Windows XP Won't Load Correctly

TravDude · Feb 4, 2008

Greetings,

My Dell laptop was having some major virus/spyware issues. So over the weekend I decided to use Adware, Norton AntiVirus, and TuneUp Utilities to fix up my computer. Anyways, after first completing all of my virus scans, of which it found several trojans, downloaders, etc. I shut down my computer for the evening. When I turned it on in the morning, it booted normally until when the desktop would normally appear. The desktop background did appear, minus the icons, start button, task bar, etc. I can use ctrl, alt, del to access the task manager to run programs and such. Do you have any suggestions? I'd like to try to fix the problem, although as a last resort formatting the drive and starting over wouldn't be a big deal.

Thanks

QuikDraw · Feb 4, 2008

Download hijackThis. http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html Open HJK. Click, Do a system scan and post a logfile. Copy and paste the entire log here for review. Someone will get back to you shortly.

TravDude · Feb 6, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:59 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ruxytvur.dll",sitypnow
O4 - HKLM\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170681473656
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
O17 - HKLM\Software\..\Telephony: DomainName = internal.conemaugh.kcp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 8343 bytes

QuikDraw · Feb 8, 2008

Download Deckard's System Scanner (DSS) and save it to your Desktop.
DISCONNECT FROM THE INTERNET...REMOVE THE PLUG FROM THE BACK OF THE COMPUTER

Close all other windows before proceeding.

Turn off all real time protection. Anti-virus, Anti-spyware, Anti-malware, or any other security programmes you`re running.

Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach the main.txt and extra.txt in your next reply.

Re-enable your security programmes and reconnect to the net.

TravDude · Feb 10, 2008

Deckard's System Scanner v20071014.68
Run by Bob Wagner on 2008-02-10 17:31:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 4 Restore Point(s) --
4: 2008-02-10 22:31:32 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-02-10 21:39:27 UTC - RP3 - System Checkpoint
2: 2008-02-08 01:17:51 UTC - RP2 - System Checkpoint
1: 2008-02-05 18:06:47 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as My Name.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:42 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Bob Wagner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bob Wagner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4CB37385-9FB3-4C99-992E-5F5E7F11A6E4} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgghgfe.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ruxytvur.dll",sitypnow
O4 - HKLM\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170681473656
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
O17 - HKLM\Software\..\Telephony: DomainName = internal.conemaugh.kcp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: cbxuvuu - cbxuvuu.dll (file missing)
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: gebyvsp - gebyvsp.dll (file missing)
O20 - Winlogon Notify: hgghgfe - C:\WINDOWS\SYSTEM32\hgghgfe.dll
O20 - Winlogon Notify: mljgecc - mljgecc.dll (file missing)
O20 - Winlogon Notify: vturppn - vturppn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 8801 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 RCFOX (SonicWALL IPsec Driver) - c:\windows\system32\drivers\rcfox.sys <Not Verified; SonicWALL, Inc.; RCFOX IPSec Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>

S3 KMW_KBD (Kensington Input Devices Class filter driver) - c:\windows\system32\drivers\kmw_kbd.sys (file missing)
S3 KMW_USB (Kensington MouseWorks USB filter driver) - c:\windows\system32\drivers\kmw_usb.sys <Not Verified; Kensington Technology Group; KMW>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 LexBceS (LexBce Server) - c:\windows\system32\lexbces.exe (file missing)
S2 Pml Driver HPZ12 - c:\windows\system32\hpzipm12.exe (file missing)
S2 WLTRYSVC - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
S3 RampartSvc (SonicWall VPN Client Service) - c:\program files\sonicwall\sonicwall global vpn client\rampartsvc.exe <Not Verified; SonicWALL, Inc.; RampartSvc Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Zune
Device ID: USB\VID_045E&PID_0710\500293FF-FB8D-18B2-82D8-26EEADCC0CE8
Manufacturer:
Name: Zune
PNP Device ID: USB\VID_045E&PID_0710\500293FF-FB8D-18B2-82D8-26EEADCC0CE8
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-01-31 19:00:19 400 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-10 16:02:02 0 d-------- C:\WINDOWS\LastGood
2008-02-03 22:02:40 0 d-------- C:\WINDOWS\Prefetch
2008-02-03 20:24:04 0 d-------- C:\WINDOWS\setup.pss
2008-02-03 15:17:41 6758 --ahs---- C:\WINDOWS\system32\abadd.ini2
2008-02-03 15:17:31 327232 --a------ C:\WINDOWS\system32\ddaba.dll
2008-02-03 09:26:13 150990 --ahs---- C:\WINDOWS\system32\stutv.ini2
2008-02-03 09:25:53 327232 --a------ C:\WINDOWS\system32\vtuts.dll
2008-02-02 16:00:59 366592 --a------ C:\WINDOWS\system32\hgghgfe.dll
2008-02-01 17:33:17 7581 --ahs---- C:\WINDOWS\system32\ihhkj.ini2
2008-02-01 17:33:09 327232 --a------ C:\WINDOWS\system32\jkhhi.dll
2008-02-01 17:32:33 11134 --a------ C:\WINDOWS\system32\msvcr20.dll
2008-02-01 17:32:32 0 d-------- C:\Program Files\IObit
2008-02-01 17:27:57 366592 --a------ C:\WINDOWS\system32\byxvtsr.dll
2008-01-31 21:24:02 2031648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-31 21:06:08 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-31 21:05:52 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-01-31 21:05:33 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-01-31 21:04:04 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-31 21:03:08 0 d-------- C:\WINDOWS\Internet Logs
2008-01-31 19:19:09 0 d-------- C:\Program Files\Symantec
2008-01-31 19:18:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-31 18:59:16 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-01-31 18:55:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-31 18:36:01 0 d-------- C:\Program Files\Trend Micro
2008-01-31 18:34:43 12434 --a------ C:\WINDOWS\system32\ssttqnm.dll
2008-01-31 18:34:41 19389 --ahs---- C:\WINDOWS\system32\mllmk.exe
2008-01-29 20:11:11 12434 --a------ C:\WINDOWS\system32\mllmmkj.dll
2008-01-29 20:11:10 19389 --ahs---- C:\WINDOWS\system32\vtstr.exe
2008-01-27 18:11:03 12434 --a------ C:\WINDOWS\system32\ssqpnkj.dll
2008-01-27 18:11:03 19389 --ahs---- C:\WINDOWS\system32\awvtt.exe
2008-01-23 21:26:54 12434 --a------ C:\WINDOWS\system32\pmkhigg.dll
2008-01-23 21:26:53 19389 --ahs---- C:\WINDOWS\system32\vtutu.exe
2008-01-20 21:44:35 2100 --ahs---- C:\WINDOWS\system32\pmnlm.exe
2008-01-20 20:18:09 12434 --a------ C:\WINDOWS\system32\ssttusr.dll
2008-01-20 20:18:08 19389 --ahs---- C:\WINDOWS\system32\ssqrq.exe
2008-01-19 13:51:25 12434 --a------ C:\WINDOWS\system32\jkkjhgh.dll
2008-01-18 22:32:04 12434 --a------ C:\WINDOWS\system32\ssqrsqr.dll
2008-01-18 22:32:02 19389 --ahs---- C:\WINDOWS\system32\gebyx.exe
2008-01-17 20:50:38 2100 --ahs---- C:\WINDOWS\system32\awtqp.exe
2008-01-17 20:31:07 12434 --a------ C:\WINDOWS\system32\pmnnopo.dll
2008-01-17 20:31:05 19389 --ahs---- C:\WINDOWS\system32\ddaya.exe
2008-01-15 19:11:22 12434 --a------ C:\WINDOWS\system32\ddayvwu.dll
2008-01-15 19:11:18 19389 --ahs---- C:\WINDOWS\system32\pmkhi.exe
2008-01-15 19:06:08 121364 --a------ C:\WINDOWS\system32\amwdeddr.dll
2008-01-15 14:22:21 12434 --a------ C:\WINDOWS\system32\jkkljjk.dll
2008-01-15 14:22:05 19389 --ahs---- C:\WINDOWS\system32\sstqp.exe
2008-01-13 20:35:59 66080 --a------ C:\WINDOWS\system32\pmnlj.exe
2008-01-12 19:13:19 34802 --a------ C:\WINDOWS\system32\awvvv.exe
2008-01-12 07:37:33 66080 --a------ C:\WINDOWS\system32\pmkhe.exe
2008-01-10 20:56:23 66080 --a------ C:\WINDOWS\system32\ssttr.exe
2008-01-10 00:19:43 66080 --a------ C:\WINDOWS\system32\mlljj.exe

-- Find3M Report ---------------------------------------------------------------

2008-02-10 15:59:26 0 d-------- C:\Program Files\Symantec AntiVirus
2008-02-03 21:14:36 23428 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-01-31 19:18:47 0 d-------- C:\Program Files\Common Files
2008-01-09 23:04:59 66080 --a------ C:\WINDOWS\system32\ssttq.exe
2008-01-09 21:42:13 66080 --a------ C:\WINDOWS\system32\ddaby.exe
2008-01-06 11:02:38 66080 --a------ C:\WINDOWS\system32\pmkhh.exe
2008-01-01 08:19:59 66080 --a------ C:\WINDOWS\system32\ddcca.exe
2007-12-31 08:15:01 66080 --a------ C:\WINDOWS\system32\geebc.exe
2007-12-30 11:26:31 66080 --a------ C:\WINDOWS\system32\gebca.exe
2007-12-29 10:22:09 66080 --a------ C:\WINDOWS\system32\ddayy.exe
2007-12-29 10:11:12 0 d-------- C:\Documents and Settings\Bob Wagner\Application Data\Lavasoft
2007-12-29 10:08:38 0 d-------- C:\Program Files\Lavasoft
2007-12-29 09:04:52 66080 --a------ C:\WINDOWS\system32\ssqpm.exe
2007-12-29 08:45:48 66080 --a------ C:\WINDOWS\system32\awvvw.exe
2007-12-28 16:23:23 66080 --a------ C:\WINDOWS\system32\ddccc.exe
2007-12-28 10:59:31 66080 --a------ C:\WINDOWS\system32\ssttt.exe
2007-12-28 10:26:35 66080 --a------ C:\WINDOWS\system32\pmnll.exe
2007-12-28 07:17:30 66080 --a------ C:\WINDOWS\system32\geedc.exe
2007-12-27 16:36:29 66080 --a------ C:\WINDOWS\system32\ddccb.exe
2007-12-27 16:07:42 66080 --a------ C:\WINDOWS\system32\gebyy.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB37385-9FB3-4C99-992E-5F5E7F11A6E4}]
02/03/2008 09:25 AM 327232 --a------ C:\WINDOWS\system32\vtuts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
02/02/2008 04:00 PM 366592 --a------ C:\WINDOWS\system32\hgghgfe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [12/22/2006 11:27 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [12/22/2006 11:28 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 05:48 PM]
"WMI Performance Adapter Services"="C:\WINDOWS\system32\drivers\wmiapsrvs.exe" []
"SearchIndexer"="C:\WINDOWS\system32\ruxytvur.dll" []
"WMI Standard Event Consumer - hosting"="C:\WINDOWS\system32\wbem\scrcs.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [05/25/2005 12:12 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07/15/2007 07:59 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WMI Performance Adapter Services"=C:\WINDOWS\system32\drivers\wmiapsrvs.exe
"WMI Standard Event Consumer - hosting"=C:\WINDOWS\system32\wbem\scrcs.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WMC_WMPDBExport"=C:\Program Files\Windows Media Player\wmdbexport.exe
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Bob Wagner\Start Menu\Programs\Startup\
DESKTOP.INI [8/11/2004 5:15:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2/3/2008 9:27:13 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\hgghgfe.dll [02/02/2008 04:00 PM 366592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvuu]
cbxuvuu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]
crypts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyvsp]
gebyvsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghgfe]
hgghgfe.dll 02/02/2008 04:00 PM 366592 C:\WINDOWS\SYSTEM32\hgghgfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgecc]
mljgecc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturppn]
vturppn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtuts.dll
"WMI Performance Adapter Services"= C:\WINDOWS\system32\drivers\wmiapsrvs.exe
"WMI Standard Event Consumer - hosting"= C:\WINDOWS\system32\wbem\scrcs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bob Wagner^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=C:\Documents and Settings\Bob Wagner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"C:\Program Files\Apoint\Apoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-02-10 17:38:57 ------------

Deckard's System Scanner v20071014.68
Run by Bob Wagner on 2008-02-10 17:31:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 4 Restore Point(s) --
4: 2008-02-10 22:31:32 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-02-10 21:39:27 UTC - RP3 - System Checkpoint
2: 2008-02-08 01:17:51 UTC - RP2 - System Checkpoint
1: 2008-02-05 18:06:47 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as My Name.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:42 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Bob Wagner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bob Wagner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4CB37385-9FB3-4C99-992E-5F5E7F11A6E4} - C:\WINDOWS\system32\vtuts.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgghgfe.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ruxytvur.dll",sitypnow
O4 - HKLM\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170681473656
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
O17 - HKLM\Software\..\Telephony: DomainName = internal.conemaugh.kcp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: cbxuvuu - cbxuvuu.dll (file missing)
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O20 - Winlogon Notify: gebyvsp - gebyvsp.dll (file missing)
O20 - Winlogon Notify: hgghgfe - C:\WINDOWS\SYSTEM32\hgghgfe.dll
O20 - Winlogon Notify: mljgecc - mljgecc.dll (file missing)
O20 - Winlogon Notify: vturppn - vturppn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 8801 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 RCFOX (SonicWALL IPsec Driver) - c:\windows\system32\drivers\rcfox.sys <Not Verified; SonicWALL, Inc.; RCFOX IPSec Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>

S3 KMW_KBD (Kensington Input Devices Class filter driver) - c:\windows\system32\drivers\kmw_kbd.sys (file missing)
S3 KMW_USB (Kensington MouseWorks USB filter driver) - c:\windows\system32\drivers\kmw_usb.sys <Not Verified; Kensington Technology Group; KMW>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 LexBceS (LexBce Server) - c:\windows\system32\lexbces.exe (file missing)
S2 Pml Driver HPZ12 - c:\windows\system32\hpzipm12.exe (file missing)
S2 WLTRYSVC - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
S3 RampartSvc (SonicWall VPN Client Service) - c:\program files\sonicwall\sonicwall global vpn client\rampartsvc.exe <Not Verified; SonicWALL, Inc.; RampartSvc Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Zune
Device ID: USB\VID_045E&PID_0710\500293FF-FB8D-18B2-82D8-26EEADCC0CE8
Manufacturer:
Name: Zune
PNP Device ID: USB\VID_045E&PID_0710\500293FF-FB8D-18B2-82D8-26EEADCC0CE8
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-01-31 19:00:19 400 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-10 16:02:02 0 d-------- C:\WINDOWS\LastGood
2008-02-03 22:02:40 0 d-------- C:\WINDOWS\Prefetch
2008-02-03 20:24:04 0 d-------- C:\WINDOWS\setup.pss
2008-02-03 15:17:41 6758 --ahs---- C:\WINDOWS\system32\abadd.ini2
2008-02-03 15:17:31 327232 --a------ C:\WINDOWS\system32\ddaba.dll
2008-02-03 09:26:13 150990 --ahs---- C:\WINDOWS\system32\stutv.ini2
2008-02-03 09:25:53 327232 --a------ C:\WINDOWS\system32\vtuts.dll
2008-02-02 16:00:59 366592 --a------ C:\WINDOWS\system32\hgghgfe.dll
2008-02-01 17:33:17 7581 --ahs---- C:\WINDOWS\system32\ihhkj.ini2
2008-02-01 17:33:09 327232 --a------ C:\WINDOWS\system32\jkhhi.dll
2008-02-01 17:32:33 11134 --a------ C:\WINDOWS\system32\msvcr20.dll
2008-02-01 17:32:32 0 d-------- C:\Program Files\IObit
2008-02-01 17:27:57 366592 --a------ C:\WINDOWS\system32\byxvtsr.dll
2008-01-31 21:24:02 2031648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-31 21:06:08 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-31 21:05:52 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-01-31 21:05:33 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-01-31 21:04:04 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-31 21:03:08 0 d-------- C:\WINDOWS\Internet Logs
2008-01-31 19:19:09 0 d-------- C:\Program Files\Symantec
2008-01-31 19:18:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-31 18:59:16 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-01-31 18:55:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-31 18:36:01 0 d-------- C:\Program Files\Trend Micro
2008-01-31 18:34:43 12434 --a------ C:\WINDOWS\system32\ssttqnm.dll
2008-01-31 18:34:41 19389 --ahs---- C:\WINDOWS\system32\mllmk.exe
2008-01-29 20:11:11 12434 --a------ C:\WINDOWS\system32\mllmmkj.dll
2008-01-29 20:11:10 19389 --ahs---- C:\WINDOWS\system32\vtstr.exe
2008-01-27 18:11:03 12434 --a------ C:\WINDOWS\system32\ssqpnkj.dll
2008-01-27 18:11:03 19389 --ahs---- C:\WINDOWS\system32\awvtt.exe
2008-01-23 21:26:54 12434 --a------ C:\WINDOWS\system32\pmkhigg.dll
2008-01-23 21:26:53 19389 --ahs---- C:\WINDOWS\system32\vtutu.exe
2008-01-20 21:44:35 2100 --ahs---- C:\WINDOWS\system32\pmnlm.exe
2008-01-20 20:18:09 12434 --a------ C:\WINDOWS\system32\ssttusr.dll
2008-01-20 20:18:08 19389 --ahs---- C:\WINDOWS\system32\ssqrq.exe
2008-01-19 13:51:25 12434 --a------ C:\WINDOWS\system32\jkkjhgh.dll
2008-01-18 22:32:04 12434 --a------ C:\WINDOWS\system32\ssqrsqr.dll
2008-01-18 22:32:02 19389 --ahs---- C:\WINDOWS\system32\gebyx.exe
2008-01-17 20:50:38 2100 --ahs---- C:\WINDOWS\system32\awtqp.exe
2008-01-17 20:31:07 12434 --a------ C:\WINDOWS\system32\pmnnopo.dll
2008-01-17 20:31:05 19389 --ahs---- C:\WINDOWS\system32\ddaya.exe
2008-01-15 19:11:22 12434 --a------ C:\WINDOWS\system32\ddayvwu.dll
2008-01-15 19:11:18 19389 --ahs---- C:\WINDOWS\system32\pmkhi.exe
2008-01-15 19:06:08 121364 --a------ C:\WINDOWS\system32\amwdeddr.dll
2008-01-15 14:22:21 12434 --a------ C:\WINDOWS\system32\jkkljjk.dll
2008-01-15 14:22:05 19389 --ahs---- C:\WINDOWS\system32\sstqp.exe
2008-01-13 20:35:59 66080 --a------ C:\WINDOWS\system32\pmnlj.exe
2008-01-12 19:13:19 34802 --a------ C:\WINDOWS\system32\awvvv.exe
2008-01-12 07:37:33 66080 --a------ C:\WINDOWS\system32\pmkhe.exe
2008-01-10 20:56:23 66080 --a------ C:\WINDOWS\system32\ssttr.exe
2008-01-10 00:19:43 66080 --a------ C:\WINDOWS\system32\mlljj.exe

-- Find3M Report ---------------------------------------------------------------

2008-02-10 15:59:26 0 d-------- C:\Program Files\Symantec AntiVirus
2008-02-03 21:14:36 23428 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-01-31 19:18:47 0 d-------- C:\Program Files\Common Files
2008-01-09 23:04:59 66080 --a------ C:\WINDOWS\system32\ssttq.exe
2008-01-09 21:42:13 66080 --a------ C:\WINDOWS\system32\ddaby.exe
2008-01-06 11:02:38 66080 --a------ C:\WINDOWS\system32\pmkhh.exe
2008-01-01 08:19:59 66080 --a------ C:\WINDOWS\system32\ddcca.exe
2007-12-31 08:15:01 66080 --a------ C:\WINDOWS\system32\geebc.exe
2007-12-30 11:26:31 66080 --a------ C:\WINDOWS\system32\gebca.exe
2007-12-29 10:22:09 66080 --a------ C:\WINDOWS\system32\ddayy.exe
2007-12-29 10:11:12 0 d-------- C:\Documents and Settings\Bob Wagner\Application Data\Lavasoft
2007-12-29 10:08:38 0 d-------- C:\Program Files\Lavasoft
2007-12-29 09:04:52 66080 --a------ C:\WINDOWS\system32\ssqpm.exe
2007-12-29 08:45:48 66080 --a------ C:\WINDOWS\system32\awvvw.exe
2007-12-28 16:23:23 66080 --a------ C:\WINDOWS\system32\ddccc.exe
2007-12-28 10:59:31 66080 --a------ C:\WINDOWS\system32\ssttt.exe
2007-12-28 10:26:35 66080 --a------ C:\WINDOWS\system32\pmnll.exe
2007-12-28 07:17:30 66080 --a------ C:\WINDOWS\system32\geedc.exe
2007-12-27 16:36:29 66080 --a------ C:\WINDOWS\system32\ddccb.exe
2007-12-27 16:07:42 66080 --a------ C:\WINDOWS\system32\gebyy.exe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB37385-9FB3-4C99-992E-5F5E7F11A6E4}]
02/03/2008 09:25 AM 327232 --a------ C:\WINDOWS\system32\vtuts.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
02/02/2008 04:00 PM 366592 --a------ C:\WINDOWS\system32\hgghgfe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [12/22/2006 11:27 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [12/22/2006 11:28 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 05:48 PM]
"WMI Performance Adapter Services"="C:\WINDOWS\system32\drivers\wmiapsrvs.exe" []
"SearchIndexer"="C:\WINDOWS\system32\ruxytvur.dll" []
"WMI Standard Event Consumer - hosting"="C:\WINDOWS\system32\wbem\scrcs.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [05/25/2005 12:12 PM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07/15/2007 07:59 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WMI Performance Adapter Services"=C:\WINDOWS\system32\drivers\wmiapsrvs.exe
"WMI Standard Event Consumer - hosting"=C:\WINDOWS\system32\wbem\scrcs.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"WMC_WMPDBExport"=C:\Program Files\Windows Media Player\wmdbexport.exe
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Bob Wagner\Start Menu\Programs\Startup\
DESKTOP.INI [8/11/2004 5:15:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2/3/2008 9:27:13 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\hgghgfe.dll [02/02/2008 04:00 PM 366592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvuu]
cbxuvuu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]
crypts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyvsp]
gebyvsp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghgfe]
hgghgfe.dll 02/02/2008 04:00 PM 366592 C:\WINDOWS\SYSTEM32\hgghgfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgecc]
mljgecc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturppn]
vturppn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtuts.dll
"WMI Performance Adapter Services"= C:\WINDOWS\system32\drivers\wmiapsrvs.exe
"WMI Standard Event Consumer - hosting"= C:\WINDOWS\system32\wbem\scrcs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bob Wagner^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=C:\Documents and Settings\Bob Wagner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"C:\Program Files\Apoint\Apoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-02-10 17:38:57 ------------

QuikDraw · Feb 10, 2008

Wow! What a mess. Very nasty trojans, vundo worm. and more! Two choices: one reformat, which I'd recommend. And two, we start removing all these infections which will take hours. Your choice. Let me know.

TravDude · Feb 12, 2008

Quite a nice mess I have, huh? My dad has been using the computer for a few years without any virus protection of adware scanners of any sort. I've managed to remove the files that I might need in the future onto a flash drive. If reformating is the best method, we can go with that. What is the proper method? Is it as simple as using my windows xp disc to perform a new installation? Thanks for all of your help.

QuikDraw · Feb 12, 2008

You've decided to reformat. Wise choice! Navigate to this forum and post a new thread for assistance with reformatting and reinstallation of windows for your Dell computer. (Software, operating systems and more > Windows - General discussion.)
Title the thread, Need help to reformat/reinstall WinXP on Dell computer. In the message area, describe your computer, and the CD's you have for the job.

I mainly do malware help. This alone keeps me very busy. The guys over there do that sort of thing daily. After your done there, come back here and let me know your newly reformatted and ready to install some free programs to protect your PC. I will show you where to download everything you need. And how to protect your PC in the future.

Do not surf the net without any protection!

Good luck!

QuikDraw

Log in or Sign up

Windows XP Won't Load Correctly

TravDude Member

QuikDraw Regular member

TravDude Member

QuikDraw Regular member

TravDude Member

QuikDraw Regular member

TravDude Member

QuikDraw Regular member

Share This Page

Log in or Sign up

Windows XP Won't Load Correctly

TravDude Member

QuikDraw Regular member

TravDude Member

QuikDraw Regular member

TravDude Member

QuikDraw Regular member

TravDude Member

QuikDraw Regular member

Share This Page

Useful Searches