Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Icon on User Control Screen


  • Please log in to reply
11 replies to this topic

#1 orion6192

orion6192

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 15 December 2008 - 05:45 PM

Hello all -

I had a virus about a week ago (Virtumonde) and managed to remove it after some work. I then later tried to install Windows XP SP3 and it failed on install due to "access denied" error... probably AVG or Spysweeper. Anyway, I went into mu user account just to do some looking and checking and noticed that my icons in the Learn About section are just "X's" as well as the icon next to the User Accounts title (see screen shot).

Posted Image

Any thoughts or help would be greatly appreciated... little frustrated.

orion6192

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 15 December 2008 - 05:59 PM

Try running this scan, which should reset any restrictions caused by malware:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 orion6192

orion6192
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 15 December 2008 - 07:04 PM

Will that fix the "x" icons or the "access denied"? I'm looking for the "x" fix but don't want to kill my registry.

Thoughts?

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 15 December 2008 - 07:10 PM

Well... I'm hoping it might fix both, but you won't know until you try, it might not fix anything. SDFix has been around for a long time and I've never heard of it killing anyone's registry.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 orion6192

orion6192
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 15 December 2008 - 07:28 PM

Just use the default settings? Nothing special other than install, reboot in safe mode and run it?

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 15 December 2008 - 07:33 PM

Yeah - nothing special. Just follow the instructions in the link.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 orion6192

orion6192
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 15 December 2008 - 07:57 PM

Well, I ran SD Fix and there are still "x's" there... no icons. Here is the log:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 19:51:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe:*:Enabled:Spy Sweeper"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\ptc\\proeWildfire2\\i486_nt\\nms\\nmsd.exe"="C:\\ptc\\proeWildfire2\\i486_nt\\nms\\nmsd.exe:*:Disabled:nmsd"
"C:\\ptc\\proeWildfire2\\i486_nt\\obj\\xtop.exe"="C:\\ptc\\proeWildfire2\\i486_nt\\obj\\xtop.exe:*:Disabled:xtop"
"C:\\ptc\\proeWildfire2\\i486_nt\\obj\\pro_comm_msg.exe"="C:\\ptc\\proeWildfire2\\i486_nt\\obj\\pro_comm_msg.exe:*:Disabled:pro_comm_msg"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\FileZilla\\filezilla.exe"="C:\\Program Files\\FileZilla\\filezilla.exe:*:Enabled:FileZilla"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\msapps\\explorer.exe"="C:\\WINDOWS\\msapps\\explorer.exe:*:Enabled:Explorer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\\Program Files\\Kazaa Lite\\clean.kmd"="C:\\Program Files\\Kazaa Lite\\clean.kmd:*:Disabled:clean"
"C:\\Program Files\\Kazaa Lite K++\\clean.kmd"="C:\\Program Files\\Kazaa Lite K++\\clean.kmd:*:Disabled:clean"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\msapps\\explorer.exe"="C:\\WINDOWS\\msapps\\explorer.exe:*:Enabled:Explorer"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

Remaining Files :



Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Sat 7 Aug 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\RECYCLER\S-1-5-21-2052111302-329068152-725345543-1004\Dc1\SDHelper.dll"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\RECYCLER\S-1-5-21-2052111302-329068152-725345543-1004\Dc2\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\RECYCLER\S-1-5-21-2052111302-329068152-725345543-1004\Dc2\SDHelper.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\RECYCLER\S-1-5-21-2052111302-329068152-725345543-1004\Dc2\Tools.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\RECYCLER\S-1-5-21-2052111302-329068152-725345543-1004\Dc3\TeaTimer.exe"
Wed 27 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Scott\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Any other thoughts?

#8 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:46 PM

Posted 15 December 2008 - 07:59 PM

As with any fix of this sort - ALWAYS backup your registry before messing with it. You can never tell when something will go wrong and you'll need the backup.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 15 December 2008 - 08:09 PM

You could try running the System File Checker (SFC).

How to Use SFC.EXE to Repair System Files
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 orion6192

orion6192
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 15 December 2008 - 08:12 PM

After scanning with SDFix -

"C:\\ptc\\proeWildfire2\\i486_nt\\nms\\nmsd.exe"="C:\\ptc\\proeWildfire2\\i486_nt\\nms\\nmsd.exe:*:Disabled:nmsd"
"C:\\ptc\\proeWildfire2\\i486_nt\\obj\\xtop.exe"="C:\\ptc\\proeWildfire2\\i486_nt\\obj\\xtop.exe:*:Disabled:xtop"
"C:\\ptc\\proeWildfire2\\i486_nt\\obj\\pro_comm_msg.exe"="C:\\ptc\\proeWildfire2\\i486_nt\\obj\\pro_comm_msg.exe:*:Disabled:pro_comm_msg"

what does the disabled mean? why would it disable a valid program? or is it not saying it disabled it. if it did disable it, can you re-enable it?

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 PM

Posted 15 December 2008 - 08:17 PM

SDFix did not disable it - it's just telling you that it's disabled.

I'm not 100% sure about re-enabling it, or if it even needs to be re-enabled. It could be related to your other problems, but I'm not familiar with the application.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 orion6192

orion6192
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 22 December 2008 - 10:51 PM

we can close this thread. thanks for the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users