MISSING ICONS and No Auto Updates

Viruses and worms
1

Hi,have lost my tray icons,and have to update manually,other antispyware and my firewall seem to be stalling,hanging
HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:30 p.m., on 19/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM..\Run: [OpwareSE2] “C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe”
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM..\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM..\Run: [HPHUPD06] “c:\Program Files\HP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe”
O4 - HKLM..\Run: [MSPY2002] “C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe” /SYNC
O4 - HKLM..\Run: [PHIME2002ASync] “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE” /SYNC
O4 - HKLM..\Run: [PHIME2002A] “C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE” /IMEName
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [ISUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -startup
O4 - HKLM..\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -h
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘Default user’)
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra ‘Tools’ menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip..{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 60.234.1.1 60.234.2.2
O17 - HKLM\System\CS1\Services\Tcpip..{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 60.234.1.1 60.234.2.2
O17 - HKLM\System\CS2\Services\Tcpip..{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 202.49.233.1 202.49.233.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


End of file - 8057 bytes

2

avast! icon missing - As a temporary measure until this is resolved you can create a desktop shortcut for this file C:\Program Files\Alwil Software\Avast4\ashDisp.exe (the avast icon and interface to the providers). Right click on the file and select Send To, Desktop (create shortcut). You will need to run this after each boot until the problem is resolved.

What other security based software do you have that might block new startup entries, e.g. Spybot S&D (TeaTimer), AdAware (AdWatch), SpySweeper, Spyware Doctor (StartUpGuard or OnGuard), PrevX, WinPatrol, ProcessGuard, etc. ?

Check the option in the Appearance tab of Program Settings. Or Make a link to ashdisp.exe in your startup folder.

I don’t see anything obvious in the log.

These IPs all relate to Auckland and Orcon Internet Limited, is that your ISP or connected ?

O17 - HKLM\System\CCS\Services\Tcpip..{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 60.234.1.1 60.234.2.2
O17 - HKLM\System\CS1\Services\Tcpip..{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 60.234.1.1 60.234.2.2
O17 - HKLM\System\CS2\Services\Tcpip..{1FD76BEB-89CC-4CEB-965D-24200785D4CF}: NameServer = 202.49.233.1 202.49.233.2

3

thanks for replying.I will try the desktop shortcut,have none of those programs,although used to have Spysweeper and i see there are still references to it in my startup programs.But it would have been there for ages,these problems are new.The option is ticked in the program settings.And the IP numbers are OK,my ISP is in the process of changing them.

4

Well depending on when you had SpySweeper it could have an effect, however, if you had uninstalled it before you installed avast then it shouldn’t have removed the avast icon.
How and when did you remove it ?
Check the Task Manager and see if any of it is still running, check what is left on the HDD ()program folder, etc. check the add remove programs and ensure you did uninstall it.

Continue with the other steps as the desktop shortcut is a workaround (which you would have to click after every boot) so that it starts on boot.

Something I failed to notice before is the location of HiJackThis, it should be in a folder of its own and not effectively dumbed on the desktop. C:\Program Files\HJT or C:\HJT would be better, what is strange the installation file should do that (create a folder of its own) when you install HJT.

Does Comodo firewall allow avast.setup internet access ?

  • If it does delete the entry for it and do a manual update, this will force the firewall to ask permission again.
5

Hi again,uninstalled Spysweeper more than a year ago,but there are still references to it in startup/services lists,but not in task manager and Program files
Comodo should not be running as I uninstalled it after a acceleration of problems on my computer .Is there a shortcut to get my Avast auto updates back?
I did an Avast cleaner scan and will try to attach log
Correction,this scan log is in the Avast log files although I did not run it
Thanks

6

Sorry,forgot to say all my files are downloaded to desktop,and once HJT was there,I had no idea how to get it into its own folder,in Program files,there are big gaps in my practical computing skills!