Virus Alert in Taskbar next to time which is now in military time. [RE

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

2 Pages

1 2 >

Virus Alert in Taskbar next to time which is now in military time. [RE, VIRUS ALERT!; Win32/Agent; Military time

Options

geelex View Member Profile	Sep 21 2008, 08:29 PM Post #1
Member Posts: 12 OS: Windows XP	Please help I recently updated my dad's computer with a seemingly normal XP Service Pack 3 update and ever since there is a VIRUS ALERT! next to the time in the task bar. I don't know the type of the virus, but it seems that in my Start Menu, I am missing many files. I can not access my programs from the start menu. I am also missing run, search, my computer and control panel in my start menu. When I access My Computer through the recycling bin, my c and d drives are missing. I keep getting pop ups about virus protectors and alerts. My internet is also very slow. I ran a virus scan with AVG and had many threats but upon trying to remove them they said that it may cause the OS to not function properly so I chose ignore instead. They were related to the Win32/Agent virus or something like that. I have tried everything I know. Thank you in advance for your help. -G

geelex View Member Profile	Sep 21 2008, 08:32 PM Post #2
Member Posts: 12 OS: Windows XP	I also have an Antivirus XP 2008 program listed in my startup menu that I have never seen before or seems to be operational. Thanks again -G P.S. I have read the other posted questions on this topic but it all seems greek to me so Thanks for your personalized support in advance!

geelex View Member Profile	Sep 21 2008, 08:40 PM Post #3
Member Posts: 12 OS: Windows XP	In some of the posts I have seen that the Hijack This log file is helpful/needed so I have gone ahead and ran this for reference. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:37: VIRUS ALERT!, on 9/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\AirPort\APDiskAgent.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: fdkowvbp - {B6CDE539-A03C-484B-8FC0-B8A3775C5220} - C:\WINDOWS\fdkowvbp.dll (file missing) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [APDiskAgent] "C:\Program Files\AirPort\APDiskAgent.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [lphclr8j0e7br] C:\WINDOWS\system32\lphclr8j0e7br.exe O4 - HKLM\..\Run: [SMrhcgr8j0e7br] C:\Program Files\rhcgr8j0e7br\rhcgr8j0e7br.exe O4 - HKLM\..\Run: [advap32] C:\DOCUME~1\Owner\LOCALS~1\Temp\scksexde.exe/r O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206977332484 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe -- End of file - 6701 bytes

Mike View Member Profile	Sep 22 2008, 05:23 AM Post #4
Malware Monger Posts: 2,735 OS: XP Professional SP3	Hi there You have a backdoor trojan present on your PC, please make sure to change your Passwords from a CLEAN computer asap. While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. In the File menu click "Exit" to exit Spybot Search & Destroy. We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware. When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. This post has been edited by Mike: Sep 22 2008, 05:24 AM

geelex View Member Profile	Sep 22 2008, 06:11 AM Post #5
Member Posts: 12 OS: Windows XP	edit: nevermind I re-read and found Tea Timer, I will try and do what you said now, thanks again! This post has been edited by geelex: Sep 22 2008, 06:13 AM

geelex View Member Profile	Sep 22 2008, 06:53 AM Post #6
Member Posts: 12 OS: Windows XP	ComboFix 08-09-20.05 - Owner 2008-09-22 8:31:07.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.706 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\edok.exe C:\WINDOWS\grswptdl.exe C:\WINDOWS\nfavxwdbafe.dll C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\system32\drivers\Winsy74.sys C:\WINDOWS\system32\WinCtrl32.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINSY74 -------\Service_Winsy74 ((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 ))))))))))))))))))))))))))))))) . 2008-09-21 22:34 . 2008-09-21 22:34 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-21 21:01 . 2008-09-21 21:01 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-09-21 21:01 . 2008-09-21 21:01 <DIR> d-------- C:\WINDOWS\system32\en 2008-09-21 21:01 . 2008-09-21 21:01 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-21 21:01 . 2008-09-21 21:01 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-21 20:58 . 2008-09-21 20:58 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-21 20:51 . 2008-09-21 20:51 <DIR> d-------- C:\WINDOWS\EHome 2008-08-24 14:21 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2008-08-24 14:20 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-24 14:19 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-22 01:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7 2008-08-06 20:41 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-06 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-08-06 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-06 11:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 126976] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 579584] "APDiskAgent"="C:\Program Files\AirPort\APDiskAgent.exe" [2007-03-28 401408] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-31 219136] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376] Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-04-06 589824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk73.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingl40.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpw16.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\AirPort\\APDiskAgent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:UDP"= 5353:UDP:Bonjour S0 Winfk73;Winfk73;C:\WINDOWS\system32\Drivers\Winfk73.sys [ ] S0 Wingl40;Wingl40;C:\WINDOWS\system32\Drivers\Wingl40.sys [ ] S0 Winpw16;Winpw16;C:\WINDOWS\system32\Drivers\Winpw16.sys [ ] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c9b963d-ff54-11dc-9759-00142262163b}] \shell\antiv\command - Program Utilities\Removal\av.bat . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKLM-Run-lphclr8j0e7br - C:\WINDOWS\system32\lphclr8j0e7br.exe HKLM-Run-SMrhcgr8j0e7br - C:\Program Files\rhcgr8j0e7br\rhcgr8j0e7br.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5x4ggv1q.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/ . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-22 08:34:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe . ************************************************************************ . Completion time: 2008-09-22 8:37:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-22 12:37:09 Pre-Run: 22,478,237,696 bytes free Post-Run: 22,914,084,864 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 134 --- E O F --- 2008-09-22 01:06:39 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:52, on 9/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\AirPort\APDiskAgent.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [APDiskAgent] "C:\Program Files\AirPort\APDiskAgent.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206977332484 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe -- End of file - 5786 bytes

Mike View Member Profile	Sep 22 2008, 08:24 AM Post #7
Malware Monger Posts: 2,735 OS: XP Professional SP3	Hi there Please click Start then Run, in the window appears type in Notepad.exe. Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window: CODE File:: av.bat av.com C:\Program Utilities\Removal\av.bat Driver:: Winfk73 Wingl40 Winpw16 Registry:: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk73.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingl40.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpw16.sys] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c9b963d-ff54-11dc-9759-00142262163b}] Now in Notepad, go to File and in the menu that drops down click on Save As... Save the file as CFScript.txt Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply. Then, Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Post back with the logs and a new Hijack This log

geelex View Member Profile	Sep 22 2008, 03:31 PM Post #8
Member Posts: 12 OS: Windows XP	ComboFix 08-09-20.05 - Owner 2008-09-22 17:11:33.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.707 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Winfk73 -------\Service_Wingl40 -------\Service_Winpw16 ((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 ))))))))))))))))))))))))))))))) . 2008-09-21 22:34 . 2008-09-21 22:34 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-21 21:01 . 2008-09-21 21:01 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-09-21 21:01 . 2008-09-21 21:01 <DIR> d-------- C:\WINDOWS\system32\en 2008-09-21 21:01 . 2008-09-21 21:01 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-21 21:01 . 2008-09-21 21:01 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-21 20:58 . 2008-09-21 20:58 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-21 20:51 . 2008-09-21 20:51 <DIR> d-------- C:\WINDOWS\EHome 2008-08-24 14:21 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2008-08-24 14:20 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-24 14:19 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-22 01:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7 2008-08-06 20:41 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-06 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7 2008-08-06 11:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-06 11:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy . ((((((((((((((((((((((((((((( snapshot@2008-09-22_ 8.36.44.07 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 126976] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 579584] "APDiskAgent"="C:\Program Files\AirPort\APDiskAgent.exe" [2007-03-28 401408] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-31 219136] C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376] Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2008-04-06 589824] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\AirPort\\APDiskAgent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:UDP"= 5353:UDP:Bonjour S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160] . Contents of the 'Scheduled Tasks' folder . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-22 17:15:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\ComboFix\pv.cfexe . ************************************************************************ . Completion time: 2008-09-22 17:17:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-22 21:17:16 ComboFix2.txt 2008-09-22 12:37:16 Pre-Run: 22,905,217,024 bytes free Post-Run: 22,894,899,200 bytes free 103 --- E O F --- 2008-09-22 01:06:39 Malwarebytes' Anti-Malware 1.28 Database version: 1194 Windows 5.1.2600 Service Pack 3 9/22/2008 5:26:18 PM mbam-log-2008-09-22 (17-26-18).txt Scan type: Quick Scan Objects scanned: 37410 Time elapsed: 3 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\fdkowvbp.brxv (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0011903-00102) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:28, on 9/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\AirPort\APDiskAgent.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [APDiskAgent] "C:\Program Files\AirPort\APDiskAgent.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206977332484 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe --

Mike View Member Profile	Sep 22 2008, 03:42 PM Post #9
Malware Monger Posts: 2,735 OS: XP Professional SP3	Looks good, how is your PC running now?

geelex View Member Profile	Sep 22 2008, 04:47 PM Post #10
Member Posts: 12 OS: Windows XP	I think pretty good, maybe a little slow on the internet, BUT the time is still showing up in the military format... Is there a way to fix that? Thanks a whole bunch though! Also which programs would you recommend that I use regularly to keep this from happening again?

geelex View Member Profile	Sep 22 2008, 06:11 PM Post #11
Member Posts: 12 OS: Windows XP	Ok I figured out how to fix the time! The internet however is still running a bit sluggish, so if you have any suggestions they would be much appreciated Thanks again! -G

Mike View Member Profile	Sep 23 2008, 02:55 AM Post #12
Malware Monger Posts: 2,735 OS: XP Professional SP3	Since it's a bit sluggish let's get an online scan in Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Once done, uninstall any older versions of Java through add or remove programs. Go to Kaspersky website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. After we make sure you are clean I will have a good amount of recommendations for you! This post has been edited by Mike: Sep 23 2008, 02:55 AM

geelex