Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
I have a weird icon on my toolbar that keeps flashing I have a weird icon on my toolbar that keeps flashing
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 10-07-2007, 10:47 AM   #1 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 33
OS: xpsp2


I have a weird icon on my toolbar that keeps flashing
Well.. The icon looks like the windows security icon and it keeps flashing between a blue color with a question mark and a red color with the x but bigger than the authentic one. I pops up with a balloon saying that there are spyware applications on my computer and click here to get the antispyware solution. I know the program is a fake because I check online and got rid of it but somehow it does not show up on my task manager.

Heres the HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:03 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\spools.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Install\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Service Host] spools.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Service Host] spools.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\PROGRA~1\MEGAUP~1\MEGAMA~1\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166403475701
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166490417045
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O22 - SharedTaskScheduler: chinned - {a47e7ce0-263d-40aa-86bc-27c1f6433143} - C:\WINDOWS\system32\gdrtul.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 6329 bytes
HappySupport is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-07-2007, 08:59 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,751
OS: 2000 Pro; XP Pro; XP Home


Re: I have a weird icon on my toolbar that keeps flashing
Please download the Suspicious File Packer http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of bad files into the Suspicious File Packer window:
C:\WINDOWS\system32\gdrtul.dll
Allow SFP to pack the files by clicking Continue.
This will generate a CAB archive on your desktop named requested-files[Date/Time].cab.
Please submit it to this site http://www.bleepingcomputer.com/subm...php?channel=12 and include a link to this topic in the message.
You can then delete the requested-files.cab file from your desktop, once you have uploaded it to the above recipient.

Edit...post back here when you've done that.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
Last edited by tetonbob : 10-07-2007 at 09:05 PM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-07-2007, 10:01 PM   #3 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,751
OS: 2000 Pro; XP Pro; XP Home


Re: I have a weird icon on my toolbar that keeps flashing
In addition to my previous instructions, please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-08-2007, 07:28 AM   #4 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 33
OS: xpsp2


Re: I have a weird icon on my toolbar that keeps flashing
Okay. I did what you wrote. Here's the main.txt.

Deckard's System Scanner v20070905.67
Run by Install on 2007-10-08 09:19:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
42: 2007-10-08 13:19:46 UTC - RP270 - Deckard's System Scanner Restore Point
41: 2007-10-08 04:19:25 UTC - RP269 - System Checkpoint
40: 2007-10-06 22:11:26 UTC - RP268 - Removed Microsoft Mike and Mary TTS Voices
39: 2007-10-06 20:25:42 UTC - RP267 - Uniblue RegistryBooster
38: 2007-10-05 00:20:28 UTC - RP266 - System Checkpoint


-- First Restore Point --
1: 2007-08-15 16:09:24 UTC - RP229 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Install.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:05 AM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Documents and Settings\Install\Desktop\dss.exe
C:\DOCUME~1\Install\Desktop\Install.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Service Host] spools.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Service Host] spools.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\PROGRA~1\MEGAUP~1\MEGAMA~1\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166403475701
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166490417045
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O22 - SharedTaskScheduler: chinned - {a47e7ce0-263d-40aa-86bc-27c1f6433143} - C:\WINDOWS\system32\gdrtul.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 6312 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 s3chipid - c:\docume~1\install\locals~1\temp\s3chipid.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491043&REV_80\3&267A616A&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_31491043&REV_80\3&267A616A&0&78
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041043&REV_86\3&267A616A&0&84
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_31041043&REV_86\3&267A616A&0&84
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-10-06 21:57:57 274 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-08-08 09:04:00 268 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2007-08-08 09:01:42 342 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2007-08-07 21:54:04 396 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-09-08 and 2007-10-08 -----------------------------

2007-10-06 16:49:19 0 dr-h----- C:\Documents and Settings\Install\Recent
2007-10-06 1601 0 d-------- C:\Program Files\AntiVirGear 3.8
2007-10-04 19:48:04 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-09-30 22:11:44 0 d-------- C:\Documents and Settings\Rooster\Application Data\Kingsoft
2007-09-30 14:09:28 0 d-------- C:\Documents and Settings\Install\Application Data\KingSoft
2007-09-30 13:57:26 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2007-09-30 13:57:26 539968 --a------ C:\WINDOWS\system32\Voctool.dll <Not Verified; Kingsoft, Co.; VocTool>
2007-09-30 13:57:26 525824 --a------ C:\WINDOWS\system32\VOCTL32.DLL <Not Verified; Voxware, Inc.; ToolVox>
2007-09-30 13:57:26 0 d-------- C:\WINDOWS\system32\Redist
2007-09-30 13:57:26 19760 --a------ C:\WINDOWS\system32\Ractdnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2007-09-30 13:57:26 53568 --a------ C:\WINDOWS\system32\Ract14_4.dll <Not Verified; Progressive Networks, Inc.; 14.4 Audio Codec for RealAudio(tm) (16-bit) Version 3.0>
2007-09-30 13:57:26 14848 --a------ C:\WINDOWS\system32\Ra32dnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2007-09-30 13:57:26 72704 --a------ C:\WINDOWS\system32\Ra3228_8.dll <Not Verified; Progressive Networks, Inc.; 28.8 Audio Codec for RealAudio(tm) (32-bit) Version 3.0>
2007-09-30 13:57:26 81920 --a------ C:\WINDOWS\system32\Ra3214_4.dll <Not Verified; Progressive Networks, Inc.; 14.4 Audio Codec for RealAudio(tm) (32-bit) Version 3.0>
2007-09-30 13:57:26 189952 --a------ C:\WINDOWS\system32\Pnui3230.dll <Not Verified; Progressive Networks, Inc.; High-level Support Library for RealAudio® (32-bit) Version 3.0>
2007-09-30 13:57:26 27024 --a------ C:\WINDOWS\system32\Pnloader.dll <Not Verified; Progressive Networks, Inc.; Dynamic Load and Bind Support for RealAudio® (16-bit) Version 3.0>
2007-09-30 13:57:25 163328 --a------ C:\WINDOWS\system32\Pnen3230.dll <Not Verified; Progressive Networks, Inc.; Core Support Library for RealAudio® (32-bit) Version 3.0>
2007-09-30 13:57:25 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-09-30 13:57:25 61440 --a------ C:\WINDOWS\system32\Decdnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio(tm) Shared Component (32-bit)>
2007-09-30 13:56:54 1712128 --a------ C:\WINDOWS\system32\GdiPlus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-30 13:54:51 0 d-------- C:\Program Files\Kingsoft
2007-09-30 13:54:51 0 d-------- C:\Program Files\Common Files\Kingsoft
2007-09-30 12:52:58 0 d-------- C:\Program Files\MSECache
2007-09-23 13:31:00 0 d-------- C:\Documents and Settings\Install\Application Data\DivX
2007-09-21 00:11:38 0 d-------- C:\Documents and Settings\Rooster\Application Data\WinRAR
2007-09-20 23:23:58 0 d-------- C:\Inetpub
2007-09-18 20:52:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-18 18:40:29 0 d-------- C:\Program Files\Google
2007-09-17 20:30:26 0 d-------- C:\Program Files\Veoh Networks
2007-09-13 10:24:54 0 d-------- C:\Program Files\Battleships Forever
2007-09-08 08:47:23 0 d-------- C:\WINDOWS\.jagex_cache_32


-- Find3M Report ---------------------------------------------------------------

2007-10-04 20:57:01 0 d-------- C:\Documents and Settings\Install\Application Data\U3
2007-10-03 21:51:09 0 d-------- C:\Program Files\Trash
2007-09-30 13:57:26 12800 --a-s---- C:\WINDOWS\system32\gdrtul.dll
2007-09-30 13:54:51 0 d-------- C:\Program Files\Common Files
2007-09-30 12:57:34 44184 --a------ C:\Documents and Settings\Install\Application Data\GDIPFONTCACHEV1.DAT
2007-09-18 18:41:40 0 d-------- C:\Program Files\DivX
2007-09-17 20:31:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-07 22:42:23 0 d-------- C:\Program Files\Silkroad
2007-09-05 23:40:27 0 d-------- C:\Program Files\Kodak
2007-09-03 15:26:14 0 d-------- C:\Program Files\SC
2007-08-22 14:50:34 0 d-------- C:\Program Files\Uniblue
2007-08-22 14:50:33 0 d-------- C:\Documents and Settings\Install\Application Data\Uniblue
2007-08-20 20:26:52 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-20 20:26:52 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-16 21:05:59 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-08-16 20:58:38 0 d-------- C:\Documents and Settings\Install\Application Data\PC-FAX TX
2007-08-15 18:33:14 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 18:30:56 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-08-15 18:30:56 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-08-15 18:30:56 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-08-15 18:30:56 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-08-15 18:30:26 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-09 20:28:56 99840 --a------ C:\WINDOWS\winsys.exe
2007-08-08 23:07:16 0 d-------- C:\Program Files\Apense Express
2007-07-30 18:02:28 65536 --a------ C:\wuA32.exe
2007-07-26 19:28:21 43520 --a------ C:\Documents and Settings\Install\Application Data\pstorage.shark
2007-07-26 19:27:42 57344 --a------ C:\Documents and Settings\Install\Application Data\firefox.shark
2007-07-26 1939 498650 --a------ C:\WINDOWS\trJ64.exe <Not Verified; ; Projekt1>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"= C:\Program Files\Online Video Add-on\ictmdl.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [03/08/2005 04:33 AM C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [03/11/2005 06:33 PM C:\WINDOWS\system32\VTTrayp.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:32 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 01:31 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"Windows Service Host"="spools.exe" [08/04/2004 03:56 AM C:\WINDOWS\system32\spools.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/04/2007 04:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [09/12/2007 07:33 PM]
"@"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Service Host"=spools.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"=C:\Program Files\Video ActiveX Object\pmsngr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a47e7ce0-263d-40aa-86bc-27c1f6433143}"= C:\WINDOWS\system32\gdrtul.dll [09/30/2007 01:57 PM 12800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af134a6c-b6d7-11db-b695-001731427ee4}]
AutoRun\command- G:\LaunchU3.exe -a


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E05704FA-C2DA-F00E-B900-B714060870F0}]
C:\Documents and Settings\Install\Application Data\mako.exe



-- End of Deckard's System Scanner: finished at 2007-10-08 09:22:52 ------------
Attached Files
File Type: txt extra.txt (13.6 KB, 2 views)
HappySupport is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-08-2007, 08:22 AM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,751
OS: 2000 Pro; XP Pro; XP Home


Re: I have a weird icon on my toolbar that keeps flashing
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

The file I was trying to collect for our tool authors and AV vendors was blocked from being packed. We'll try another method. This should also disable it.

---------------------------------------------------------------------------------------------
  1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet....pull the plug!
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Quote:
    http://www.techsupportforum.com/security-center/hijackthis-log-help/186429-i-have-weird-icon-my-toolbar-keeps-flashing.html

    Killall::

    Folder::
    C:\Program Files\AntiVirGear 3.8

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Service Host"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "Windows Service Host"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{a47e7ce0-263d-40aa-86bc-27c1f6433143}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{41F6170D-6AF8-4188-8D92-9DDAB3C71A78}]

    Collect::[28]
    C:\WINDOWS\system32\gdrtul.dll
    C:\WINDOWS\system32\spools.exe

    Suspect::[28]
    C:\WINDOWS\trJ64.exe
    C:\wuA32.exe
    C:\WINDOWS\winsys.exe
    Save this as CFScript.txt




    Refering to the picture above, drag CFScript.txt into ComboFix.exe
  4. Follow the prompts. Type "1" and press Enter to begin the scan.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

    Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

    ---------------------------------------------------------------------------------------------

  7. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-08-2007, 10:36 AM   #6 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 33
OS: xpsp2


Re: I have a weird icon on my toolbar that keeps flashing
Here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:23 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Install\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\PROGRA~1\MEGAUP~1\MEGAMA~1\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166403475701
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166490417045
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 5834 bytes
HappySupport is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-08-2007, 10:41 AM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,751
OS: 2000 Pro; XP Pro; XP Home


Re: I have a weird icon on my toolbar that keeps flashing
Hi HappySupport -

I've received the file, thanks.

Please post the log from ComboFix. If it's been closed, it's located at C:\ComboFix.txt
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-10-2007, 02:19 PM   #8 (permalink)
Registered User
 
Join Date: Oct 2007
Posts: 33
OS: xpsp2


Re: I have a weird icon on my toolbar that keeps flashing
Here.

ComboFix 07-10-08.3 - Install 2007-10-08 11:17:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.221 [GMT -4:00]
Running from: C:\Documents and Settings\Install\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Install\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AntiVirGear 3.8
C:\Program Files\AntiVirGear 3.8\vpp.ini
C:\Program Files\AntiVirGear 3.8\vpp.ini
C:\Program Files\outlook
C:\Program Files\SC
C:\Program Files\SC\cheat\0001.cht
C:\Program Files\SC\cheat\0002.cht
C:\Program Files\SC\cheat\0004.cht
C:\Program Files\SC\cheat\0005.cht
C:\Program Files\SC\cheat\0006.cht
C:\Program Files\SC\cheat\0007.cht
C:\Program Files\SC\cheat\0008.cht
C:\Program Files\SC\cheat\0009.cht
C:\Program Files\SC\cheat\0010.cht
C:\Program Files\SC\cheat\0011.cht
C:\Program Files\SC\cheat\0012.cht
C:\Program Files\SC\cheat\0013.cht
C:\Program Files\SC\cheat\0014.cht
C:\Program Files\SC\cheat\0015.cht
C:\Program Files\SC\cheat\0016.cht
C:\Program Files\SC\cheat\0017.cht
C:\Program Files\SC\cheat\0018.cht
C:\Program Files\SC\cheat\0019.cht
C:\Program Files\SC\cheat\0020.cht
C:\Program Files\SC\cheat\0021.cht
C:\Program Files\SC\cheat\0022.cht
C:\Program Files\SC\cheat\0023.cht
C:\Program Files\SC\cheat\0024.cht
C:\Program Files\SC\cheat\0025.cht
C:\Program Files\SC\cheat\0026.cht
C:\Program Files\SC\cheat\0027.cht
C:\Program Files\SC\cheat\0028.cht
C:\Program Files\SC\cheat\0029.cht
C:\Program Files\SC\cheat\0030.cht
C:\Program Files\SC\cheat\0031.cht
C:\Program Files\SC\cheat\0032.cht
C:\Program Files\SC\cheat\0033.cht
C:\Program Files\SC\cheat\0034.cht
C:\Program Files\SC\cheat\0035.cht
C:\Program Files\SC\cheat\0036.cht
C:\Program Files\SC\cheat\0037.cht
C:\Program Files\SC\cheat\0038.cht
C:\Program Files\SC\cheat\0039.cht
C:\Program Files\SC\cheat\0040.cht
C:\Program Files\SC\cheat\0041.cht
C:\Program Files\SC\cheat\0042.cht
C:\Program Files\SC\cheat\0043.cht
C:\Program Files\SC\cheat\0044.cht
C:\Program Files\SC\cheat\0045.cht
C:\Program Files\SC\cheat\0046.cht
C:\Program Files\SC\cheat\0047.cht
C:\Program Files\SC\cheat\0048.cht
C:\Program Files\SC\cheat\0049.cht
C:\Program Files\SC\cheat\0050.cht
C:\Program Files\SC\cheat\0051.cht
C:\Program Files\SC\cheat\0052.cht
C:\Program Files\SC\cheat\0053.cht
C:\Program Files\SC\cheat\0054.cht
C:\Program Files\SC\cheat\0055.cht
C:\Program Files\SC\cheat\0056.cht
C:\Program Files\SC\cheat\0057.cht
C:\Program Files\SC\cheat\0058.cht
C:\Program Files\SC\cheat\0059.cht
C:\Program Files\SC\cheat\0060.cht
C:\Program Files\SC\cheat\0061.cht
C:\Program Files\SC\cheat\0062.cht
C:\Program Files\SC\cheat\0063.cht
C:\Program Files\SC\cheat\0064.cht
C:\Program Files\SC\cheat\0065.cht
C:\Program Files\SC\cheat\0066.cht
C:\Program Files\SC\cheat\0067.cht
C:\Program Files\SC\cheat\0069.cht
C:\Program Files\SC\cheat\0070.cht
C:\Program Files\SC\cheat\0071.cht
C:\Program Files\SC\cheat\0072.cht
C:\Program Files\SC\cheat\0073.cht
C:\Program Files\SC\cheat\0074.cht
C:\Program Files\SC\cheat\0075.cht
C:\Program Files\SC\cheat\0076.cht
C:\Program Files\SC\cheat\0077.cht
C:\Program Files\SC\cheat\0078.cht
C:\Program Files\SC\cheat\0079.cht
C:\Program Files\SC\cheat\0080.cht
C:\Program Files\SC\cheat\0081.cht
C:\Program Files\SC\cheat\0082.cht
C:\Program Files\SC\cheat\0083.cht
C:\Program Files\SC\cheat\0084.cht
C:\Program Files\SC\cheat\0086.cht
C:\Program Files\SC\cheat\0087.cht
C:\Program Files\SC\cheat\0088.cht
C:\Program Files\SC\cheat\0089.cht
C:\Program Files\SC\cheat\0090.cht
C:\Program Files\SC\cheat\0091.cht
C:\Program Files\SC\cheat\0092.cht
C:\Program Files\SC\cheat\0093.cht
C:\Program Files\SC\cheat\0094.cht
C:\Program Files\SC\cheat\0095.cht
C:\Program Files\SC\cheat\0096.cht
C:\Program Files\SC\cheat\0097.cht
C:\Program Files\SC\cheat\0099.cht
C:\Program Files\SC\cheat\0100.cht
C:\Program Files\SC\cheat\0101.cht
C:\Program Files\SC\cheat\0102.cht
C:\Program Files\SC\cheat\0103.cht
C:\Program Files\SC\cheat\0104.cht
C:\Program Files\SC\cheat\0105.cht
C:\Program Files\SC\cheat\0106.cht
C:\Program Files\SC\cheat\0107.cht
C:\Program Files\SC\cheat\0108.cht
C:\Program Files\SC\cheat\0109.cht
C:\Program Files\SC\cheat\0110.cht
C:\Program Files\SC\cheat\0111.cht
C:\Program Files\SC\cheat\0112.cht
C:\Program Files\SC\cheat\0113.cht
C:\Program Files\SC\cheat\0114.cht
C:\Program Files\SC\cheat\0115.cht
C:\Program Files\SC\cheat\0116.cht
C:\Program Files\SC\cheat\0117.cht
C:\Program Files\SC\cheat\0118.cht
C:\Program Files\SC\cheat\0119.cht
C:\Program Files\SC\cheat\0120.cht
C:\Program Files\SC\cheat\0121.cht
C:\Program Files\SC\cheat\0122.cht
C:\Program Files\SC\cheat\0123.cht
C:\Program Files\SC\cheat\0124.cht
C:\Program Files\SC\cheat\0125.cht
C:\Program Files\SC\cheat\0126.cht
C:\Program Files\SC\cheat\0127.cht
C:\Program Files\SC\cheat\0128.cht
C:\Program Files\SC\cheat\0129.cht
C:\Program Files\SC\cheat\0130.cht
C:\Program Files\SC\cheat\0131.cht
C:\Program Files\SC\cheat\0132.cht
C:\Program Files\SC\cheat\0133.cht
C:\Program Files\SC\cheat\0134.cht
C:\Program Files\SC\cheat\0135.cht
C:\Program Files\SC\cheat\0136.cht
C:\Program Files\SC\cheat\0137.cht
C:\Program Files\SC\cheat\0138.cht
C:\Program Files\SC\cheat\0139.cht
C:\Program Files\SC\cheat\0140.cht
C:\Program Files\SC\cheat\0141.cht
C:\Program Files\SC\cheat\0142.cht
C:\Program Files\SC\cheat\0143.cht
C:\Program Files\SC\cheat\0144.cht
C:\Program Files\SC\cheat\0145.cht
C:\Program Files\SC\cheat\0146.cht
C:\Program Files\SC\cheat\0147.cht
C:\Program Files\SC\cheat\0148.cht
C:\Program Files\SC\cheat\0149.cht
C:\Program Files\SC\cheat\0150.cht
C:\Program Files\SC\cheat\0151.cht
C:\Program Files\SC\cheat\0152.cht
C:\Program Files\SC\cheat\0153.cht
C:\Program Files\SC\cheat\0154.cht
C:\Program Files\SC\cheat\0155.cht
C:\Program Files\SC\cheat\0156.cht
C:\Program Files\SC\cheat\0157.cht
C:\Program Files\SC\cheat\0158.cht
C:\Program Files\SC\cheat\0159.cht
C:\Program Files\SC\cheat\0160.cht
C:\Program Files\SC\cheat\0161.cht
C:\Program Files\SC\cheat\0162.cht
C:\Program Files\SC\cheat\0163.cht
C:\Program Files\SC\cheat\0164.cht
C:\Program Files\SC\cheat\0165.cht
C:\Program Files\SC\cheat\0166.cht
C:\Program Files\SC\cheat\0167.cht
C:\Program Files\SC\cheat\0168.cht
C:\Program Files\SC\cheat\0169.cht
C:\Program Files\SC\cheat\0170.cht
C:\Program Files\SC\cheat\0171.cht
C:\Program Files\SC\cheat\0172.cht
C:\Program Files\SC\cheat\0173.cht
C:\Program Files\SC\cheat\0174.cht
C:\Program Files\SC\cheat\0175.cht
C:\Program Files\SC\cheat\0176.cht
C:\Program Files\SC\cheat\0177.cht
C:\Program Files\SC\cheat\0178.cht
C:\Program Files\SC\cheat\0179.cht
C:\Program Files\SC\cheat\0180.cht
C:\Program Files\SC\cheat\0181.cht
C:\Program Files\SC\cheat\0182.cht
C:\Program Files\SC\cheat\0183.cht
C:\Program Files\SC\cheat\0184.cht
C:\Program Files\SC\cheat\0185.cht
C:\Program Files\SC\cheat\0186.cht
C:\Program Files\SC\cheat\0187.cht
C:\Program Files\SC\cheat\0188.cht
C:\Program Files\SC\cheat\0189.cht
C:\Program Files\SC\cheat\0190.cht
C:\Program Files\SC\cheat\0191.cht
C:\Program Files\SC\cheat\0192.cht
C:\Program Files\SC\cheat\0193.cht
C:\Program Files\SC\cheat\0194.cht
C:\Program Files\SC\cheat\0195.cht
C:\Program Files\SC\cheat\0196.cht
C:\Program Files\SC\cheat\0197.cht
C:\Program Files\SC\cheat\0198.cht
C:\Program Files\SC\cheat\0199.cht
C:\Program Files\SC\cheat\0200.cht
C:\Program Files\SC\cheat\0201.cht
C:\Program Files\SC\cheat\0202.cht
C:\Program Files\SC\cheat\0203.cht
C:\Program Files\SC\cheat\0204.cht
C:\Program Files\SC\cheat\0205.cht
C:\Program Files\SC\cheat\0206.cht
C:\Program Files\SC\cheat\0207.cht
C:\Program Files\SC\cheat\0208.cht
C:\Program Files\SC\cheat\0209.cht
C:\Program Files\SC\cheat\0210.cht
C:\Program Files\SC\cheat\0211.cht
C:\Program Files\SC\cheat\0212.cht
C:\Program Files\SC\cheat\0213.cht
C:\Program Files\SC\cheat\0214.cht
C:\Program Files\SC\cheat\0215.cht
C:\Program Files\SC\cheat\0216.cht
C:\Program Files\SC\cheat\0217.cht
C:\Program Files\SC\cheat\0218.cht
C:\Program Files\SC\cheat\0219.cht
C:\Program Files\SC\cheat\0220.cht
C:\Program Files\SC\cheat\0221.cht
C:\Program Files\SC\cheat\0222.cht
C:\Program Files\SC\cheat\0223.cht
C:\Program Files\SC\cheat\0224.cht
C:\Program Files\SC\cheat\0225.cht
C:\Program Files\SC\cheat\0226.cht
C:\Program Files\SC\cheat\0227.cht
C:\Program Files\SC\cheat\0228.cht
C:\Program Files\SC\cheat\0229.cht
C:\Program Files\SC\cheat\0230.cht
C:\Program Files\SC\cheat\0231.cht
C:\Program Files\SC\cheat\0232.cht
C:\Program Files\SC\cheat\0233.cht
C:\Program Files\SC\cheat\0234.cht
C:\Program Files\SC\cheat\0235.cht
C:\Program Files\SC\cheat\0236.cht
C:\Program Files\SC\cheat\0237.cht
C:\Program Files\SC\cheat\0238.cht
C:\Program Files\SC\cheat\0239.cht
C:\Program Files\SC\cheat\0240.cht
C:\Program Files\SC\cheat\0241.cht
C:\Program Files\SC\cheat\0242.cht
C:\Program Files\SC\cheat\0243.cht
C:\Program Files\SC\cheat\0244.cht
C:\Program Files\SC\cheat\0245.cht
C:\Program Files\SC\cheat\0246.cht
C:\Program Files\SC\cheat\0247.cht
C:\Program Files\SC\cheat\0248.cht
C:\Program Files\SC\cheat\0249.cht
C:\Program Files\SC\cheat\0250.cht
C:\Program Files\SC\cheat\0251.cht
C:\Program Files\SC\cheat\0252.cht
C:\Program Files\SC\cheat\0253.cht
C:\Program Files\SC\cheat\0254.cht
C:\Program Files\SC\cheat\0255.cht
C:\Program Files\SC\cheat\0256.cht
C:\Program Files\SC\cheat\0257.cht
C:\Program Files\SC\cheat\0258.cht
C:\Program Files\SC\cheat\0259.cht
C:\Program Files\SC\cheat\0260.cht
C:\Program Files\SC\cheat\0261.cht
C:\Program Files\SC\cheat\0262.cht
C:\Program Files\SC\cheat\0263.cht
C:\Program Files\SC\cheat\0264.cht
C:\Program Files\SC\cheat\0265.cht
C:\Program Files\SC\cheat\0266.cht
C:\Program Files\SC\cheat\0267.cht
C:\Program Files\SC\cheat\0268.cht
C:\Program Files\SC\cheat\0269.cht
C:\Program Files\SC\cheat\0270.cht
C:\Program Files\SC\cheat\0271.cht
C:\Program Files\SC\cheat\0272.cht
C:\Program Files\SC\cheat\0273.cht
C:\Program Files\SC\cheat\0274.cht
C:\Program Files\SC\cheat\0275.cht
C:\Program Files\SC\cheat\0276.cht
C:\Program Files\SC\cheat\0277.cht
C:\Program Files\SC\cheat\0278.cht
C:\Program Files\SC\cheat\0279.cht
C:\Program Files\SC\cheat\0280.cht
C:\Program Files\SC\cheat\0281.cht
C:\Program Files\SC\cheat\0282.cht
C:\Program Files\SC\cheat\0283.cht
C:\Program Files\SC\cheat\0284.cht
C:\Program Files\SC\cheat\0285.cht
C:\Program Files\SC\cheat\0286.cht
C:\Program Files\SC\cheat\0287.cht
C:\Program Files\SC\cheat\0288.cht
C:\Program Files\SC\cheat\0289.cht
C:\Program Files\SC\cheat\0290.cht
C:\Program Files\SC\cheat\0291.cht
C:\Program Files\SC\cheat\0292.cht
C:\Program Files\SC\cheat\0293.cht
C:\Program Files\SC\cheat\0294.cht
C:\Program Files\SC\cheat\0295.cht
C:\Program Files\SC\cheat\0296.cht
C:\Program Files\SC\cheat\0297.cht
C:\Program Files\SC\cheat\0298.cht
C:\Program Files\SC\cheat\0299.cht
C:\Program Files\SC\cheat\0300.cht
C:\Program Files\SC\cheat\0301.cht
C:\Program Files\SC\cheat\0302.cht
C:\Program Files\SC\cheat\0303.cht
C:\Program Files\SC\cheat\0304.cht
C:\Program Files\SC\cheat\0305.cht
C:\Program Files\SC\cheat\0306.cht
C:\Program Files\SC\cheat\0307.cht
C:\Program Files\SC\cheat\0308.cht
C:\Program Files\SC\cheat\0309.cht
C:\Program Files\SC\cheat\0310.cht
C:\Program Files\SC\cheat\0311.cht
C:\Program Files\SC\cheat\0312.cht
C:\Program Files\SC\cheat\0313.cht
C:\Program Files\SC\cheat\0314.cht
C:\Program Files\SC\cheat\0315.cht
C:\Program Files\SC\cheat\0316.cht
C:\Program Files\SC\cheat\0317.cht
C:\Program Files\SC\cheat\0318.cht
C:\Program Files\SC\cheat\0319.cht
C:\Program Files\SC\cheat\0320.cht
C:\Program Files\SC\cheat\0321.cht
C:\Program Files\SC\cheat\0322.cht
C:\Program Files\SC\cheat\0323.cht
C:\Program Files\SC\cheat\0324.cht
C:\Program Files\SC\cheat\0325.cht
C:\Program Files\SC\cheat\0326.cht
C:\Program Files\SC\cheat\0327.cht
C:\Program Files\SC\cheat\0328.cht
C:\Program Files\SC\cheat\0329.cht
C:\Program Files\SC\cheat\0330.cht
C:\Program Files\SC\cheat\0331.cht
C:\Program Files\SC\cheat\0332.cht
C:\Program Files\SC\cheat\0333.cht
C:\Program Files\SC\cheat\0334.cht
C:\Program Files\SC\cheat\0335.cht
C:\Program Files\SC\cheat\0336.cht
C:\Program Files\SC\cheat\0337.cht
C:\Program Files\SC\cheat\0338.cht
C:\Program Files\SC\cheat\0339.cht
C:\Program Files\SC\cheat\0340.cht
C:\Program Files\SC\cheat\0341.cht
C:\Program Files\SC\cheat\0342.cht
C:\Program Files\SC\cheat\0343.cht
C:\Program Files\SC\cheat\0344.cht
C:\Program Files\SC\cheat\0345.cht
C:\Program Files\SC\cheat\0346.cht
C:\Program Files\SC\cheat\0347.cht
C:\Program Files\SC\cheat\0348.cht
C:\Program Files\SC\cheat\0349.cht
C:\Program Files\SC\cheat\0350.cht
C:\Program Files\SC\cheat\0351.cht
C:\Program Files\SC\cheat\0352.cht
C:\Program Files\SC\cheat\0353.cht
C:\Program Files\SC\cheat\0354.cht
C:\Program Files\SC\cheat\0355.cht
C:\Program Files\SC\cheat\0356.cht
C:\Program Files\SC\cheat\0357.cht
C:\Program Files\SC\cheat\0358.cht
C:\Program Files\SC\cheat\0359.cht
C:\Program Files\SC\cheat\0360.cht
C:\Program Files\SC\cheat\0361.cht
C:\Program Files\SC\cheat\0362.cht
C:\Program Files\SC\cheat\0363.cht
C:\Program Files\SC\cheat\0364.cht
C:\Program Files\SC\cheat\0365.cht
C:\Program Files\SC\cheat\0366.cht
C:\Program Files\SC\cheat\0367.cht
C:\Program Files\SC\cheat\0368.cht
C:\Program Files\SC\cheat\0369.cht
C:\Program Files\SC\cheat\0370.cht
C:\Program Files\SC\cheat\0371.cht
C:\Program Files\SC\cheat\0372.cht
C:\Program Files\SC\cheat\0373.cht
C:\Program Files\SC\cheat\0374.cht
C:\Program Files\SC\cheat\0375.cht
C:\Program Files\SC\cheat\0376.cht
C:\Program Files\SC\cheat\0377.cht
C:\Program Files\SC\cheat\0378.cht
C:\Program Files\SC\cheat\0379.cht
C:\Program Files\SC\cheat\0380.cht
C:\Program Files\SC\cheat\0381.cht
C:\Program Files\SC\cheat\0382.cht
C:\Program Files\SC\cheat\0383.cht
C:\Program Files\SC\cheat\0384.cht
C:\Program Files\SC\cheat\0385.cht
C:\Program Files\SC\cheat\0386.cht
C:\Program Files\SC\cheat\0387.cht
C:\Program Files\SC\cheat\0388.cht
C:\Program Files\SC\cheat\0389.cht
C:\Program Files\SC\cheat\0390.cht
C:\Program Files\SC\cheat\0391.cht
C:\Program Files\SC\cheat\0392.cht
C:\Program Files\SC\cheat\0393.cht
C:\Program Files\SC\cheat\0394.cht
C:\Program Files\SC\cheat\0395.cht
C:\Program Files\SC\cheat\0396.cht
C:\Program Files\SC\cheat\0397.cht
C:\Program Files\SC\cheat\0398.cht
C:\Program Files\SC\cheat\0399.cht
C:\Program Files\SC\cheat\0400.cht
C:\Program Files\SC\cheat\0401.cht
C:\Program Files\SC\cheat\0402.cht
C:\Program Files\SC\cheat\0403.cht
C:\Program Files\SC\cheat\0404.cht
C:\Program Files\SC\cheat\0405.cht
C:\Program Files\SC\cheat\0406.cht
C:\Program Files\SC\cheat\0407.cht
C:\Program Files\SC\cheat\0408.cht
C:\Program Files\SC\cheat\0409.cht
C:\Program Files\SC\cheat\0410.cht
C:\Program Files\SC\cheat\0411.cht
C:\Program Files\SC\cheat\0412.cht
C:\Program Files\SC\cheat\0413.cht
C:\Program Files\SC\cheat\0414.cht
C:\Progra