|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
10-23-2007, 02:27 PM
|
#21 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
I'm waiting for the ComboFix log, and the answer to my question about CA AntiVirus.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
     |
|
10-23-2007, 05:34 PM
|
#23 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
ComboFix log should be located at C:\ComboFix.txt
CA doesn't seem to be protecting you very well, as you have new infections showing. I'd like you to rename HijackThis.exe to seek.exe.
Post a new log with this renamed executable.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
10-24-2007, 01:59 PM
|
#24 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 33
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
The CFScript.txt is not there.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:58 PM, on 2007/10/24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\tlgngubf.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Install.LALALALA\Desktop\Restore\seek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\rxuwgeyo.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vstefyqf.dll O2 - BHO: (no name) - {B8C99566-0510-4FE5-9F51-DB99BEFAE082} - C:\WINDOWS\system32\sstqn.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file) O2 - BHO: (no name) - {F6B1F430-52B5-4478-9FC6-A94F79D423C3} - C:\WINDOWS\system32\efcbayx.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vstefyqf.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [4812170c] rundll32.exe "C:\WINDOWS\system32\loncwruu.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - WWW Prefix: http://www.serial99.com/? O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166403475701 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166490417045 O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O20 - Winlogon Notify: efcbayx - C:\WINDOWS\SYSTEM32\efcbayx.dll O20 - Winlogon Notify: vstefyqf - C:\WINDOWS\SYSTEM32\vstefyqf.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: DomainService - - C:\WINDOWS\system32\tlgngubf.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7287 bytes |
|
|
|
|
10-24-2007, 04:23 PM
|
#25 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
You need to keep this machine offline as much as possible. We're back to square one. Discontinue your usual online practices until we have this under control.
If you have another machine with which you can communicate, use that instead of the infected one. Transfer tools and logs between the machines via removable media such as USB stick or CDR. Delete your existing version of ComboFix. Also delete C:\ComboFix folder if it exists. Download a new version from the link below. You might want to consider an alternative to CA. It does not appear to be helping you. I can provide free alternatives. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
10-24-2007, 05:12 PM
|
#26 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 33
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
My CA Virus Scanner is no on when I start my computer because I thought it slowed down my computer since it is umm... horrible. My AVG Anti-Spyware is only the free version because I downloaded only the Trial several months ago.
|
|
|
|
|
10-24-2007, 05:16 PM
|
#27 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
OK, we can talk about that afterwards, however if your Anti-Virus is not active at Windows startup, it can't get updates, and does not protect you in real time.
For now, run the new ComboFix using the instructions provided. If possible, use another machine and keep the infected one offline.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
10-24-2007, 05:43 PM
|
#28 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 33
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
ComboFix 07-10-25.1 - Install 2007-10-24 19:20:17.4 - NTFSx86
Running from: C:\Documents and Settings\Install.LALALALA\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\WINDOWS\cookies.ini C:\WINDOWS\system32\nqtss.bak1 C:\WINDOWS\system32\nqtss.bak2 C:\WINDOWS\system32\nqtss.ini C:\WINDOWS\system32\rxuwgeyo.dll C:\WINDOWS\system32\sstqn.dll C:\WINDOWS\system32\tlgngubf.exe C:\WINDOWS\system32\vstefyqf.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 ))))))))))))))))))))))))))))))) . 2007-10-24 07:49 84,544 --a------ C:\WINDOWS\system32\loncwruu.dll 2007-10-23 20:55 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\U3 2007-10-22 18:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-22 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-22 18:47 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-22 07:46 340,032 --a------ C:\WINDOWS\system32\vstefyqf.dll 2007-10-22 07:45 340,032 --a------ C:\WINDOWS\system32\gwpusjxs.dll 2007-10-21 19:50 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\Viewpoint 2007-10-21 19:07 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\acccore 2007-10-21 18:08 34,304 --a------ C:\WINDOWS\system32\efcbayx.dll 2007-10-21 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2007-10-21 11:59 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-10-21 11:58 <DIR> d-------- C:\Q3Ademo 2007-10-12 17:55 <DIR> d-------- C:\wf 2007-10-09 18:10 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-08 18:13 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files 2007-10-08 18:12 <DIR> d-------- C:\WINDOWS\system32\Cache 2007-10-08 11:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-08 09:19 <DIR> d-------- C:\Deckard 2007-10-04 19:48 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2007-09-30 22:11 <DIR> d-------- C:\Documents and Settings\Rooster\Application Data\Kingsoft 2007-09-30 13:56 1,712,128 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Kingsoft 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Common Files\Kingsoft 2007-09-30 12:52 <DIR> d-------- C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 20:44 --------- d-----w C:\Program Files\Viewpoint 2007-10-23 20:44 --------- d-----w C:\Program Files\AIM6 2007-10-23 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-23 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-10-22 22:49 --------- d-----w C:\Program Files\Java 2007-10-21 18:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-21 01:03 --------- d-----w C:\Program Files\Silkroad 2007-10-20 18:47 --------- d-----w C:\Program Files\Trash 2007-09-22 22:24 --------- d-----w C:\Program Files\Battleships Forever 2007-09-19 19:33 --------- d-----w C:\Program Files\Google 2007-09-18 22:41 --------- d-----w C:\Program Files\DivX 2007-09-18 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-18 00:30 --------- d-----w C:\Program Files\Veoh Networks 2007-09-06 03:40 --------- d-----w C:\Program Files\Kodak 2007-08-27 23:47 --------- d-----w C:\Documents and Settings\Rooster\Application Data\Apple Computer 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2007-02-04 16:36 40,296 ----a-w C:\Documents and Settings\Rooster\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot_2007-10-22_16.56.22.20 ))))))))))))))))))))))))))))))))))))))))) . + 2007-01-24 01:41:42 841,304 ----a-w C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll + 2007-10-23 20:43:32 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe - 2007-10-22 20:51:40 216,767 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2007-10-25 23:33:23 216,768 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin - 2006-11-09 18:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2007-09-25 02:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-11-09 18:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-09-25 02:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-11-09 20:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-09-25 03:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6B1F430-52B5-4478-9FC6-A94F79D423C3}] 2007-10-21 18:08 34304 --a------ C:\WINDOWS\system32\efcbayx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:32] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 01:31] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-04 16:52] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-12 18:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "4812170c"="C:\WINDOWS\system32\loncwruu.dll" [2007-10-24 07:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-09-12 19:33] "Aim6"="" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{F6B1F430-52B5-4478-9FC6-A94F79D423C3}"= C:\WINDOWS\system32\efcbayx.dll [2007-10-21 18:08 34304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbayx] efcbayx.dll 2007-10-21 18:08 34304 C:\WINDOWS\system32\efcbayx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vstefyqf] vstefyqf.dll 2007-10-22 07:46 340032 C:\WINDOWS\system32\vstefyqf.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqn.dll R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys S3 s3chipid;s3chipid;\??\C:\DOCUME~1\Install\LOCALS~1\Temp\s3chipid.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E05704FA-C2DA-F00E-B900-B714060870F0}] C:\Documents and Settings\Install\Application Data\mako.exe . Contents of the 'Scheduled Tasks' folder "2007-10-17 02:02:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" "2007-08-08 01:54:04 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-08-08 13:04:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2007-08-08 13:01:42 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-25 19:35:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-25 19:38:39 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-08 12:24 C:\ComboFix2.txt ... 2007-10-22 21:21 C:\ComboFix3.txt ... 2007-10-08 12:24 . --- E O F --- |
|
|
|
|
10-24-2007, 05:43 PM
|
#29 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 33
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:24 PM, on 10/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Install.LALALALA\Desktop\Restore\seek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file) O2 - BHO: (no name) - {F6B1F430-52B5-4478-9FC6-A94F79D423C3} - C:\WINDOWS\system32\efcbayx.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [4812170c] rundll32.exe "C:\WINDOWS\system32\loncwruu.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - WWW Prefix: http://www.serial99.com/? O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166403475701 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166490417045 O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O20 - Winlogon Notify: efcbayx - C:\WINDOWS\SYSTEM32\efcbayx.dll O20 - Winlogon Notify: vstefyqf - C:\WINDOWS\SYSTEM32\vstefyqf.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6793 bytes |
|
|
|
|
10-24-2007, 06:21 PM
|
#30 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
Open notepad and copy/paste the text in the quotebox below into it:
Quote:
 Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
|
10-24-2007, 06:55 PM
|
#31 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 33
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
ComboFix 07-10-25.1 - Install 2007-10-25 20:38:51.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.177 [GMT -4:00] Running from: C:\Documents and Settings\Install.LALALALA\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Install.LALALALA\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\efcbayx.dll C:\WINDOWS\system32\gwpusjxs.dll C:\WINDOWS\system32\loncwruu.dll C:\WINDOWS\system32\vstefyqf.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\efcbayx.dll C:\WINDOWS\system32\gwpusjxs.dll C:\WINDOWS\system32\loncwruu.dll C:\WINDOWS\system32\vstefyqf.dll . ((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))) . 2007-10-23 20:55 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\U3 2007-10-22 18:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-22 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-22 18:47 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-21 19:50 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\Viewpoint 2007-10-21 19:07 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\acccore 2007-10-21 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2007-10-21 11:59 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-10-21 11:58 <DIR> d-------- C:\Q3Ademo 2007-10-12 17:55 <DIR> d-------- C:\wf 2007-10-09 18:10 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-08 18:13 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files 2007-10-08 18:12 <DIR> d-------- C:\WINDOWS\system32\Cache 2007-10-08 11:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-08 09:19 <DIR> d-------- C:\Deckard 2007-10-04 19:48 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2007-09-30 22:11 <DIR> d-------- C:\Documents and Settings\Rooster\Application Data\Kingsoft 2007-09-30 13:56 1,712,128 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Kingsoft 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Common Files\Kingsoft 2007-09-30 12:52 <DIR> d-------- C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 20:44 --------- d-----w C:\Program Files\Viewpoint 2007-10-23 20:44 --------- d-----w C:\Program Files\AIM6 2007-10-23 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-23 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-10-22 22:49 --------- d-----w C:\Program Files\Java 2007-10-21 18:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-21 01:03 --------- d-----w C:\Program Files\Silkroad 2007-10-20 18:47 --------- d-----w C:\Program Files\Trash 2007-09-22 22:24 --------- d-----w C:\Program Files\Battleships Forever 2007-09-19 19:33 --------- d-----w C:\Program Files\Google 2007-09-18 22:41 --------- d-----w C:\Program Files\DivX 2007-09-18 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-18 00:30 --------- d-----w C:\Program Files\Veoh Networks 2007-09-06 03:40 --------- d-----w C:\Program Files\Kodak 2007-08-27 23:47 --------- d-----w C:\Documents and Settings\Rooster\Application Data\Apple Computer 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 --- |
-> Run -> paste in the following single line command & click OK