Taskbar - Blank Program Opens And Closes Within A Second

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Taskbar - Blank Program Opens And Closes Within A Second - Intermittently/ Computer 1, Am I infected and how do I remove?

Options

Billy O'Neal View Member Profile	Jul 7 2008, 05:20 AM Post #2
Run from the Sandvitch! Group: HJT Team Coach Posts: 7,969 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215	Hello (again) Severus08. to BleepingComputer.com My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine) We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up. If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine. Thanks and again sorry for the delay. If you still would like help, please follow the following instructions: Please run Deckard's System Scanner again, this time using these instructions: (In the event you lost your copy, you can download a new one from here: Deckard's System Scanner) Click on Start, click on Run Copy and paste the following in the open window and then click OK: CODE "%userprofile%\desktop\dss.exe" /config This will open up DSS configuration Click on Check All. Click Scan. DSS will now run again. Please post back both logs that open in notepad. Main.txt and Extra.txt Next Please do an online scan with Kaspersky WebScanner. Please visit the Kaspersky Online Scanner website. Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. In your next reply, please make sure the following reports are present: The Kaspersky scan report DSS's Main.txt DSS's Extra.txt -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM. Have I helped you? If so, please consider a donation (by clicking this link). All donations go towards a license of Camtasia Studio, with which I will write video tutorials for BleepingComputer.

Severus08 View Member Profile	Jul 9 2008, 08:29 PM Post #4
New Member Group: Members Posts: 10 Joined: 15-June 08 Member No.: 216,476	Hello Billy, I reran the Kaspersky Online scanner today and it came up clean. Attached below is the file. FYI, we are still having the problem of "something" opening and closing quickly at the bottom of the screen (in the taskbar). Thanks for your help. KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, July 9, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, July 09, 2008 16:14:14 Records in database: 932487 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ Scan statistics Files scanned 82839 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 01:27:15 No malware has been detected. The scan area is clean. The selected area was scanned.

Billy O'Neal View Member Profile	Jul 10 2008, 06:40 AM Post #5
Run from the Sandvitch! Group: HJT Team Coach Posts: 7,969 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215	Hello again, Severus08. I don't think you've got malware here either, but there is some housekeeping to do We need to disable SpyBot Search and Destroy's "Tea Timer" Launch SpyBot Search and Destroy, go to the Mode menu and make sure "Advanced Mode" is selected. On the left hand side, click on Tools, then click on the Resident Icon in the list. Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. Click on the "System Startup" icon in the List Uncheck the "TeaTimer" box and "OK" any prompts. If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted. Exit/Close Spybot S&D when done. We have to remove some entries in HiJack This Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below: O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://download.tenebril.com/pub/bin/scann...wareScanner.ocx Close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis. We need to move some files Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE iAimTV2 <delete service> Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop. Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications". Click the "Download" button to the right. Select your Platform: "Windows". Select your Language: "Multi-Language". Read the License Agreement, and then check the box that says: "Accept License Agreement". Click Continue and the page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. In your case that will be: Java 2 Runtime Environment, SE v1.4.2 Java™ 6 Update 5 Click the Remove or Change/Remove button. Follow the onscreen instructions for the Java uninstaller. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u7-windows-i586-p.exe Follow the on screen instructions to install the latest Java version. Your Microsoft Windows installation is out of date. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC Go here to check for & install updates to Microsoft applications. Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install. Please reboot and repeat the update process until there are no more updates to install. When you are finished, please post a new HijackThis log here in a reply. Also, please let me know of any problems you may have encountered. In your next reply, please make sure the following reports are present: OTMoveIT2's log A new DSS Main.txt (In the event you lost your copy, you can download a new one from here: Deckard's System Scanner) Good luck, Billy3 [/quote] -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM. Have I helped you? If so, please consider a donation (by clicking this link). All donations go towards a license of Camtasia Studio, with which I will write video tutorials for BleepingComputer.

Billy O'Neal View Member Profile	Jul 11 2008, 06:23 AM Post #7
Run from the Sandvitch! Group: HJT Team Coach Posts: 7,969 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215	Hello, Severus08. You now appear to be clean. Congratulations! We need to clean up our tools. Please download OTMoveIt2 by OldTimer and save it to your desktop. Click the Clean Up button. Accept any prompts. This will remove any tools we used, including OTMoveIt, and will require a reboot. Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint. The infections you had were "None" Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented. Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. You can view a video of the following instructions. Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. Note: You should only do this once! Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC Go here to check for & install updates to Microsoft applications. Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install. Keep your non-Microsoft applications updated as well Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month. Make Internet Explorer more secure Click Start -> Run Type "Inetcpl.cpl" (without quotes) & click OK. Click on the Security tab. Click "Reset all zones to default level" Make sure the Internet Zone is selected & click "Custom level" In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Click OK, then Apply, then OK to exit the Internet Properties page. You appear to have no outbound firewall. While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers. I therefore strongly recommend that you install Comodo Firewall, which is free. See Bleeping computerââ‚¬â„¢s excellent tutorial to help using and understanding a firewall here Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection level. It may also seriously impair the performance of your PC. Install SpywareBlaster & make sure to update it regularly SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer. If you don't know what ActiveX controls are, see here You can download SpywareBlaster from here. Install and use Spybot Search & Destroy Instructions are located here Make sure you update, reimmunize & scan regularly. Make use of the HOSTS file included with Spybot Search & Destroy Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites. Spybot Search & Destroy has a good HOSTS file built in. To enable it, Run Spybot Search & Destroy Click the Mode button on the toolbar, and then place a tick next to Advanced mode. Click Yes. In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File. Click on "Add Spybot-S&D hosts list" Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue Click Start -> Run. Type "services.msc" (without quotes) & click OK. In the list, find the service called "DNS Client" & double click on it. On the dropdown box, change the setting from "Automatic" to "Manual". Click OK. Exit/close the Services window For a more detailed explanation of the HOSTS file, click here. Install a-squared Free & update and scan with it regularly a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers *Finally I am trying to make one point very* clear. It is absolutely essential to keep all of your security programs up to date!** Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM. Have I helped you? If so, please consider a donation (by clicking this link). All donations go towards a license of Camtasia Studio, with which I will write video tutorials for BleepingComputer.

Billy O'Neal View Member Profile	Jul 15 2008, 06:24 PM Post #8
Run from the Sandvitch! Group: HJT Team Coach Posts: 7,969 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215	Hello, Severus08. Since this issue appears resolved, this topic has been closed. If you need this topic reopened, please send me or another moderator a PM. Everyone else please begin a new topic. Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM. Have I helped you? If so, please consider a donation (by clicking this link). All donations go towards a license of Camtasia Studio, with which I will write video tutorials for BleepingComputer.

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th July 2009 - 03:20 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive