Windows XP Toolbar Icons Deactivated and Disappear - no malware found

[katana]

Please delete the copy of ComboFix that you have, and download the updated version from HERE

Please run the new ComboFix.exe using the same instructions as before
(ie disable all security programs)

Post the log, and make sure you can access CPanel.

 

[Big_John]

Half right!

Please delete the copy of ComboFix that you have, and download the updated version from HERE

Please run the new ComboFix.exe using the same instructions as before
(ie disable all security programs)

Post the log, and make sure you can access CPanel.

I've run combofix and can access CPanel.

However, although I can connect to the Internet through the Vodafone USB Modem on the VCMLite dialup connection, the Vodafone Mobile Connect Lite program doesn't appear in the Systray or in the Task Manager. The software is on the USB Modem (E. It shows me my upload/download speeds and volume of data used etc.

I won't do a system restore until you tell me to. :laugh:

ComboFix 08-06-30.2 - John Slee 2008-07-01 15:16:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.142 [GMT 1:00]
Running from: C:\Documents and Settings\John Slee.EPIPHANY\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John Slee.EPIPHANY\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2010-10-10 10:09 . 2010-10-10 10:09 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2010-10-10 10:09 . 2008-01-29 11:49 <DIR> d-------- C:\Program Files\AvRack
2010-10-10 10:08 . 2008-01-29 11:49 <DIR> d-------- C:\Program Files\Realtek AC97
2008-06-30 14:19 . 2008-06-30 14:19 <DIR> d-------- C:\Program Files\Vodafone
2008-06-28 23:57 . 2008-06-30 14:19 <DIR> d-------- C:\Program Files\Vodafone(2)
2008-06-27 11:06 . 2008-06-27 11:06 <DIR> d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\Vodafone
2008-06-26 08:58 . 2008-06-30 14:22 <DIR> d-------- C:\RECYCLER(2)
2008-06-26 08:38 . 2008-06-30 14:17 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Vodafone
2008-06-24 14:37 . 2008-06-24 14:37 <DIR> d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\GlarySoft
2008-06-22 11:12 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-06-22 11:12 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-06-20 10:49 . 2008-06-20 10:49 <DIR> d-------- C:\Deckard
2008-06-19 16:16 . 2008-06-19 16:16 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-19 16:16 . 2008-06-19 16:16 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-19 16:16 . 2008-06-19 16:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-19 16:16 . 2008-06-19 16:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-19 16:06 . 2008-06-19 16:17 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-19 12:44 . 2004-08-04 13:00 300,969 -----c--- C:\WINDOWS\system32\dllcache\viz.wmv
2008-06-19 12:43 . 2004-08-04 13:00 1,398 -----c--- C:\WINDOWS\system32\dllcache\taon.gif
2008-06-19 12:43 . 2004-08-04 13:00 1,380 -----c--- C:\WINDOWS\system32\dllcache\taonh.gif
2008-06-19 12:43 . 2004-08-04 13:00 1,380 -----c--- C:\WINDOWS\system32\dllcache\taoff.gif
2008-06-19 12:43 . 2004-08-04 13:00 1,367 -----c--- C:\WINDOWS\system32\dllcache\taoffh.gif
2008-06-19 12:41 . 2004-08-04 13:00 572,557 -----c--- C:\WINDOWS\system32\dllcache\rtuner.wmv
2008-06-19 12:41 . 2008-04-14 01:12 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2008-06-19 12:41 . 2008-04-14 01:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-06-19 12:41 . 2004-08-03 22:29 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2008-06-19 12:41 . 2008-04-13 18:28 66,725 -----c--- C:\WINDOWS\system32\dllcache\revert.wmz
2008-06-19 12:41 . 2008-04-14 01:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-06-19 12:41 . 2008-04-13 19:56 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-06-19 12:41 . 2008-04-13 19:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-06-19 12:39 . 2008-04-14 01:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-19 12:39 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-06-19 12:39 . 2004-08-04 13:00 375,519 -----c--- C:\WINDOWS\system32\dllcache\nuskin.wmv
2008-06-19 12:39 . 2004-08-03 22:41 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2008-06-19 12:39 . 2008-04-14 01:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-06-19 12:38 . 2008-04-14 01:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-06-19 12:38 . 2004-07-17 11:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-06-19 12:38 . 2004-08-04 13:00 22,060 -----c--- C:\WINDOWS\system32\dllcache\npds.zip
2008-06-19 12:38 . 2004-08-04 13:00 403 -----c--- C:\WINDOWS\system32\dllcache\npdrmv2.zip
2008-06-19 12:36 . 2008-04-14 01:10 294,912 -----c--- C:\WINDOWS\system32\dllcache\msaud32.acm
2008-06-19 12:35 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-06-19 12:35 . 2008-04-14 01:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-06-19 12:35 . 2008-04-14 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-06-19 12:35 . 2004-08-04 13:00 97,117 -----c--- C:\WINDOWS\system32\dllcache\mplayer2.hlp
2008-06-19 12:35 . 2008-04-14 01:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-06-19 12:35 . 2004-08-04 13:00 18,286 -----c--- C:\WINDOWS\system32\dllcache\mplayer2.inf
2008-06-19 12:35 . 2004-08-04 13:00 2,778 -----c--- C:\WINDOWS\system32\dllcache\mplogoh.gif
2008-06-19 12:35 . 2004-08-04 13:00 2,545 -----c--- C:\WINDOWS\system32\dllcache\mplogo.gif
2008-06-19 12:35 . 2004-08-04 13:00 1,885 -----c--- C:\WINDOWS\system32\dllcache\mplayer2.cnt
2008-06-19 12:34 . 2004-08-04 13:00 457,607 -----c--- C:\WINDOWS\system32\dllcache\mdlib.wmv
2008-06-19 12:34 . 2008-04-14 01:11 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2008-06-19 12:34 . 2004-08-03 22:41 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-06-19 12:33 . 2008-04-14 01:09 290,816 -----c--- C:\WINDOWS\system32\dllcache\l3codeca.acm
2008-06-19 12:33 . 2008-04-14 01:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-06-19 12:32 . 2008-04-14 01:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-06-19 12:32 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-06-19 12:32 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-06-19 12:32 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-06-19 12:32 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-06-19 12:30 . 2007-06-21 06:52 974 --------- C:\WINDOWS\system32\pid.inf
2008-06-19 12:29 . 2008-04-13 19:45 46,592 --------- C:\WINDOWS\system32\drivers\irbus.sys
2008-06-19 12:29 . 2008-04-13 19:43 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2008-06-19 12:27 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-19 12:27 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-06-19 12:27 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-06-19 12:27 . 2008-04-13 19:36 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2008-06-19 12:27 . 2008-04-14 01:11 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2008-06-19 12:27 . 2008-04-13 19:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2008-06-19 12:27 . 2008-04-13 19:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys
2008-06-19 12:25 . 2008-04-14 01:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-06-19 12:24 . 2008-04-14 01:11 233,472 --------- C:\WINDOWS\system32\azroles.dll
2008-06-19 12:24 . 2008-04-13 19:46 36,480 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2008-06-19 12:24 . 2008-04-14 01:11 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2008-06-19 12:24 . 2008-04-14 01:11 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2008-06-19 12:24 . 2008-04-14 01:11 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2008-06-19 12:24 . 2008-04-14 01:11 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2008-06-19 12:24 . 2008-04-14 01:11 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2008-06-19 12:24 . 2008-04-14 01:11 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2008-06-19 12:24 . 2008-04-14 01:11 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-06-19 12:24 . 2004-08-04 13:00 999 -----c--- C:\WINDOWS\system32\dllcache\bktrh.gif
2008-06-19 12:22 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-06-19 12:22 . 2008-04-14 01:11 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-06-19 12:22 . 2008-04-14 01:11 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-06-19 12:22 . 2008-04-14 01:11 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-06-19 12:22 . 2008-04-14 01:11 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-06-19 12:22 . 2008-04-14 01:11 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-06-19 12:22 . 2008-04-14 01:11 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-06-19 12:22 . 2008-04-14 01:11 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-06-19 01:43 . 2008-06-19 01:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-19 01:43 . 2008-06-19 01:43 <DIR> d-------- C:\Documents and Settings\John Slee.EPIPHANY\Application Data\SUPERAntiSpyware.com
2008-06-19 01:43 . 2008-06-19 01:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-06-18 23:49 . 2008-06-18 23:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-18 12:40 . 2008-06-18 14:02 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-18 12:26 . 2008-06-19 01:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 11:16 . 2008-06-30 14:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-18 11:16 . 2008-06-30 14:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-06-18 09:54 . 2008-06-18 09:54 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-06-17 18:52 . 2005-02-03 18:58 425,984 --a------ C:\WINDOWS\system32\GeoCodec.dll
2008-06-17 18:52 . 2005-02-03 18:58 425,984 -ra------ C:\WINDOWS\GeoCodec.dll
2008-06-17 18:52 . 2001-05-04 12:05 413,760 --a------ C:\WINDOWS\mpg4c32.dll
2008-06-17 18:52 . 2005-03-08 17:02 92,105 --a------ C:\WINDOWS\Stable_7000.xml
2008-06-17 18:52 . 2003-12-02 10:03 12,045 --a------ C:\WINDOWS\buzzer.wav
2008-06-16 16:42 . 2008-06-16 16:42 <DIR> d-------- C:\Program Files\MozBackup
2008-06-13 13:46 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 13:46 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-13 02:51 . 2008-06-13 21:10 765 --a------ C:\camerades.inf
2008-06-13 01:21 . 2008-04-13 19:46 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-06-13 01:21 . 2008-04-13 19:46 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-06-13 01:21 . 2008-04-13 19:46 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2008-06-13 01:21 . 2008-04-14 01:12 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-06-13 01:21 . 2008-04-13 19:46 15,232 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2008-06-13 01:21 . 2008-04-13 19:46 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-06-13 01:21 . 2008-04-13 19:46 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008-06-13 01:21 . 2008-04-13 19:39 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 14:27 --------- d-----w C:\Documents and Settings\John Slee.EPIPHANY\Application Data\OpenOffice.org2
2008-07-01 14:25 1,893 ----a-w C:\WINDOWS\bcmwltrytmp.reg
2008-07-01 13:49 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Google Updater
2008-07-01 10:29 --------- d-----w C:\Program Files\Google
2008-07-01 07:29 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-30 14:12 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-06-26 07:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-20 12:03 --------- d-----w C:\Program Files\Java
2008-06-18 22:30 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-18 11:40 --------- d-----w C:\Program Files\Lavasoft
2008-06-18 09:39 --------- d-----w C:\Program Files\Email Marketing Pro 2008
2008-06-17 20:13 --------- d-----w C:\Program Files\QuickTime
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 00:29 --------- d-----w C:\Program Files\WebCam
2008-05-26 06:37 --------- d-----w C:\Program Files\palmOne
2008-05-25 21:16 --------- d-----w C:\Documents and Settings\John Slee.EPIPHANY\Application Data\AVGTOOLBAR
2008-05-25 21:07 9,388 ----a-w C:\WINDOWS\system32\drivers\iaStor.PNF
2008-05-25 21:07 7,280 ----a-w C:\WINDOWS\system32\drivers\viamraid.PNF
2008-05-25 21:07 63,240 ----a-w C:\WINDOWS\system32\drivers\Si3112r.PNF
2008-05-25 21:07 6,984 ----a-w C:\WINDOWS\system32\drivers\SiSRaid.PNF
2008-05-25 21:07 12,432 ----a-w C:\WINDOWS\system32\drivers\adpu320.PNF
2008-05-25 21:07 12,204 ----a-w C:\WINDOWS\system32\drivers\nvraid.PNF
2008-05-25 21:07 10,828 ----a-w C:\WINDOWS\system32\drivers\iaAHCI.PNF
2008-05-22 11:14 --------- d-----w C:\Documents and Settings\John Slee.EPIPHANY\Application Data\GeoSetter
2008-05-22 08:24 --------- d-----w C:\Program Files\GeoSetter
2008-05-18 09:35 --------- d-----w C:\Program Files\orange3
2008-05-17 19:46 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-17 19:46 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-17 19:46 --------- d-----w C:\Program Files\AVG
2008-05-17 19:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-17 10:36 --------- d-----w C:\Program Files\Water Explorer
2008-05-15 23:01 --------- d-----w C:\Program Files\Gallery Remote
2008-05-15 22:22 --------- d-----w C:\Documents and Settings\John Slee.EPIPHANY\Application Data\PFrank
2008-05-15 22:09 --------- d-----w C:\Program Files\PFrank
2008-05-15 10:03 --------- d--h--w C:\Program Files\Zero G Registry
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 15:56 --------- d-----w C:\Documents and Settings\John Slee.EPIPHANY\Application Data\BITS
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2007-04-21 14:32 80 ----a-w C:\Program Files\serial.txt
2007-01-10 15:37 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 10:08 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"ISUSPM"="C:\Documents and Settings\All Users.WINDOWS\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 16:41 222128]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"VMCL"="C:\Program Files\vodafone\vmclite\DongleEnumerator.exe" [2007-08-17 14:35 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-20 06:20 29744]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-11 10:35 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-17 20:46 1177368]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-11-01 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 17:22 577536 C:\WINDOWS\soundman.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-11-10 05:44 557056 C:\WINDOWS\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]

C:\Documents and Settings\John Slee.EPIPHANY\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM 393216]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/26/2006 8:56:55 AM 113664]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/26/2006 12:24:59 AM 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM 282624]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [1/1/2007 12:22:03 PM 98304]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 9:15:54 AM 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mpg4"= C:\WINDOWS\mpg4c32.dll
"vidc.mpg2"= C:\WINDOWS\mpg4c32.dll
"vidc.mpg3"= C:\WINDOWS\mpg4c32.dll
"vidc.GEOX"= C:\WINDOWS\system32\GeoCodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDPeer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-17 20:46]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-17 20:46]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-17 20:46]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-17 20:46]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 18:22]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-20 06:20]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-14 01:12]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-14 01:12]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-14 01:12]
S3 phil2vid;Philips USB VGA Camera;C:\WINDOWS\system32\DRIVERS\philcam2.sys [2001-08-17 14:04]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-14 01:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e60155-ee01-11dc-8457-000d888eddaa}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28e60156-ee01-11dc-8457-000d888eddaa}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31a2c79a-f811-11dc-847f-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31a2c79b-f811-11dc-847f-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36fa1034-ee72-11dc-8458-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{524a47c0-46a9-11dd-854a-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c32ba74-f006-11dc-845d-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7cf184a-f064-11dc-8461-000d888eddaa}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7cf184b-f064-11dc-8461-000d888eddaa}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d51d1d4c-f872-11dc-8481-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d51d1d4d-f872-11dc-8481-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb227-f6b6-11dc-847c-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb228-f6b6-11dc-847c-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb229-f6b6-11dc-847c-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb22d-f6b6-11dc-847c-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60bb22e-f6b6-11dc-847c-0014a59a0895}]
\Shell\AutoRun\command - E:\StartVMCLite.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 18:28:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector
HKLM-Run-Broadcom Wireless Manager UI - C:\WINDOWS\system32\WLTRAY
HKLM-Run-BluetoothAuthenticationAgent - bthprops.cpl,,BluetoothAuthenticationAgent


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 15:26:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\wscntfy.exe
E:\PhoneConnectorVMC.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-01 15:36:11 - machine was rebooted [John Slee]
ComboFix-quarantined-files.txt 2008-07-01 14:36:01
ComboFix2.txt 2008-06-25 14:18:09

Pre-Run: 8,872,251,392 bytes free
Post-Run: 8,876,593,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

371 --- E O F --- 2008-06-20 14:13:37

 

[katana]

Please be patient, I am just consulting with the author of ComboFix on the best course of action now.
(he's forgotten more than I will ever know :laugh

 

[katana]

It may be best to reinstall the drivers/software for the modem rather than doing a system restore.
The items that ComboFix removed are generally related to malware so if the modem is using those service names then we need to know about it.

As for your original problem .....
this tool has been suggested for a try
http://www.kellys-korner-xp.com/taskbarplus!.htm

let me know how you get on.

 

[Big_John]

VCMLite

It may be best to reinstall the drivers/software for the modem rather than doing a system restore.
The items that ComboFix removed are generally related to malware so if the modem is using those service names then we need to know about it.

You just beat me to it this morning! Good morning!

When Windows starts up for the first time it is a common occurrence that not all the SysTray icons are shown. Particularly I notice the Volume and Power options are sometimes missing. This morning was a case in point, so I tried logging off and logging back in, and they reappeared. (A restart can have the same effect.

However, more relevant to the VCMLite problem was the fact that C:\Program Files\Vodafone\VMCLiteDongleEnumerator.exe appeared in a command prompt window, and "Vodafone Mobile Connect Lite" appeared in the SysTray, and PhoneConnectorVMC.exe was shown running in the Task Manager.

So what ComboFix may have done is to prevent the VMCLiteDongleEnumerator being run on initial Startup.

Does that indicate anything fixable?

As for your original problem .....
this tool has been suggested for a try
http://www.kellys-korner-xp.com/taskbarplus!.htm

I had tried this before, but not rigourously, so I have re-downloaded it, and will try it now.

 

[katana]

So what ComboFix may have done is to prevent the VMCLiteDongleEnumerator being run on initial Startup.

Does that indicate anything fixable?

It most certainly did, and yes it is fixable by doing the following

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it fix.bat Please save it on your desktop.

@echo off
cd /d %systemdrive%\QooBox\Quarantine\Registry_backups
regedit /s HKLM-Run-BluetoothAuthenticationAgent.reg.dat
regedit /s HKLM-Run-Broadcom Wireless Manager UI.reg.dat
del /q %0
exit

Double click on fix.bat

I think it is fairly safe to say there is no malware that would be causing your problem.
It looks like it is either an OS problem or software conflict.
Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit one of the tech forums for assistance.

http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html

All the forums above have good support for software/OS problems, and I'm sure they will be able to help.

When you start your thread, explain what the problem is and let them know that you have been checked for malware.
Give them the following link, so they can see the logs if needed

http://forums.spybot.info/showpost.php?p=203809&postcount=1

Let me know when you have done the above batch file, and then we can do a bit of a clean up and remove the tools we have used.

 

[Big_John]

Half a repair

Let me know when you have done the above batch file, and then we can do a bit of a clean up and remove the tools we have used.

Nearly there, but there's still one outstanding problem with VMCLite. Al goes well if the modem is plugged in on startup.

However, PhoneConnectorVMC.exe is not activated when the Vodafone USB modem is plugged in during a Windows session. It was, before Combofix. Hope it's as easy as last time.


On the original problem, Kellys Taskbar Repair Tool, choosing the Taskbar/"Toolbars greyed out or missing" option restores the toolbar icons, and restores their left click function by restarting the Windows Shell. So thank you very much for that.

However (again!), Right-clicking any of the toolbar icons still de-activates the icons, so I'll try one of the other forums to try to get that one sorted.

 

[katana]

Did you get my PM ?

 

[katana]

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • 

You can also delete any logs we have produced, and empty your Recycle bin.




The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

• 
  AntiSpyware is not the same thing as Antivirus.
  Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
  You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
  Most of the programs in this list have a free (for Home Users ) and paid versions,
  it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
• Spybot - Search & Destroy <<< A must have program
  • It includes host protection and registry protection
  • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
• MalwareBytes Anti-malware <<< A New and effective program
• a-squared Free <<< A good "realtime" or "on demand" scanner
• superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

• 
  These programs don't detect malware, they help stop it getting on your machine in the first place.
  Each does a different job, so you can have more than one
• Winpatrol
  • An excellent startup manager and then some !!
  • Notifies you if programs are added to startup
  • Allows delayed startup
  • A must have addition
• SpywareBlaster 4.0
  • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
• SpywareGuard 2.2
  • SpywareGuard provides real-time protection against spyware.
  • Not required if you have other "realtime" antispyware or Winpatrol
• ZonedOut
  • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
• MVPS HOSTS
  • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
  • For information on how to download and install, please read this tutorial by WinHelp2002.
  • Not required if you are using other host file protections

Internet Browsers

• 
  Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
  Using a different web browser can help stop malware getting on your machine.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       • Change the Download signed ActiveX controls to Prompt
       • Change the Download unsigned ActiveX controls to Disable
       • Change the Initialise and script ActiveX controls not marked as safe to Disable
       • Change the Installation of desktop items to Prompt
       • Change the Launching programs and files in an IFRAME to Prompt
       • Change the Navigate sub-frames across different domains to Prompt
       • When all these settings have been made, click on the OK button.
       • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

• 
  Temporary Internet Files are mainly the files that are downloaded when you open a web page.
  Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
  It is a good idea to empty the Temporary Internet Files folder on a regular basis.
  
  Tracking Cookies are files that websites use to monitor which sites you visit and how often.
  A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
  CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
  
  Both of these can be cleaned manually, but a quicker option is to use a program
• ATF Cleaner
  • Free and very simple to use
• CCleaner
  • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

 

[Big_John]

Internet Connection Sharing Disabled

Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up

Have removed ComboFix as suggested.
I have one outstanding problem, though, which has a risen as a result of the changes it made, I presume.

When I disconnect from the Net using VMCLIte, and then re-connect, the Internet Connect Sharing is disabled, and I have to run the Network Wizard on teh Host Computer to reset it all. Any ideas why? Please provide an easy solution as it is tedious having to do this.

Thks

John

 

[katana]

Hi Big_Hohn

I have spoken to the author of ComboFix and whilst he can't be positive that CF didn't do this (he has never used this software) he has doubts that it did.

When Windows starts up for the first time it is a common occurrence that not all the SysTray icons are shown. Particularly I notice the Volume and Power options are sometimes missing. This morning was a case in point, so I tried logging off and logging back in, and they reappeared. (A restart can have the same effect.

This post you made shows that there are problems with some of your programs starting, possibly due to program conflicts or OS instability.
The fact that you still have the toolbar problem, shows that something is still not right.

I recommend that you ask about this (Internet Connect Sharing is disabled) in the tech thread when you resolve the toolbar issue.

Sorry I couldn't be more help, but this is a software/os compatibility/stability issue and that is outside my area. :sad:

 

[katana]

A quick question for you

What is E:\ ?
Is it a CD/DVD drive, or your USB dongle ?

 

[Big_John]

USB Dongle

E:\ is the Vodafone USB Dongle

WBW

John

 

[Big_John]

Hi Big_Hohn
This post you made shows that there are problems with some of your programs starting, possibly due to program conflicts or OS instability.

Actually this is known Windows XP problem - I know several people with the same symptoms.

I have still had no help from bleepingcomputer - I know they are busy, but I wish someone would reply. The only reply I had was "post on the 'I haven't had a reply for more than 5 days' forum", which hasn't evoked any more help :-(

 

[katana]

That's because your thead in the Windows XP Home and Professional room has been closed due to you having an open HJT thread.

You need to post to the HJT thread asking for it to be closed, and then start a new thread in the Windows room.

 

[katana]

Hi Big John

Please do the following and see if the sharing problem is solved

Backup the Registry

• Download ERUNT to your desktop
• Double-click on the file to install the program
• Untick the NTREGOPT desktop shortcut option
• Click No when you get the option to run Erunt at Windows startup.
• During the installation, tick Launch Erunt
• Accept the defaults for running a backup
• Erunt will then backup your registry

Create A Registry File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it Regfix.reg Please save it on your desktop.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoDriveAutoRun"=dword:03ffffef

Make sure there are NO blank lines before REGEDIT4 and ONE blank line at the end/bottom
Double click on Regfix.reg and click Yes at the prompt

 

[tashi]

Still with us Big_John?

 

[Big_John]

Still with us Big_John?

Yes! Sorry, didn't get notification of Katana's last message (or it went into Junk). Will try following instructions asap.
Thanks

 

[tashi]

Hi Big_John,

Please send katana a PM (private message) if you need to continue.

For now this topic has been closed.