlt1.dll
2008-11-10 06:00:43 ----RA---- C:\WINDOWS\System32\kbdlt.dll
2008-11-10 06:00:43 ----RA---- C:\WINDOWS\System32\kbdest.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdycl.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdsl1.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdsl.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdro.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdpl1.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdpl.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdhu1.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdhu.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdcz2.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdcz1.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdcz.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\kbdcr.dll
2008-11-10 06:00:41 ----RA---- C:\WINDOWS\System32\KBDAL.DLL
2008-11-10 06:00:38 ----A---- C:\WINDOWS\System32\irclass.dll
2008-11-10 06:00:38 ----A---- C:\WINDOWS\System32\dgsetup.dll
2008-11-10 06:00:38 ----A---- C:\WINDOWS\System32\dgrpsetu.dll
2008-11-10 06:00:37 ----A---- C:\WINDOWS\System32\spxcoins.dll
2008-11-10 06:00:37 ----A---- C:\WINDOWS\System32\EqnClass.Dll
2008-11-10 06:00:37 ----A---- C:\WINDOWS\System32\batt.dll
2008-11-10 06:00:35 ----N---- C:\WINDOWS\System32\CONFIG.TMP
2008-11-10 06:00:35 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-11-10 06:00:35 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-11-10 06:00:34 ----A---- C:\WINDOWS\System32\storprop.dll
2008-11-10 06:00:21 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-11-10 06:00:17 ----RA---- C:\WINDOWS\SETD.tmp
2008-11-10 06:00:17 ----RA---- C:\WINDOWS\SET7.tmp
2008-11-10 06:00:12 ----RA---- C:\WINDOWS\SET3.tmp
2008-11-10 06:00:02 ----D---- C:\WINDOWS\System32\CatRoot2
2008-11-10 06:00:02 ----D---- C:\WINDOWS\System32\CatRoot
2008-11-10 05:59:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-10 05:57:54 ----A---- C:\WINDOWS\setuplog.txt
2008-11-10 05:57:48 ----D---- C:\Documents and Settings
2008-11-10 05:47:55 ----SH---- C:\boot.ini
2008-11-10 05:44:11 ----RSHDC---- C:\WINDOWS\System32\dllcache
2008-11-10 05:44:11 ----RSD---- C:\WINDOWS\Fonts
2008-11-10 05:44:11 ----RD---- C:\WINDOWS\Web
2008-11-10 05:44:11 ----HD---- C:\WINDOWS\inf
2008-11-10 05:44:11 ----D---- C:\WINDOWS\WinSxS
2008-11-10 05:44:11 ----D---- C:\WINDOWS\twain_32
2008-11-10 05:44:11 ----D---- C:\WINDOWS\Temp
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\wins
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\wbem
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\usmt
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\spool
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\ShellExt
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\Setup
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\ras
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\oobe
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\npp
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\mui
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\inetsrv
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\IME
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\icsxml
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\ias
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\export
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\drivers
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\dhcp
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\config
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\3com_dmi
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\3076
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\2052
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\1054
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\1042
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\1041
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\1037
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\1033
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\1031
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\1028
2008-11-10 05:44:11 ----D---- C:\WINDOWS\System32\1025
2008-11-10 05:44:11 ----D---- C:\WINDOWS\system32
2008-11-10 05:44:11 ----D---- C:\WINDOWS\system
2008-11-10 05:44:11 ----D---- C:\WINDOWS\security
2008-11-10 05:44:11 ----D---- C:\WINDOWS\Resources
2008-11-10 05:44:11 ----D---- C:\WINDOWS\repair
2008-11-10 05:44:11 ----D---- C:\WINDOWS\mui
2008-11-10 05:44:11 ----D---- C:\WINDOWS\msapps
2008-11-10 05:44:11 ----D---- C:\WINDOWS\msagent
2008-11-10 05:44:11 ----D---- C:\WINDOWS\Media
2008-11-10 05:44:11 ----D---- C:\WINDOWS\java
2008-11-10 05:44:11 ----D---- C:\WINDOWS\ime
2008-11-10 05:44:11 ----D---- C:\WINDOWS\Help
2008-11-10 05:44:11 ----D---- C:\WINDOWS\Driver Cache
2008-11-10 05:44:11 ----D---- C:\WINDOWS\Debug
2008-11-10 05:44:11 ----D---- C:\WINDOWS\Cursors
2008-11-10 05:44:11 ----D---- C:\WINDOWS\Connection Wizard
2008-11-10 05:44:11 ----D---- C:\WINDOWS\Config
2008-11-10 05:44:11 ----D---- C:\WINDOWS\AppPatch
2008-11-10 05:44:11 ----D---- C:\WINDOWS\addins
2008-11-10 05:44:11 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-11-10 14:34:09 ----A---- C:\WINDOWS\win.ini
2008-11-10 06:00:51 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2001-08-18 34816]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [2001-08-17 73279]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-17 138240]
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver; C:\WINDOWS\System32\DRIVERS\m4301A.sys [2003-08-04 83552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
R3 RT2500;Linksys Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT2500.sys [2004-03-27 120448]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-08-18 50688]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-08-18 18944]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2001-08-18 53376]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2001-08-18 53376]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-17 12672]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-17 12288]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-17 12032]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-17 12160]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-17 18688]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-17 29440]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-17 19456]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [2001-08-17 44928]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-17 31104]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-17 23680]
S4 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\System32\drivers\mbamswissarmy.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe [2004-02-06 41025]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-07 136120]

EOF

info.txt logfile of random's system information tool 1.04 2008-11-22 17:57:42

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
FoneSync-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FoneSync\Uninst.isu" -c"C:\Program Files\FoneSync\UninstSupport.dll"
HijackThis 2.0.2-->"C:\Documents and Settings\Iain Finnigan\Desktop\HijackThis.exe" /uninstall
Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Word 2000 SR-1-->MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2001 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe E:\
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Respondus LockDown Browser-->C:\Program Files\InstallShield Installation Information\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}\setup.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=080a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

EOF

Veka · November 2008

I don't see anything suspicious. Your log shows, however, that you're seriously behind on windows updates.

Please do a scan with Kaspersky Online Scanner

Note: Internet Explorer should be used

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
Click on My Computer under Scan and then put the kettle on!
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste the report into your next reply.

Veka · December 2008

This topic is now closed due to inactivity. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

If you are not the user who started this thread, you must start your own Thread instead

problem with popups

Comments