Help with possible malware. [Archive] - Safer-Networking Forums

View Full Version : Help with possible malware.

dasaaki

2009-04-03, 20:30

Hey, everytime i startup my laptop, after the desktop icons have loaded i get a red triangler icon in the system tray and a window pops up, both for a split second. The window isnt up long enough to read anything.

I ran Malwarebytes anti-malware with nothing found.

I ran HJT :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:43, on 03/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Telefonica\Kit ADSL USB\dslmon.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Consola KIT ADSL.lnk = ?
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Google Update Service (gupdate1c9ac1177cb3bb0) (gupdate1c9ac1177cb3bb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4971 bytes

Blade81

2009-04-06, 13:36

Hi there,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

dasaaki

2009-04-06, 22:26

Thankyou for the quick reply.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Loraine at 20:19:19.47 on 06/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.222.49 [GMT 1:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Telefonica\Kit ADSL USB\dslmon.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\3\3Connect\Wilog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Loraine\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SiS Tray] c:\windows\system32\sistray.EXE
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consol~1.lnk - c:\program files\telefonica\kit adsl usb\dslmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\3\3connect\AutoUpdateSrv.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {E2FD7400-FDEB-4F97-9A09-850ADF82B9CF} = 4.2.2.3 4.2.2.4
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\loraine\applic~1\mozilla\firefox\profiles\eddxcmns.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-6-27 58464]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2005-6-27 102463]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]
R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [2009-3-23 10240]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2005-6-27 108480]
S2 gupdate1c9ac1177cb3bb0;Google Update Service (gupdate1c9ac1177cb3bb0);c:\program files\google\update\GoogleUpdate.exe [2009-3-24 133104]

=============== Created Last 30 ================

2009-04-05 18:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-05 18:18 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-29 09:36 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-03-29 09:36 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-29 09:36 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-03-29 09:36 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-03-29 09:36 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-03-29 09:36 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-03-29 09:36 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-03-29 09:36 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-29 09:36 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-03-27 12:41 <DIR> --d----- c:\windows\pss
2009-03-27 02:05 <DIR> --d----- c:\docume~1\loraine\applic~1\Spotify
2009-03-27 02:05 <DIR> --d----- c:\program files\Spotify
2009-03-26 23:53 <DIR> --d----- C:\ComboFix
2009-03-26 17:28 <DIR> --d----- c:\docume~1\loraine\applic~1\Malwarebytes
2009-03-26 17:28 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-26 17:28 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 17:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-26 17:28 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-26 13:23 <DIR> a-dshr-- C:\cmdcons
2009-03-26 01:54 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-26 01:50 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-25 12:43 <DIR> --dsh--- c:\documents and settings\loraine\UserData
2009-03-25 10:51 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-25 10:51 208,744 a------- c:\windows\system32\muweb.dll
2009-03-25 10:51 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-25 00:11 <DIR> --d----- c:\program files\Trend Micro
2009-03-24 23:43 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-24 23:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-24 22:35 <DIR> --d----- c:\windows\system32\appmgmt
2009-03-24 19:44 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-03-24 15:39 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-24 15:39 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-24 15:39 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-24 15:39 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-24 15:33 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-03-24 15:29 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-24 15:17 3,594,752 ac------ c:\windows\system32\dllcache\mshtml.dll
2009-03-24 15:08 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-24 14:55 332,800 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-24 12:26 333,184 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-24 12:12 <DIR> --d----- c:\documents and settings\loraine\Tracing
2009-03-24 12:07 <DIR> --d----- c:\program files\Microsoft
2009-03-24 12:07 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-24 11:55 <DIR> --d----- c:\program files\common files\Windows Live
2009-03-24 11:55 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-03-24 11:55 1,287,680 -c------ c:\windows\system32\dllcache\quartz.dll
2009-03-24 11:26 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-24 11:23 138,368 -c------ c:\windows\system32\dllcache\afd.sys
2009-03-24 11:23 360,320 -c------ c:\windows\system32\dllcache\tcpip.sys
2009-03-24 11:23 245,248 -c------ c:\windows\system32\dllcache\mswsock.dll
2009-03-24 11:23 100,352 -c------ c:\windows\system32\dllcache\6to4svc.dll
2009-03-24 11:21 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-23 18:23 512 a------- c:\windows\randseed.rnd
2009-03-23 18:02 683,520 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-23 17:49 <DIR> --d----- c:\windows\Icons
2009-03-23 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki
2009-03-23 17:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Channel4
2009-03-23 15:36 11,264 a------- c:\docume~1\loraine\applic~1\nSvcAppFlt.exe
2009-03-23 15:10 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-03-23 14:54 1,197,294 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-03-23 14:54 764,868 -c------ c:\windows\system32\dllcache\apph_sp.sdb
2009-03-23 14:54 217,118 -c------ c:\windows\system32\dllcache\apphelp.sdb
2009-03-23 14:53 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-03-23 14:50 <DIR> --d----- c:\windows\system32\LogFiles
2009-03-23 13:43 <DIR> --d----- c:\program files\common files\DivX Shared
2009-03-23 13:43 <DIR> --d----- c:\program files\DivX
2009-03-23 11:40 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-23 11:33 <DIR> --d----- c:\docume~1\loraine\applic~1\Birdstep Technology
2009-03-23 11:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Birdstep Technology
2009-03-23 11:33 10,240 -------- c:\windows\system32\drivers\mdvrmng.sys
2009-03-23 11:32 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-03-23 11:32 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-03-23 11:32 872,192 a------- c:\windows\system32\drivers\mod7700.sys
2009-03-23 11:32 103,168 a------- c:\windows\system32\drivers\ewusbfake.sys
2009-03-23 11:32 101,376 a------- c:\windows\system32\drivers\ewusbmdm.sys
2009-03-23 11:32 100,992 a------- c:\windows\system32\drivers\ewusbnet.sys
2009-03-23 11:32 24,448 a------- c:\windows\system32\drivers\ewdcsc.sys
2009-03-23 11:31 76,118 a------- c:\windows\Huawei ModemsUninstall.exe
2009-03-23 11:31 <DIR> --d----- c:\program files\Huawei Modems
2009-03-23 11:31 <DIR> --d----- c:\program files\3
2009-03-23 11:30 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-03-19 16:08 499,712 a------- c:\windows\system32\msvcp71.dll
2009-03-19 16:08 348,160 a------- c:\windows\system32\msvcr71.dll

==================== Find3M ====================

2009-02-09 11:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-27 02:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-01-27 02:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-01-27 02:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-01-27 02:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-01-27 02:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-01-27 02:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-01-27 02:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-01-27 02:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-27 02:34 684,032 a------- c:\windows\system32\DivX.dll

============= FINISH: 20:20:02.53 ===============

Blade81

2009-04-06, 23:51

Hi

The logs look pretty good :) I believe the notification you get is shown cos Windows startup hasn't completed yet. What status does your security center show for three items (firewall etc) there (to access security center follow instructions here (http://www.microsoft.com/windowsxp/using/security/internet/sp2_wscintro.mspx),please)?

Anyway, we can check with online scanner if it finds anything bad.

Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/us/languages/english/check.html?n=1225554235248)

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read the requirements and privacy statement then click on the Accept button.

The program will launch and start to download the latest definition files.

You will be prompted to install an application from Kaspersky. Click Run

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

Click on Save Report As....

Change the Files of type to Text file (.txt) before clicking on the Save button.

Save this report to a convenient place.

Copy and paste that information into your topic.

The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

dasaaki

2009-04-07, 12:32

I caught a glimpse at the window that pops up. Its my USB modem starting up.

But my PC is running real slow so im going to run Kaspersky and report back with the log.

Blade81

2009-04-07, 17:26

Ok. Shall wait for your input :)

Blade81

2009-04-13, 15:57

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.