|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
10-23-2007, 02:27 PM
|
#21 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,148
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
I'm waiting for the ComboFix log, and the answer to my question about CA AntiVirus.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
10-23-2007, 05:34 PM
|
#23 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,148
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
ComboFix log should be located at C:\ComboFix.txt
CA doesn't seem to be protecting you very well, as you have new infections showing. I'd like you to rename HijackThis.exe to seek.exe.
Post a new log with this renamed executable.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-24-2007, 01:59 PM
|
#24 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 34
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
The CFScript.txt is not there.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:58 PM, on 2007/10/24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\tlgngubf.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Install.LALALALA\Desktop\Restore\seek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\rxuwgeyo.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vstefyqf.dll O2 - BHO: (no name) - {B8C99566-0510-4FE5-9F51-DB99BEFAE082} - C:\WINDOWS\system32\sstqn.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file) O2 - BHO: (no name) - {F6B1F430-52B5-4478-9FC6-A94F79D423C3} - C:\WINDOWS\system32\efcbayx.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vstefyqf.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [4812170c] rundll32.exe "C:\WINDOWS\system32\loncwruu.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - WWW Prefix: http://www.serial99.com/? O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166403475701 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166490417045 O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O20 - Winlogon Notify: efcbayx - C:\WINDOWS\SYSTEM32\efcbayx.dll O20 - Winlogon Notify: vstefyqf - C:\WINDOWS\SYSTEM32\vstefyqf.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: DomainService - - C:\WINDOWS\system32\tlgngubf.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7287 bytes |
|
|
|
|
10-24-2007, 04:23 PM
|
#25 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,148
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
You need to keep this machine offline as much as possible. We're back to square one. Discontinue your usual online practices until we have this under control.
If you have another machine with which you can communicate, use that instead of the infected one. Transfer tools and logs between the machines via removable media such as USB stick or CDR. Delete your existing version of ComboFix. Also delete C:\ComboFix folder if it exists. Download a new version from the link below. You might want to consider an alternative to CA. It does not appear to be helping you. I can provide free alternatives. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-24-2007, 05:12 PM
|
#26 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 34
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
My CA Virus Scanner is no on when I start my computer because I thought it slowed down my computer since it is umm... horrible. My AVG Anti-Spyware is only the free version because I downloaded only the Trial several months ago.
|
|
|
|
|
10-24-2007, 05:16 PM
|
#27 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,148
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
OK, we can talk about that afterwards, however if your Anti-Virus is not active at Windows startup, it can't get updates, and does not protect you in real time.
For now, run the new ComboFix using the instructions provided. If possible, use another machine and keep the infected one offline.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-24-2007, 05:43 PM
|
#28 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 34
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
ComboFix 07-10-25.1 - Install 2007-10-24 19:20:17.4 - NTFSx86
Running from: C:\Documents and Settings\Install.LALALALA\desktop\combofix.exe Command switches used :: /killall * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\WINDOWS\cookies.ini C:\WINDOWS\system32\nqtss.bak1 C:\WINDOWS\system32\nqtss.bak2 C:\WINDOWS\system32\nqtss.ini C:\WINDOWS\system32\rxuwgeyo.dll C:\WINDOWS\system32\sstqn.dll C:\WINDOWS\system32\tlgngubf.exe C:\WINDOWS\system32\vstefyqf.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 ))))))))))))))))))))))))))))))) . 2007-10-24 07:49 84,544 --a------ C:\WINDOWS\system32\loncwruu.dll 2007-10-23 20:55 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\U3 2007-10-22 18:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-22 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-22 18:47 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-22 07:46 340,032 --a------ C:\WINDOWS\system32\vstefyqf.dll 2007-10-22 07:45 340,032 --a------ C:\WINDOWS\system32\gwpusjxs.dll 2007-10-21 19:50 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\Viewpoint 2007-10-21 19:07 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\acccore 2007-10-21 18:08 34,304 --a------ C:\WINDOWS\system32\efcbayx.dll 2007-10-21 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2007-10-21 11:59 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-10-21 11:58 <DIR> d-------- C:\Q3Ademo 2007-10-12 17:55 <DIR> d-------- C:\wf 2007-10-09 18:10 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-08 18:13 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files 2007-10-08 18:12 <DIR> d-------- C:\WINDOWS\system32\Cache 2007-10-08 11:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-08 09:19 <DIR> d-------- C:\Deckard 2007-10-04 19:48 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2007-09-30 22:11 <DIR> d-------- C:\Documents and Settings\Rooster\Application Data\Kingsoft 2007-09-30 13:56 1,712,128 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Kingsoft 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Common Files\Kingsoft 2007-09-30 12:52 <DIR> d-------- C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 20:44 --------- d-----w C:\Program Files\Viewpoint 2007-10-23 20:44 --------- d-----w C:\Program Files\AIM6 2007-10-23 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-23 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-10-22 22:49 --------- d-----w C:\Program Files\Java 2007-10-21 18:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-21 01:03 --------- d-----w C:\Program Files\Silkroad 2007-10-20 18:47 --------- d-----w C:\Program Files\Trash 2007-09-22 22:24 --------- d-----w C:\Program Files\Battleships Forever 2007-09-19 19:33 --------- d-----w C:\Program Files\Google 2007-09-18 22:41 --------- d-----w C:\Program Files\DivX 2007-09-18 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-18 00:30 --------- d-----w C:\Program Files\Veoh Networks 2007-09-06 03:40 --------- d-----w C:\Program Files\Kodak 2007-08-27 23:47 --------- d-----w C:\Documents and Settings\Rooster\Application Data\Apple Computer 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2007-02-04 16:36 40,296 ----a-w C:\Documents and Settings\Rooster\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( snapshot_2007-10-22_16.56.22.20 ))))))))))))))))))))))))))))))))))))))))) . + 2007-01-24 01:41:42 841,304 ----a-w C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll + 2007-10-23 20:43:32 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe - 2007-10-22 20:51:40 216,767 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2007-10-25 23:33:23 216,768 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin - 2006-11-09 18:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2007-09-25 02:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-11-09 18:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-09-25 02:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-11-09 20:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-09-25 03:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6B1F430-52B5-4478-9FC6-A94F79D423C3}] 2007-10-21 18:08 34304 --a------ C:\WINDOWS\system32\efcbayx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:32] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 01:31] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-04 16:52] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-12 18:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "4812170c"="C:\WINDOWS\system32\loncwruu.dll" [2007-10-24 07:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-09-12 19:33] "Aim6"="" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{F6B1F430-52B5-4478-9FC6-A94F79D423C3}"= C:\WINDOWS\system32\efcbayx.dll [2007-10-21 18:08 34304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbayx] efcbayx.dll 2007-10-21 18:08 34304 C:\WINDOWS\system32\efcbayx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vstefyqf] vstefyqf.dll 2007-10-22 07:46 340032 C:\WINDOWS\system32\vstefyqf.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqn.dll R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys S3 s3chipid;s3chipid;\??\C:\DOCUME~1\Install\LOCALS~1\Temp\s3chipid.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E05704FA-C2DA-F00E-B900-B714060870F0}] C:\Documents and Settings\Install\Application Data\mako.exe . Contents of the 'Scheduled Tasks' folder "2007-10-17 02:02:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" "2007-08-08 01:54:04 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-08-08 13:04:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2007-08-08 13:01:42 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-25 19:35:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-25 19:38:39 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-08 12:24 C:\ComboFix2.txt ... 2007-10-22 21:21 C:\ComboFix3.txt ... 2007-10-08 12:24 . --- E O F --- |
|
|
|
|
10-24-2007, 05:43 PM
|
#29 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 34
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:24 PM, on 10/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Install.LALALALA\Desktop\Restore\seek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file) O2 - BHO: (no name) - {F6B1F430-52B5-4478-9FC6-A94F79D423C3} - C:\WINDOWS\system32\efcbayx.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [4812170c] rundll32.exe "C:\WINDOWS\system32\loncwruu.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - WWW Prefix: http://www.serial99.com/? O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166403475701 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166490417045 O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O20 - Winlogon Notify: efcbayx - C:\WINDOWS\SYSTEM32\efcbayx.dll O20 - Winlogon Notify: vstefyqf - C:\WINDOWS\SYSTEM32\vstefyqf.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6793 bytes |
|
|
|
|
10-24-2007, 06:21 PM
|
#30 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,148
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
Open notepad and copy/paste the text in the quotebox below into it:
Quote:
 Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
10-24-2007, 06:55 PM
|
#31 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 34
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
ComboFix 07-10-25.1 - Install 2007-10-25 20:38:51.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.177 [GMT -4:00] Running from: C:\Documents and Settings\Install.LALALALA\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Install.LALALALA\Desktop\CFScript.txt * Created a new restore point FILE:: C:\WINDOWS\system32\efcbayx.dll C:\WINDOWS\system32\gwpusjxs.dll C:\WINDOWS\system32\loncwruu.dll C:\WINDOWS\system32\vstefyqf.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\efcbayx.dll C:\WINDOWS\system32\gwpusjxs.dll C:\WINDOWS\system32\loncwruu.dll C:\WINDOWS\system32\vstefyqf.dll . ((((((((((((((((((((((((( Files Created from 2007-09-26 to 2007-10-26 ))))))))))))))))))))))))))))))) . 2007-10-23 20:55 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\U3 2007-10-22 18:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-10-22 18:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-22 18:47 <DIR> d-------- C:\Program Files\Common Files\Java 2007-10-21 19:50 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\Viewpoint 2007-10-21 19:07 <DIR> d-------- C:\Documents and Settings\Install.LALALALA\Application Data\acccore 2007-10-21 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2007-10-21 11:59 86,016 --a------ C:\WINDOWS\unvise32.exe 2007-10-21 11:58 <DIR> d-------- C:\Q3Ademo 2007-10-12 17:55 <DIR> d-------- C:\wf 2007-10-09 18:10 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-08 18:13 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files 2007-10-08 18:12 <DIR> d-------- C:\WINDOWS\system32\Cache 2007-10-08 11:15 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-08 09:19 <DIR> d-------- C:\Deckard 2007-10-04 19:48 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2007-09-30 22:11 <DIR> d-------- C:\Documents and Settings\Rooster\Application Data\Kingsoft 2007-09-30 13:56 1,712,128 --a------ C:\WINDOWS\system32\GdiPlus.dll 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Kingsoft 2007-09-30 13:54 <DIR> d-------- C:\Program Files\Common Files\Kingsoft 2007-09-30 12:52 <DIR> d-------- C:\Program Files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-23 20:44 --------- d-----w C:\Program Files\Viewpoint 2007-10-23 20:44 --------- d-----w C:\Program Files\AIM6 2007-10-23 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-23 20:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-10-22 22:49 --------- d-----w C:\Program Files\Java 2007-10-21 18:39 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-10-21 01:03 --------- d-----w C:\Program Files\Silkroad 2007-10-20 18:47 --------- d-----w C:\Program Files\Trash 2007-09-22 22:24 --------- d-----w C:\Program Files\Battleships Forever 2007-09-19 19:33 --------- d-----w C:\Program Files\Google 2007-09-18 22:41 --------- d-----w C:\Program Files\DivX 2007-09-18 00:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-18 00:30 --------- d-----w C:\Program Files\Veoh Networks 2007-09-06 03:40 --------- d-----w C:\Program Files\Kodak 2007-08-27 23:47 --------- d-----w C:\Documents and Settings\Rooster\Application Data\Apple Computer 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll 2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll 2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll 2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll 2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-08-15 22:33 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-08-15 22:33 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll 2007-08-15 22:33 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe 2007-08-15 22:33 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe 2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-08-15 22:30 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-08-15 22:30 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-08-15 22:30 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2007-07-30 23:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-07-30 23:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2007-02-04 16:36 40,296 ----a-w C:\Documents and Settings\Rooster\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\system32\Cache ---- ((((((((((((((((((((((((((((( snapshot_2007-10-22_16.56.22.20 ))))))))))))))))))))))))))))))))))))))))) . + 2007-01-24 01:41:42 841,304 ----a-w C:\WINDOWS\Downloaded Program Files\ampAx3.0.84.2.dll + 2007-10-23 20:43:32 38,428 ----a-w C:\WINDOWS\Downloaded Program Files\unagiuninst.exe - 2007-10-22 20:51:40 216,767 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2007-10-26 00:47:21 216,769 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin - 2006-11-09 18:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2007-09-25 02:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-11-09 18:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-09-25 02:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-11-09 20:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-09-25 03:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cmaudio"="cmicnfg.cpl" [] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-11 18:33 C:\WINDOWS\system32\VTTrayp.exe] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:32] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 01:31] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-04 16:52] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-12 18:50] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-09-12 19:33] "Aim6"="" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys S3 s3chipid;s3chipid;\??\C:\DOCUME~1\Install\LOCALS~1\Temp\s3chipid.sys [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E05704FA-C2DA-F00E-B900-B714060870F0}] C:\Documents and Settings\Install\Application Data\mako.exe . Contents of the 'Scheduled Tasks' folder "2007-10-17 02:02:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job" "2007-08-08 01:54:04 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job" - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe "2007-08-08 13:04:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2007-08-08 13:01:42 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-25 20:49:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-25 20:52:19 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-08 12:24 C:\ComboFix2.txt ... 2007-10-25 19:38 C:\ComboFix3.txt ... 2007-10-22 21:21 . --- E O F --- |
|
|
|
|
10-24-2007, 06:55 PM
|
#32 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 34
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:23 PM, on 10/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Install.LALALALA\Desktop\Restore\seek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - WWW Prefix: http://www.serial99.com/? O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166403475701 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166490417045 O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6516 bytes |
|
|
|
|
10-24-2007, 07:17 PM
|
#33 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,148
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
Good job. We're making progress now.
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file) O13 - WWW Prefix: http://www.serial99.com/? Close HijackThis now. --------------------------------------------------------------------------------------------- Go here and do the BitDefender online virus scan.
--------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. Create an uninstall list: With HiJackThis still open
---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
10-24-2007, 08:28 PM
|
#34 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 34
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
C:\Program Files\Kingsoft\Powerword 2007\KAVPassport.dll
Infected with: Backdoor.Assasin.AA C:\Program Files\Kingsoft\Powerword 2007\KAVPassport.dll Disinfection failed C:\Program Files\Kingsoft\Powerword 2007\KAVPassport.dll Deleted C:\qoobox\Quarantine\C\WINDOWS\system32\drvtus.dll.vir Infected with: MemScan:Trojan.Virtumonde.IN C:\qoobox\Quarantine\C\WINDOWS\system32\drvtus.dll.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\system32\drvtus.dll.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpm.dll.vir Detected with: Adware.Virtumonde.GGZ C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpm.dll.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpm.dll.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\system32\sstqn.dll.vir Detected with: Adware.Virtumonde.GGZ C:\qoobox\Quarantine\C\WINDOWS\system32\sstqn.dll.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\system32\sstqn.dll.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\system32\tlgngubf.exe.vir Infected with: Trojan.Fotomoto.E C:\qoobox\Quarantine\C\WINDOWS\system32\tlgngubf.exe.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\system32\tlgngubf.exe.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\system32\winwly32.dll.vir Infected with: MemScan:Trojan.Dropper.RKD C:\qoobox\Quarantine\C\WINDOWS\system32\winwly32.dll.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\system32\winwly32.dll.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\trJ64.exe.vir Infected with: Backdoor.Vb.BCO C:\qoobox\Quarantine\C\WINDOWS\trJ64.exe.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\trJ64.exe.vir Deleted C:\qoobox\Quarantine\C\WINDOWS\winsys.exe.vir Infected with: Backdoor.Bifrose.ZUD C:\qoobox\Quarantine\C\WINDOWS\winsys.exe.vir Disinfection failed C:\qoobox\Quarantine\C\WINDOWS\winsys.exe.vir Deleted C:\qoobox\Quarantine\catchme2007-10-22_165245.21.zip=>ssqpm.dll Detected with: Adware.Virtumonde.GGZ C:\qoobox\Quarantine\catchme2007-10-22_165245.21.zip=>ssqpm.dll Disinfection failed C:\qoobox\Quarantine\catchme2007-10-22_165245.21.zip=>ssqpm.dll Deleted C:\qoobox\Quarantine\catchme2007-10-22_165245.21.zip Updated C:\qoobox\Quarantine\catchme2007-10-25_193351.01.zip=>sstqn.dll Detected with: Adware.Virtumonde.GGZ C:\qoobox\Quarantine\catchme2007-10-25_193351.01.zip=>sstqn.dll Disinfection failed C:\qoobox\Quarantine\catchme2007-10-25_193351.01.zip=>sstqn.dll Deleted C:\qoobox\Quarantine\catchme2007-10-25_193351.01.zip Updated C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140386.exe Infected with: MemScan:Trojan.Downloader.VB.VJB C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140386.exe Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140386.exe Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140387.exe Infected with: Generic.Dld.Alpha.D002DF65 C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140387.exe Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140387.exe Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140389.exe Infected with: Generic.Dld.Alpha.D002DF65 C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140389.exe Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140389.exe Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140390.exe Infected with: Generic.Drop.Alpha.048A41F9 C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140390.exe Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140390.exe Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140391.exe Infected with: Generic.Dld.Alpha.D002DF65 C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140391.exe Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP281\A0140391.exe Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140586.dll Infected with: MemScan:Trojan.Virtumonde.IN C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140586.dll Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140586.dll Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140588.dll Infected with: MemScan:Trojan.Dropper.RKD C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140588.dll Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140588.dll Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140592.exe Infected with: Backdoor.Vb.BCO C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140592.exe Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140592.exe Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140593.exe Infected with: Backdoor.Bifrose.ZUD C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140593.exe Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140593.exe Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140609.exe Infected with: MemScan:Trojan.Downloader.VB.VJB C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140609.exe Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140609.exe Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140610.dll Detected with: Adware.Virtumonde.GGZ C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140610.dll Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP282\A0140610.dll Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP288\A0141961.exe Infected with: Trojan.Fotomoto.E C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP288\A0141961.exe Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP288\A0141961.exe Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP288\A0141986.dll Detected with: Adware.Virtumonde.GGZ C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP288\A0141986.dll Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP288\A0141986.dll Deleted C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP290\A0142081.dll Infected with: Backdoor.Assasin.AA C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP290\A0142081.dll Disinfection failed C:\System Volume Information\_restore{11103723-EB13-4114-B465-917EAAEE9A95}\RP290\A0142081.dll Deleted |
|
|
|
|
10-24-2007, 08:29 PM
|
#35 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 34
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:09 PM, on 10/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Install.LALALALA\Desktop\Restore\seek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.clarkcolor.com/ClarkActivia.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166403475701 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166490417045 O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disten...fyLauncher.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6762 bytes |
|
|
|
|
10-24-2007, 08:31 PM
|
#36 (permalink) |
|
Registered User
Join Date: Oct 2007
Posts: 34
OS: xpsp2
|
Re: I have a weird icon on my toolbar that keeps flashing
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0 Adobe Shockwave Player AIM 6 AVG Anti-Spyware 7.5 Battleships Forever v0.77a Brother MFL-Pro Suite CA Anti-Virus Citrix Presentation Server Client Citrix Web Client CleanUp! C-Media 3D Audio Color LaserJet 1600 Compatibility Pack for the 2007 Office system DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DVD Decoder Pak for Windows XP HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB909394) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) iPod for Windows 2006-01-10 iTunes Java(TM) 6 Update 3 Kaspersky Online Scanner LimeWire 4.12.11 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Microsoft User-Mode Driver Framework Feature Pack 1.0 Mozilla Firefox (2.0.0.8) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK PerfectDisk Powerword 2007 Quake 3 Arena Demo QuickTime Real Alternative 1.51 SC Ver 2.62 Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917537) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939373) Security Update for Windows XP (KB941202) Silkroad Trash (remove only) Tremulous 1.1.0 Uniblue RegistryBooster 2 Uniblue SpeedUpMyPC 3 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) VeohTV BETA VIA Rhine-Family Fast Ethernet Adapter VIA/S3G Display Driver Viewpoint Media Player Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver |
|
|
|
|
10-24-2007, 08:39 PM
|
#37 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,148
OS: 2000 Pro; XP Pro; XP Home
|
Re: I have a weird icon on my toolbar that keeps flashing
Good work....we're all but done here.
P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. References for the risk of these programs are here, here and here. I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. --------------------------------------------------------------------------------------------- Go to  -> Run -> copy/paste in the following single line command & click OKcombofix /u  This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. ------------------------------------------------------------------------------------------------------------------------------- Your logs appear clean.You should be good to go. We still have a few items to address. Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:
Here are some additional utilities that will further enhance your safety.
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
-> Run -> paste in the following single line command & click OK
