how-to block ads
|
Spice300
Premium
join:2006-01-10
| HJT Log Task Bar Icons MissingI have been unable to fix the following problems:
1. Most of my quick launch icons on the task bar are missing. The only ones that remain are the clock, "Volume Control," "Wireless Network Connection," "Safely Remove Hardware" and something from AVG. For example, I manually restore the Toshiba Power Saver icon, but after rebooting it is missing again. To restore it I must go to "Control Panel\Power Options" select and apply a different power mode and then reselect and apply Toshiba Power Saver. The task bar icon then reappears.
2. After every reboot, touch pad tapping to activate the left mouse button is enabled. Disabling it manually works until the next reboot. All of the touch pad properties appear to be reseting to their default values upon reboot.
3. Even with automatic updates in AVG's "Update Manager Component" disabled ("Start automatic updates" is unchecked) "Last update:" shows AVG being updated daily when I boot my computer. Booting the computer is very slow after the desktop appears. AVG appears to be downloading updates for several minutes but the received bytes displayed by "netstat -e" at the Command Prompt does not show usage consistent with a real download. Maybe this is a characteristic of AVG or malware is manipulating AVG.
Computer: Toshiba Satellite M45-S2652
Operating System: Windows XP Home Edition, v5.1 (Build 2600.xpsp.sp2.gdr.080814-1233:Service Pack 2)
2009-05-14 ~02:35
I clicked on a link which should have loaded an HTML page but instead began loading a PDF file. I attempted to abort the download and, failing that, terminate Adobe Acrobat Reader 7.0 as it launched but was unsuccessful.
Since it was already installed I ran Spybot S&D v1.6.0.30. While the scan was in progress I noticed my modem was transferring something without my permission, so I disconnected the power to the modem to stop the transfer. While Spybot S&D continued to scan I searched my hard drive in Command Prompt for .exe and .dll files with recent dates and times. I found the following and moved them to a different directory:
C:\-12626~1
C:\0xf9.exe
C:\lsass.exe
C:\rxfybewc.exe
C:\uibvb.exe
C:\vfmf.exe
C:\WINDOWS\msavsc.dll
C:\WINDOWS\msctrl.dll
C:\WINDOWS\msfw.dll
C:\WINDOWS\msiemon.dll
C:\WINDOWS\mssadv.dll
C:\WINDOWS\msscan.dll
C:\WINDOWS\system32\jkshfuiehi.dll
Spybot S&D detects several malware and fixes some registry entries. Some of the detections are:
Win32.BHO.je MalwareC
PWS.LDPinchlE Trojans
Virtumonde TrojansC
Virtumonde.sdn TrojansC
Win32.Agent.pz
2009-05-14 I download, install and run Malwarebytes' Anti-Malware which detects and removes several items.
2009-05-14
I perform an online anti-virus scan from Trend Micro Housecall which does not find anything.
2009-05-14 ~5:00 pm
I download, install and run AVG 8.5.329A1515. It detects and puts the virus Win32/Heur in the vault.
2009-05-14 19:09 MST
I discover my bookmarks in Firefox have been deleted except for the directory structure. I restore the bookmarks from a backup file.
I uninstall Adobe Acrobat Reader 7.0 which was apparently modified by the malware.
2009-05-14 19:50 MST
After several hours of effort I download, install, uninstall, reinstall and run Ad-Aware AE Free. During a complete scan Ad-Aware AE detects an entry in a restore point for Win32/Heur but can not remove it. It also detects
"Win32/Rustock.G" in C:\WINDOWS\system32\drivers\bb21cf0d.sys .
2009-05-16 18:40
I download, install and run Microsoft Malicious Software Removal Tool. A Quick Scan in normal mode with the modem unplugged does not detect any problems. A full scan in Safe Mode with the modem unplugged detects 2 problems before Win XP locks up and reboots about 1 hour and 10 minutes into the scan. I reboot to Safe Mode with the modem off and perform a Quick Scan which does not detect anything. Another full scan in Safe Mode with the modem off detects the same 2 problems apparently after about 45 minutes and Windows locks up about 1 hour and 15 minutes into the scan. I reboot to Normal Mode with modem powered on for the first 2 hours, off for the remainder and conduct a full scan. While the modem is on it detects 2 threats, and AVG Resident Shield detects a group of trojans that I move to the virus vault. After completion, Malicious Software Removal Tool reports detection and partial removal of:
TrojanDownload:Win32/Zlob.gen
After running Windows Malicious Software Removal Tool and a reboot, the icon for "Local Area Connection" appears on my task bar but other ones are still missing including "Toshiba Power Saver." When I boot the computer with the modem powered on, the "Local Area Connection" icon does not appear on the task bar.
2009-05-17 09:20
AVG is scanning in selected directories in Windows Normal Mode with the modem off. No infection found.
I run an AVG scan in Safe Mode with the modem off in the following directories:
c:\Program Files
c:\windows
c:\Documents and Settings
AVG did not detect any problems.
2009-05-17 13:10
I uninstall AVG. The computer boots in the usual amount of time.
2009-05-17 14:04
Using Internet Explorer I download and install ESET Online Antivirus Scanner. ESET detects the following threat and deletes it:
Win32/Bagle.gen.zip.worm (unable to clean - deleted)
C:\Documents and Settings\All Users\Applicantion Date\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip
2009-05-17 ~19:00
I install AVG from the same download file with the modem off using the old virus definitions. After finished, I update the virus definitions and rescan in Windows Normal Mode with the modem off. Nothing is detected.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:27 PM, on 5/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O1 - Hosts: 216.126.204.65 my.wildblue.net #2008-03-15 Specify the ikano server for Wildblue's FAP meter to resolve DNS conflict
O1 - Hosts: 216.126.204.65 attwb.net #2009-05-08 specify the AT&T FAP server incase WB DNS returning the correct IP address
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SpybotSD\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SpybotSD\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe | |
|  
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Re: HJT Log Task Bar Icons MissingHi Spice300
I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.
quote:
I uninstall Adobe Acrobat Reader 7.0 which was apparently modified by the malware.
For now, I would leave it uninstalled. There have been multiple updates since that version that contain security fixes for vulnerabilities that are actively being exploited. After the system is clean, then I would download the latest version 9 and install it.
quote:
I found the following and moved them to a different directory:
C:\-12626~1
C:\0xf9.exe
C:\lsass.exe
C:\rxfybewc.exe
C:\uibvb.exe
C:\vfmf.exe
C:\WINDOWS\msavsc.dll
C:\WINDOWS\msctrl.dll
C:\WINDOWS\msfw.dll
C:\WINDOWS\msiemon.dll
C:\WINDOWS\mssadv.dll
C:\WINDOWS\msscan.dll
C:\WINDOWS\system32\jkshfuiehi.dll
Using Windows Explorer, delete all those files.
Clean your Cache and Cookies in IE:
-Close all instances of Outlook Express and Internet Explorer
-Go to Control Panel > Internet Options > General tab
-Click the "Delete Cookies" button
-Next to it, Click the "Delete Files" button
-When prompted, place a check in: "Delete all offline content", click OK
Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Private Data).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Clean other Temporary files + Recycle bin
-Go to start > run and type: cleanmgr and click ok.
-Let it scan your system for files to remove.
-Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
-Press OK to remove them.
Download HostsXpert from here:
Extract the file HostsXpert.exe to your Desktop and run it.
Press 'Restore Original Hosts' and press 'OK'
Exit Program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself.
Download the following file and save it to your Desktop:
- Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
- Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
- Finally paste the contents of the Report.txt back on the forum in your next reply.
Please Run Malwarebytes' Anti-Malware.
- Click the Update tab.
- Click Check for Updates.
- If an update is found, it will download and install.
- Click the Scanner tab.
- Select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Download Combofix from any of the links below.
You must rename it before saving it.
Save it to your desktop.
- Disconnect from the Internet (pull your connection cable)
- close all other running programs, including your antivirus program and your firewall if you are running one.
- Double click on Combo-Fix.exe & follow the prompts.
- When finished, it will produce a report for you.
- After the system had rebooted, reconnect to the Internet
- Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Please post a new HijackThis log, the log from SDFix (Report.txt), the log from MBAM, and the log from ComboFix (combofix.txt), and note any errors encountered.
--
Proud ASAP member since 2005 | |
| | Spice300
Premium
join:2006-01-10
| Re: HJT Log Task Bar Icons Missing I have successfully executed all instructions in the listed order.
There are three other log files from the scans I conducted on May 14, 2009, in Malwarebytes Anti-malware's Log folder. Two of them show the malware that it detected and quarantined.
After completing all of your other instructions, Hijack This displays an error message when creating the log file:
An unexpected error has occurred at procedure:
modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
Since my computer is off line I answer "no" to reporting the problem to Hijack This.
After rebooting, the slowness is gone when the desktop appears. The touch pad tapping is still enabled and the quick launch icons, except the ones previously listed, are still missing.
Since it has been occurring for more than a year, I am not sure if this is related to the problem with the touch pad. When I open "Control Panel" after a reboot the default view is "Details" rather than the last selected view of
"Icons." After changing the view to "Icons," it will remain selected until I reboot the computer.
 report.txt 4703 bytes
mbam-log-200···-31).txt 833 bytes
log.txt 7588 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:37 AM, on 5/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SpybotSD\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SpybotSD\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe | |
| | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Re: HJT Log Task Bar Icons Missing You can delete the file SDFix.exe that you downloaded and the folder C:\SDFix.
Do you know what these Scheduled Tasks are for, and if they are legitimate?
quote:
2008-11-21 c:\windows\Tasks\FAPZ.job
- c:\util\FAPZ.BAT [2008-03-09 18:26]
2009-05-19 c:\windows\Tasks\GETFAP.job
- c:\util\GETFAP.BAT [2008-11-21 23:19]
quote:
Since my computer is off line I answer "no" to reporting the problem to Hijack This.
Are you unable to connect to the Internet?
quote:
After rebooting, the slowness is gone when the desktop appears. The touch pad tapping is still enabled and the quick launch icons, except the ones previously listed, are still missing.
For any shortcut you want to show up in the Quick Launch bar, right-click the shortcut, drag and drop on the Quick Launch bar, and select copy. However, the items you previously listed do not show on the Quick Launch bar, they are part of the System Tray. Right-click on an unused part of the Task Bar, Select Properties, and clear the checkmark for Hide Inactive icons if one is there.
quote:
When I open "Control Panel" after a reboot the default view is "Details" rather than the last selected view of "Icons." After changing the view to "Icons," it will remain selected until I reboot the computer
While displaying the control panel as Icons, go to Tools > Folder Options, click the View tab, and scroll down and place a checkmark in "Remember each folder's view settings", and select OK.
Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Please do a scan with Kaspersky Online Scanner
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Click on the Accept button and install any components it needs.
- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- In the drop down box labeled Files of type change the type to Text file.
- Save the file to your desktop.
- Copy and paste that information in your next post.
Please post a new HijackThis log, the log from Kaspersky's online scanner, let me know if you know what the Scheduled Tasks I listed were for, and note any errors encountered.
How is the system running now?
--
Proud ASAP member since 2005 | |
| | | | Spice300
Premium
join:2006-01-10
| Re: HJT Log Task Bar Icons Missing quote:
Do you know what these Scheduled Tasks are for, and if they are legitimate?
Yes, FAPZ.BAT and GETFAP.BAT are my programs, they have not been altered, the files they execute have not been altered and they do what they are supposed to do.
quote:
Since my computer is off line I answer "no" to reporting the problem to Hijack This.
Are you unable to connect to the Internet?
I can connect to the Internet. You instructed me to conduct the ComboFix scan offline, so I remained offline when creating the Hijack This log.
quote:
However, the items you previously listed do not show on the Quick Launch bar, they are part of the System Tray. Right-click on an unused part of the Task Bar, Select Properties, and clear the checkmark for Hide Inactive icons if one is there.
That is my mistake with terminology. I have been incorrectly referring to the System Tray as Quick Launch. My problem with the icons is on the System Tray. I unhide the inactive icons but that does not make the missing ones appear.
quote:
While displaying the control panel as Icons, go to Tools > Folder Options, click the View tab, and scroll down and place a checkmark in "Remember each folder's view settings", and select OK.
"Remember each folder's view settings" was already selected. I unchecked it, clicked "Apply," reselected it and clicked "Apply." The problem is not fixed.
During the Kaspersky scan, AVG began a scheduled scan which aborted Kaspersky. After (hopefully) shutting off AVG's daily scheduled scans, I begin another Kaspersky scan.
During the second Kaspersky scan and while I was using the Edit command at the Command Prompt, NTVDM.EXE locked up and was closed by WIN XP. I do not remember seeing this program (process?) lock up before.
During the second Kaspersky scan and while waiting for Windows to switch from one Firefox window to another, sometimes a Firefox window would disappear (the window would apparently close and the task would be removed from the task bar), later reappear (the page would be displayed in a new window and the task would appear on the task bar) and then disappear. After the Kaspersky scan was completed, I had three tasks showing on the task bar, Command Prompt and two instances of Firefox. After closing the last of the Firefox windows, the one running Kaspersky, an older Firefox window appeared. When I closed that one, another one appeared. These windows could be navigated. When I closed the second old window, Firefox finally shutdown. This problem only occurred while running Kaspersky.
Kaspersky reports, "No malware has been detected." Since the scan report is empty, I did not save it and can not post it.
quote:
How is the system running now?
It ran slow during the Kaspersky scan and even slower when AVG does something.
Windows Firewall is staying enabled. I am not detecting any suspicious Internet traffic in the Windows Firewall Log, in stastics from "netstat -e -s" nor the Tx (transmit) light on my modem.
My system is running normally except for the following:
1. I have to disable touch pad tapping after every boot.
2. I have to enable Toshiba Power Saver after every boot.
3. I have to work around my missing System Tray icons
4. NTVDM.EXE locked up.
5. Some instances of Firefox disappeared and then reappeared later.
2009-05-21 10:55 PM
After uninstalling AVG with the modem off and rebooting, my computer boots quickly.
2009-05-22 18:00
After using the computer for a day with AVG uninstalled, the slowness during booting is definitely gone. When I reinstall AVG, update the definitions and reboot, the slowness is still gone. Hopefully this problem is fixed.
2009-05-22 18:15
After updating the detection rules in Spybot S&D, I run a quick scan in normal mode which detects nothing.
2009-05-22 18:58
I scan with AVG in selected directories in Windows Normal Mode. No threats are detected.
Here is the HJT log created just after Kaspersky Online Scanner completes the scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:46 PM, on 5/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SpybotSD\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SpybotSD\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Here is the HJT log that I created just before making this post:
HJTLOG4.TXT 4969 bytes
| |
| | | | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Re: HJT Log Task Bar Icons Missing Your logs are clean. 
I don't think the other problems are malware related.
Here are some links related to the Touchpad:
»209.167.114.38/support/techsuppo···1454.htm
»209.167.114.38/support/techsuppo···1279.htm
»209.167.114.38/support/techsuppo···0831.htm
»209.167.114.38/support/techsuppo···0770.htm
»209.167.114.38/support/techsuppo···0762.htm
»209.167.114.38/support/techsuppo···0757.htm
This article is on troubleshooting Toshiba Power Saver /Power Management:
»209.167.114.38/support/techsuppo···1051.htm
There's also a link on the left of those pages for Drivers and Downloads.
There is also a Toshiba laptop forum at:
»laptopforums.toshiba.com/tshb/
Possibly a good fit right here for the System Tray icons missing would be the Microsoft Help forum:
»Microsoft Help
Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Create a Restore Point
•Go to Start > Programs > Accessories > System Tools > System Restore
•Select Create a Restore Point and then Next.
•In the box for "Restore point description", enter a descriptive name and press Create
•When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
•Go to Start > Run and type the below line:
cleanmgr
•Click OK
•If you have more than one drive, select the drive Windows is installed on
•Click OK
•When Disk Cleanup opens, select the More Options tab
•In the System Restore section (bottom of window), click Cleanup
•In the confirmation window that opens, click Yes[
Now click on the Disk Cleanup tab and select the following items:
•Downloaded Program Files
•Temporary Internet Files
•Recycle Bin
•Temporary Files
Click OK
in the confirmation window, select Yes (Disk Cleanup will close).
You need to go to Windows Update and install all the critical updates or your system will remain vulnerable to exploits that there have long been fixes for that you don't have installed. That includes XP Service Pack 3, and updates that wer issued since then.
There are several free utilities you can use to help keep malware off your system:
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002/hosts.htm.
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com/products.html.
I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »www.spywareinfoforum.com/index.p···ic=60955
Does your malware problem appear resolved?
--
Proud ASAP member since 2005 | |
| | | | | | Spice300
Premium
join:2006-01-10
| Re: HJT Log Task Bar Icons Missing I think all of the malware has been removed. The problems with the touch pad resetting to the default values and the missing icons on the System Tray, are probably caused by something the malware altered in Windows.
Thank-you for your assistance. | |
| | | | | | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA | Re: HJT Log Task Bar Icons Missing I'm glad I could help. | |
| Spice300
Premium
join:2006-01-10
| To follow-up, my problems after rebooting with touch pad properties being reset to default values and the Toshiba Power Saver icon missing on the System Tray were fixed by uninstalling the respective drivers and reinstalling them. Some of my System Tray icons are still missing, but their absence is not as annoying. | |
| |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Re: HJT Log Task Bar Icons Missing I'm glad that worked for you.
It's possible the problem of the other icons that are not showing up in the System Tray could be fixed by uninstalling and reinstalling their programs as well.
--
Proud ASAP member since 2005 | |
| | | |
|
