how-to block ads
|
Spice300
Premium
join:2006-01-10
| reply to TheJoker
Re: HJT Log Task Bar Icons Missing
quote:
Do you know what these Scheduled Tasks are for, and if they are legitimate?
Yes, FAPZ.BAT and GETFAP.BAT are my programs, they have not been altered, the files they execute have not been altered and they do what they are supposed to do.
quote:
Since my computer is off line I answer "no" to reporting the problem to Hijack This.
Are you unable to connect to the Internet?
I can connect to the Internet. You instructed me to conduct the ComboFix scan offline, so I remained offline when creating the Hijack This log.
quote:
However, the items you previously listed do not show on the Quick Launch bar, they are part of the System Tray. Right-click on an unused part of the Task Bar, Select Properties, and clear the checkmark for Hide Inactive icons if one is there.
That is my mistake with terminology. I have been incorrectly referring to the System Tray as Quick Launch. My problem with the icons is on the System Tray. I unhide the inactive icons but that does not make the missing ones appear.
quote:
While displaying the control panel as Icons, go to Tools > Folder Options, click the View tab, and scroll down and place a checkmark in "Remember each folder's view settings", and select OK.
"Remember each folder's view settings" was already selected. I unchecked it, clicked "Apply," reselected it and clicked "Apply." The problem is not fixed.
During the Kaspersky scan, AVG began a scheduled scan which aborted Kaspersky. After (hopefully) shutting off AVG's daily scheduled scans, I begin another Kaspersky scan.
During the second Kaspersky scan and while I was using the Edit command at the Command Prompt, NTVDM.EXE locked up and was closed by WIN XP. I do not remember seeing this program (process?) lock up before.
During the second Kaspersky scan and while waiting for Windows to switch from one Firefox window to another, sometimes a Firefox window would disappear (the window would apparently close and the task would be removed from the task bar), later reappear (the page would be displayed in a new window and the task would appear on the task bar) and then disappear. After the Kaspersky scan was completed, I had three tasks showing on the task bar, Command Prompt and two instances of Firefox. After closing the last of the Firefox windows, the one running Kaspersky, an older Firefox window appeared. When I closed that one, another one appeared. These windows could be navigated. When I closed the second old window, Firefox finally shutdown. This problem only occurred while running Kaspersky.
Kaspersky reports, "No malware has been detected." Since the scan report is empty, I did not save it and can not post it.
quote:
How is the system running now?
It ran slow during the Kaspersky scan and even slower when AVG does something.
Windows Firewall is staying enabled. I am not detecting any suspicious Internet traffic in the Windows Firewall Log, in stastics from "netstat -e -s" nor the Tx (transmit) light on my modem.
My system is running normally except for the following:
1. I have to disable touch pad tapping after every boot.
2. I have to enable Toshiba Power Saver after every boot.
3. I have to work around my missing System Tray icons
4. NTVDM.EXE locked up.
5. Some instances of Firefox disappeared and then reappeared later.
2009-05-21 10:55 PM
After uninstalling AVG with the modem off and rebooting, my computer boots quickly.
2009-05-22 18:00
After using the computer for a day with AVG uninstalled, the slowness during booting is definitely gone. When I reinstall AVG, update the definitions and reboot, the slowness is still gone. Hopefully this problem is fixed.
2009-05-22 18:15
After updating the detection rules in Spybot S&D, I run a quick scan in normal mode which detects nothing.
2009-05-22 18:58
I scan with AVG in selected directories in Windows Normal Mode. No threats are detected.
Here is the HJT log created just after Kaspersky Online Scanner completes the scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:46 PM, on 5/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SpybotSD\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\SpybotSD\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
Here is the HJT log that I created just before making this post:
 HJTLOG4.TXT 4969 bytes
| |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| Your logs are clean. 
I don't think the other problems are malware related.
Here are some links related to the Touchpad:
»209.167.114.38/support/techsuppo···1454.htm
»209.167.114.38/support/techsuppo···1279.htm
»209.167.114.38/support/techsuppo···0831.htm
»209.167.114.38/support/techsuppo···0770.htm
»209.167.114.38/support/techsuppo···0762.htm
»209.167.114.38/support/techsuppo···0757.htm
This article is on troubleshooting Toshiba Power Saver /Power Management:
»209.167.114.38/support/techsuppo···1051.htm
There's also a link on the left of those pages for Drivers and Downloads.
There is also a Toshiba laptop forum at:
»laptopforums.toshiba.com/tshb/
Possibly a good fit right here for the System Tray icons missing would be the Microsoft Help forum:
»Microsoft Help
Go to start > run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Create a Restore Point
•Go to Start > Programs > Accessories > System Tools > System Restore
•Select Create a Restore Point and then Next.
•In the box for "Restore point description", enter a descriptive name and press Create
•When the "Restore Point Created" window appears, click Close
Run Disk Cleanup
•Go to Start > Run and type the below line:
cleanmgr
•Click OK
•If you have more than one drive, select the drive Windows is installed on
•Click OK
•When Disk Cleanup opens, select the More Options tab
•In the System Restore section (bottom of window), click Cleanup
•In the confirmation window that opens, click Yes[
Now click on the Disk Cleanup tab and select the following items:
•Downloaded Program Files
•Temporary Internet Files
•Recycle Bin
•Temporary Files
Click OK
in the confirmation window, select Yes (Disk Cleanup will close).
You need to go to Windows Update and install all the critical updates or your system will remain vulnerable to exploits that there have long been fixes for that you don't have installed. That includes XP Service Pack 3, and updates that wer issued since then.
There are several free utilities you can use to help keep malware off your system:
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002/hosts.htm.
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com/products.html.
I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »www.spywareinfoforum.com/index.p···ic=60955
Does your malware problem appear resolved?
--
Proud ASAP member since 2005 | |
Spice300
Premium
join:2006-01-10
| I think all of the malware has been removed. The problems with the touch pad resetting to the default values and the missing icons on the System Tray, are probably caused by something the malware altered in Windows.
Thank-you for your assistance. | |
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA | I'm glad I could help. | |
-
|
