Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

taskbar, start menu & volumne control unresponsive in XP


  • Please log in to reply
9 replies to this topic

#1 gspto52

gspto52

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 18 April 2010 - 11:53 PM

Original forum post

Hi! I was directed to re-post this in this forum. Hope someone can offer some insight on this for my son & me......

He had no issues until yesterday when he turned on his computer. Everything seemed to boot up just fine but within 30 seconds of desktop loading, he noticed that his speaker volumne icon was not present on lower right of taskbar. Then he noticed when he opened any program or file, it, too, was not showing on taskbar. Start menu would open but can't click on anything to open - all were totally unresponsive.

Not sure if it is hardware, software or viral related. Knowing he does a lot of peer-to-peer sites, I booted up in "safe mode with networking" today and downloaded free Malwarebytes as I have had success with this program in the past on my daughter's computer. Running full scan uncovered 10 infected files and/or registry keys (can supply a copy of log if requested). All entries were quarantined & removed

Did recommended restart & still had same issues.. Ran a quick scan this time that showed no infections. Then son decided to run a full scan again and told me that shortly after starting full scan, volumne control appeared, task bar showed open program (malwarebytes) and start menu was clickable/openable. At the end of this full scan, it only found one infected file - C: volumne control. I clicked ok to remove, which it did. Then I was prompted to restart computer. Viola! Same thing all over again!!!

Have run full scan for a THIRD time today, it found the same one issue with volumne. I have clicked to remove, but have ignored restarted the system! Everything appears to be working just fine at the moment ----- as long as we don't do a restart & keep the computer running!

The pc is not that old less than a year o very little over - it's an iBuyPower custom build. He primarily uses Mozilla Firefox as his browser. He is running Avast, which has been updated. Can give more info (hopefully) if needed.....

I was told by one of the moderators to run CHKDSK.

After a long evening of trying to figure all this out - this is what I know (which ain't much!)

1. ran another scan with Malwarebytes and it found nothing, but problem persisted.

2. downloaded SUPERAntispyware, ran it & it found the following:
Trojan Agent/Gen-FakeAlert(Client Notify)
found it in the following: Files - C:\\Windows\System 32\Autocnfg.DLL
Programs - C:\\Windows\system32\Autocnf.DLL

I had it removed & quarantined. Did a restart, same results - no speaker icon on taskbar, within 30 secs of Windows loading - taskbar totally unresponsive. However, after about 20 minuites, everything unlocked itself, speaker icon reappeared, had sound could access Start Menu and open programs appeared in taskbar.

3. Went to My Computer/C:/properties/tools and ran chkdsk after checking both boxes. Only window to pop up was the one saying disk check utility needed exclusive access, need to restart. After restarting, chkdsk did scan. After 1-1/2 hours, it completed all 5 stages and found nothing. When Windows booted up after scan, same problem.

4. Tried to get into Start Menu/run/msconfg but taskbar froze up before I could complete. Waited 45 minutes & it still did not correct itself, so restarted pc. On resart, still no access to taskbar, speaker icon, etc. but it unlocked itself after about 10 minutes so I could check startup under MSCONFG. Most everything there was as it should be, but found 3 entries son was not familiar with:

Rwiz
urofoqiw.dll
monxga32

did an internet search and only found info on the last one and not much on that. Seems it started appearing around the 10th of this month and general feeling is that it is spyware. I unchecked all 3 items from startup, hit apply and did requested re-start. Still the same problem........(this is getting old). Waited about 10 minutes, it unlocked itself - I accessed startup under MSCONFG - Rwiz was not running but other two had duplicated themselves and were running again.

That's where I am right now. Told son no more tonight.....

Anyone have any other suggestions or input? Like I said, not sure if we are looking at infection or system failure.

Your help will be GREATLY appreciated!

Thanx/

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:54 PM

Posted 19 April 2010 - 04:00 PM

Hello,i think we should run SFC

Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista users..The command needs to be run from an elevated Command Prompt.
Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the XP CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 gspto52

gspto52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 20 April 2010 - 12:02 AM

I will have my son run that tomorrow while I am at work. It's after midnight now & I just don't have the energy!

Will let you know what happens next...

Thanx.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:54 PM

Posted 20 April 2010 - 10:01 AM

Not a problem ,I am on the east Coast USA so it's late also.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 gspto52

gspto52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 21 April 2010 - 11:46 PM

Ok - I finally got son to run sfc.exe/scannow. It did ask for the disk, which he supplied. It ran & finished (I assume). He went to MS Updates right after like the instructions said, but it only offered him the Windows 8 update.

He has told me that now he gets no sound at all. When computer boots up, you still have to wait for tackbar functionality for 20-30 minutes. He can't save any documents.

He ran Malwarebytes yesterday & said that it found 3 trojans but right now I do not know what they were.

He is wondering if it would just be best to reformat & start all over....

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:54 PM

Posted 22 April 2010 - 10:24 AM

Your decision as to what action to take should be made by reading and asking yourself the questions presented in "When Should I Format, How Should I Reinstall?" In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech
Windows XP: Clean Install

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.

==============================

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

Download Belarc Advisor - builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser.
Run it and then print out the results, they may be handy.

Since we don't know exactly which infections we're dealing with here, we should take some precautions before we attempt to move files from the infected machine. Run the following on your clean computer, and make sure you insert your flash drives at the prompt.
Download and Run FlashDisinfector

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Reinstall Windows Vista

Note: Windows 7 Professional instructions recommend you DO NOT use a third-party software to format the drive.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 gspto52

gspto52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 22 April 2010 - 10:12 PM

Thank you so much for your help on this.

Just in case our only option was to to completely wipe the system, my son ordered an external hard drive yesterday. At this point, I am of the opinion that it may be best to wait until it arrives & start over from square one. That has been his course of action before but I thought maybe this time we would be able to solve with some outside help. It appears it may be bigger than all of us! Possibly we could have come up with a solution, but my time to help him and see that proper steps are followed are limited and I don't wish to string this board along waiting for us.

I must say that you and the other moderator that started helping initially offered very good, helpful advice and gave us good programs to work with in the future.

Once the new external comes in, I will make sure that all the steps you outlined are followed so that he may, once again, have a working computer! If I could only convince my kids to stay away from the peer-to-peer sites and wherever else they go to get these malicious visitors, life would be good. But, alas, it does no good.

In your honest opinion, what do you feel is the best anti-virus/spyware program available? We have all, for the most part, used Avast with no ill effects until now because it obviously didn't catch this on his computer. I realize nothing is 100%. I used to think that only Nortons or McAfee would do, but I ran Avast for quite a long time will no ill-effect before switching to TrendMicro. Up to this point on my son's computer, Avast has done well except for the time he decided to ignore it's warnings (hence, the first re-format!). My daughter recently learned the value of keeping any antivirus/spyware up to date when her computer got infected & I discovered that it hadn't been updated since it was installed in 12/08!!!

Again thank you for your support. Hopefully I will not need the services of this board again but if I should, I will not hesitate to be back or to recommend it to my friends.

Thanx..

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:54 PM

Posted 22 April 2010 - 11:26 PM

Hello, Maybe you can get lucky and they will read this.
Cracking and keygen tools are often obtained via peer-to-peer (P2P) or file sharing programs which too are a security risk. The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications. Read P2P Software User Advisories, Risks of File-Sharing Technology and P2P file sharing: Anticipate the risks....


Avast to me is better then TMicro. I personally run Avira's Antivir (free) and Malwarebytes Anti-Malware and SUPERAntiSpyware , Free Home Version.on demand. I update/scan at least weekly. I also run SpywareBlaster. You can find it in our Freeware list L@@K.


You're welcome from all of us here at BC. We are glad to have helped.
Please take a few minutes to read our quietman7's excellent Tips to protect yourself against malware and reduce the potential for re-infection:,in post 17. :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 gspto52

gspto52
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 24 April 2010 - 10:21 PM

Thanks again for your advice. Will make sure the rest of the family reads all this!

Quick question about spyware programs. You mentioned several programs you run - you run these all at the same time? Isnt there any conflict between programs? I always understood that there would or at least could be conflicts?

I will agree that there are some very good free programs out there and I have no problems with running them. Am running TM because actually it came with my new computer. I haven't had any issues - unlike Norton & McAfee which both just aggravated the fire out of me when I had either of them!

#10 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 24 April 2010 - 11:13 PM

Good question. The antivirus programs that were mentioned are meant to only be installed one at a time since they have a real-time scanning system that is constantly monitoring your system for viruses and is usually called something like "autoprotect" or "real-time scanner".

However, the free versions of Malwarebytes, SUPERAntispyware, and Spyware Blaster don't come with real-time scanning. The scans with these programs must be started manually which is why it is called an on-demand scanner. Because they are not monitoring real-time, they can safely be installed at the same time and then you can start the scans manually maybe once a week like boopme advised. But it is usually not recommended to run the scans at the same time.

I hope that helps and have a good morning/evening depending on where you are located. I'm on Eastern time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users