Solved Please interpret my HijackThis log.

[Resolved]Please interpret my HijackThis log.

Please take a look at this log coz' my pc takes a long time to run an application especially upon start up and at times it halts when I'm in a middle of work. I suspect a malware/spyware is lurking.

Thank you.

StartupList report, 8/7/2008, 7:49:51 PM
StartupList version: 1.52.2
Started from : D:\installers\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
D:\installers\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\-xXx-\Start Menu\Programs\Startup]
WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
Gainward = C:\Program Files\VDOTool\TBPanel.exe /A
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SkyTel = SkyTel.EXE
RTHDCPL = RTHDCPL.EXE
Alcmtr = ALCMTR.EXE
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
COMODO Firewall Pro = "C:\Program Files\COMODO\Firewall\cfp.exe" -h
SpywareTerminator = "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe "

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[AdobeUpdater]
=

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= C:\WINDOWS\system32\guard32.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\Crawler\ctbr.dll - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll - {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
(no name) - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Download Program Files:

[{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}]
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 6,045 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:49:37 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
D:\installers\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe "
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5350 bytes

 

Hi chrys03
I'm not seeing anything suspicious in the log.

Lets run a on-line scan to see if anything shows.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Hi Geri,

Kaspersky WebScanner found nothing. Is it safe to assume that my pc is clean? My pc still halts once in a while. The hang is weird coz' I can click the icons in the desktop but i can't do anything in the task bar.

I'm using windows XP SP2, Comodo Firewall, Avast and SpywareTerminator.

 

Hi chrys03

Can you explain a little, can't do anything like what?
Nothing will open from the task bar? Can't add anything to the task bar?

Just so we're talking about the same thing, the bar that your clock is on correct?

Geri

 

That's right. I can't click anything from there. From the start botton to the clock.

 

Hi
OK please do this.

Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
Note: You must be logged onto an account with administrator privileges to complete the following.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy and then paste the contents of main.txt and extra.txt in your next reply.

Please post the "main.txt" log only for now.

Thanks
Geri

 

Geri,

Here's the log.

Deckard's System Scanner v20071014.68
Run by -xXx- on 2008-08-09 12:03:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as -xXx-.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:05 PM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSI\i-Speeder\i-Speeder.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\-xXx-\Desktop\dss.exe
D:\INSTAL~1\HIJACK~1\-xXx-.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe "
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Startup: i-Speeder.lnk = C:\Program Files\MSI\i-Speeder\i-Speeder.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5474 bytes

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 11:51:22 0 dr-h----- C:\Documents and Settings\-xXx-\Recent
2008-08-09 09:17:18 0 d-------- C:\Program Files\Setup Files
2008-08-07 22:11:10 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Malwarebytes
2008-08-07 22:11:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 22:11:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 18:59:42 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-06 21:02:20 0 d-------- C:\Program Files\Panda Security
2008-08-05 22:21:53 0 d-------- C:\Program Files\MSI


-- Find3M Report ---------------------------------------------------------------

2008-08-09 11:52:52 0 d-------- C:\Program Files\Crawler
2008-08-09 11:05:27 0 d-------- C:\Program Files\Spyware Terminator
2008-08-09 11:00:25 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Spyware Terminator
2008-08-09 09:45:52 0 d-------- C:\Program Files\Realtek
2008-08-07 21:08:33 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Skype
2008-08-07 20:05:31 0 d-------- C:\Documents and Settings\-xXx-\Application Data\skypePM
2008-08-07 18:27:34 0 d-------- C:\Program Files\Foxit Software
2008-07-25 13:46:59 0 d-------- C:\Program Files\Yahoo! Games
2008-07-15 11:19:35 6512 --a------ C:\Documents and Settings\-xXx-\Application Data\PrimoPDFSet.xml
2008-07-08 16:46:51 224 --a------ C:\Documents and Settings\-xXx-\Application Data\APUSet.xml
2008-07-08 16:38:38 0 d-------- C:\Program Files\activePDF
2008-07-05 22:44:10 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Adobe
2008-07-03 21:00:43 0 d-------- C:\Documents and Settings\-xXx-\Application Data\WordWeb
2008-07-02 22:59:16 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Mozilla
2008-06-22 14:44:35 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Google
2008-06-05 07:40:30 29323 -----n--- C:\WINDOWS\hpoins03.dat
2008-05-27 14:07:51 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-24 18:16:11 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-24 18:02:59 62 --ahs---- C:\Documents and Settings\-xXx-\Application Data\desktop.ini
2008-05-24 12:46:13 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-24 12:45:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-24 11:59:02 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-24 10:13:24 0 -rahs---- C:\MSDOS.SYS
2008-05-24 10:13:24 0 -rahs---- C:\IO.SYS
2008-05-24 10:13:24 0 --a------ C:\CONFIG.SYS
2008-05-24 10:13:24 0 --a------ C:\AUTOEXEC.BAT
2008-05-24 10:09:48 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog305 "= "C:\WINDOWS\VM305_STI.exe" [04/09/2007 04:46 PM]
"Gainward "= "C:\Program Files\VDOTool\TBPanel.exe" [03/23/2007 04:44 PM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [02/08/2007 10:19 AM]
"nwiz "= "nwiz.exe" [02/08/2007 10:19 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [02/08/2007 10:19 AM]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 10:38 PM]
"COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [06/03/2008 08:20 PM]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [05/24/2008 01:03 PM]
"RTHDCPL "= "RTHDCPL.EXE" [04/10/2008 04:52 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr "= "ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]

C:\Documents and Settings\-xXx-\Start Menu\Programs\Startup\
i-Speeder.lnk - C:\Program Files\MSI\i-Speeder\i-Speeder.exe [8/9/2008 9:49:09 AM]
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [5/24/2008 12:47:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)
"DisableTaskMgr "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions "=0 (0x0)
"NoFind "=0 (0x0)
"NoRun "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4efbde6-2a50-11dd-9e1a-0019dbb49c0e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe




-- End of Deckard's System Scanner: finished at 2008-08-09 12:04:34 ------------

 

Hi chrys03
OK you have a Flash drive infection, please do this.

Open "Notepad†Copy the contents of the code box below to the blank Notepad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the "File name" type in: fix.reg
In the "Save As Type" select: All Files
Once saved, Go to your desktop double click "fix.reg file" and let it merge with the registry.

Code:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4efbde6-2a50-11dd-9e1a-0019dbb49c0e}] 

Please download Flash_Disinfector.exe by sUBs and save it to your desktop:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Hold down the Shift key and insert your flash drive. (USB thumb drives)
It is important to hold the shift key while plugging in flash drive so the virus does not run and re-infect system.

• Double-click Flash_Disinfector.exe to run it.
  Follow any prompts that may appear.
  Your desktop will vanish for a while, and then reappear. This is normal.
  Wait until the program has finished scanning, then please exit the program.

Repeat this step if you have more than one flash drives.


Empty this folder:

C:\WINDOWS\temp

Now please go here, scroll down to # 164 On the left side and dowload and run it. "Restore Taskbar to Default Functionality "
http://www.kellys-korner-xp.com/xp_tweaks.htm

Please post a new dss log and let me know if that fixed your taskbar.

Thanks
Geri

 

double post

 

Hi Geri,

Thank you for the help. Here's the log.

Deckard's System Scanner v20071014.68
Run by -xXx- on 2008-08-09 13:16:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as -xXx-.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:45 PM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSI\i-Speeder\i-Speeder.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\explorer.exe
D:\installers\Utilities\dss.exe
D:\INSTAL~1\HIJACK~1\-xXx-.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe "
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5482 bytes

-- Files created between 2008-07-09 and 2008-08-09 -----------------------------

2008-08-09 13:09:31 0 drahs---- C:\autorun.inf
2008-08-09 11:51:22 0 dr-h----- C:\Documents and Settings\-xXx-\Recent
2008-08-09 09:17:18 0 d-------- C:\Program Files\Setup Files
2008-08-07 22:11:10 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Malwarebytes
2008-08-07 22:11:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 22:11:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 18:59:42 0 d--h----- C:\WINDOWS\$hf_mig$
2008-08-06 21:02:20 0 d-------- C:\Program Files\Panda Security
2008-08-05 22:21:53 0 d-------- C:\Program Files\MSI


-- Find3M Report ---------------------------------------------------------------

2008-08-09 13:16:26 0 d-------- C:\Program Files\Crawler
2008-08-09 11:05:27 0 d-------- C:\Program Files\Spyware Terminator
2008-08-09 11:00:25 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Spyware Terminator
2008-08-09 09:45:52 0 d-------- C:\Program Files\Realtek
2008-08-07 21:08:33 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Skype
2008-08-07 20:05:31 0 d-------- C:\Documents and Settings\-xXx-\Application Data\skypePM
2008-08-07 18:27:34 0 d-------- C:\Program Files\Foxit Software
2008-07-25 13:46:59 0 d-------- C:\Program Files\Yahoo! Games
2008-07-15 11:19:35 6512 --a------ C:\Documents and Settings\-xXx-\Application Data\PrimoPDFSet.xml
2008-07-08 16:46:51 224 --a------ C:\Documents and Settings\-xXx-\Application Data\APUSet.xml
2008-07-08 16:38:38 0 d-------- C:\Program Files\activePDF
2008-07-05 22:44:10 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Adobe
2008-07-03 21:00:43 0 d-------- C:\Documents and Settings\-xXx-\Application Data\WordWeb
2008-07-02 22:59:16 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Mozilla
2008-06-22 14:44:35 0 d-------- C:\Documents and Settings\-xXx-\Application Data\Google
2008-06-05 07:40:30 29323 -----n--- C:\WINDOWS\hpoins03.dat
2008-05-27 14:07:51 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-24 18:16:11 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-24 18:02:59 62 --ahs---- C:\Documents and Settings\-xXx-\Application Data\desktop.ini
2008-05-24 12:46:13 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-24 12:45:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-24 11:59:02 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-24 10:13:24 0 -rahs---- C:\MSDOS.SYS
2008-05-24 10:13:24 0 -rahs---- C:\IO.SYS
2008-05-24 10:13:24 0 --a------ C:\CONFIG.SYS
2008-05-24 10:13:24 0 --a------ C:\AUTOEXEC.BAT
2008-05-24 10:09:48 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDog305 "= "C:\WINDOWS\VM305_STI.exe" [04/09/2007 04:46 PM]
"Gainward "= "C:\Program Files\VDOTool\TBPanel.exe" [03/23/2007 04:44 PM]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [02/08/2007 10:19 AM]
"nwiz "= "nwiz.exe" [02/08/2007 10:19 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [02/08/2007 10:19 AM]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 10:38 PM]
"COMODO Firewall Pro "= "C:\Program Files\COMODO\Firewall\cfp.exe" [06/03/2008 08:20 PM]
"SpywareTerminator "= "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [05/24/2008 01:03 PM]
"RTHDCPL "= "RTHDCPL.EXE" [04/10/2008 04:52 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr "= "ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]

C:\Documents and Settings\-xXx-\Start Menu\Programs\Startup\
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [5/24/2008 12:47:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize "=0 (0x0)
"NoMovingBands "=0 (0x0)
"NoCloseDragDropBands "=0 (0x0)
"NoSetTaskbar "=0 (0x0)
"NoToolbarsOnTaskbar "=0 (0x0)
"NoSaveSettings "=0 (0x0)
"NoActiveDesktop "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe




-- End of Deckard's System Scanner: finished at 2008-08-09 13:17:28 ------------

 

Hi
OK good.
Is your Taskbar working?

Geri

 

Yup, So far so good. Hope i got rid of it already. Thank you again.

 

Hi chrys03
OK Great,

Please delete dss.exe and this folder, C:\Deckard

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

If all seems OK I'll mark this resolved.

Surf Safely
Geri

 

Ok. I guess this solved my problem.

 

Hi chrys03
OK.
If you still believe your computer is running a little slow, please have a look at this. Don't know the last time you have done some basic maintenance.

Here is a web page that may help speed up your computer by miekiemoes.She has some very good suggestions.
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is a good temp cleaner that may help also.

ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Geri

 

Geri,

Thanks for the link. I guess the real time protection feature is part to blame coz' Im running three security programs.