1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows XP Won't Load Correctly

Discussion in 'Windows - Virus and spyware problems' started by TravDude, Feb 4, 2008.

  1. TravDude

    TravDude Member

    Joined:
    May 26, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    Greetings,

    My Dell laptop was having some major virus/spyware issues. So over the weekend I decided to use Adware, Norton AntiVirus, and TuneUp Utilities to fix up my computer. Anyways, after first completing all of my virus scans, of which it found several trojans, downloaders, etc. I shut down my computer for the evening. When I turned it on in the morning, it booted normally until when the desktop would normally appear. The desktop background did appear, minus the icons, start button, task bar, etc. I can use ctrl, alt, del to access the task manager to run programs and such. Do you have any suggestions? I'd like to try to fix the problem, although as a last resort formatting the drive and starting over wouldn't be a big deal.

    Thanks
     
    TravDude, Feb 4, 2008
    #1
  2. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    QuikDraw, Feb 4, 2008
    #2
  3. TravDude

    TravDude Member

    Joined:
    May 26, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:45:59 PM, on 2/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ruxytvur.dll",sitypnow
    O4 - HKLM\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
    O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
    O4 - HKCU\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    O4 - HKCU\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170681473656
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
    O17 - HKLM\Software\..\Telephony: DomainName = internal.conemaugh.kcp
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
    O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 8343 bytes
     
    TravDude, Feb 6, 2008
    #3
  4. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Download Deckard's System Scanner (DSS) and save it to your Desktop.
    DISCONNECT FROM THE INTERNET...REMOVE THE PLUG FROM THE BACK OF THE COMPUTER

    Close all other windows before proceeding.

    Turn off all real time protection. Anti-virus, Anti-spyware, Anti-malware, or any other security programmes you`re running.

    Double-click on dss.exe and follow the prompts.
    When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach the main.txt and extra.txt in your next reply.

    Re-enable your security programmes and reconnect to the net.
     
    Last edited: Feb 8, 2008
    QuikDraw, Feb 7, 2008
    #4
  5. TravDude

    TravDude Member

    Joined:
    May 26, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    Deckard's System Scanner v20071014.68
    Run by Bob Wagner on 2008-02-10 17:31:22
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 4 Restore Point(s) --
    4: 2008-02-10 22:31:32 UTC - RP4 - Deckard's System Scanner Restore Point
    3: 2008-02-10 21:39:27 UTC - RP3 - System Checkpoint
    2: 2008-02-08 01:17:51 UTC - RP2 - System Checkpoint
    1: 2008-02-05 18:06:47 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as My Name.exe) ------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:33:42 PM, on 2/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Bob Wagner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Bob Wagner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4CB37385-9FB3-4C99-992E-5F5E7F11A6E4} - C:\WINDOWS\system32\vtuts.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgghgfe.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ruxytvur.dll",sitypnow
    O4 - HKLM\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
    O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170681473656
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
    O17 - HKLM\Software\..\Telephony: DomainName = internal.conemaugh.kcp
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: cbxuvuu - cbxuvuu.dll (file missing)
    O20 - Winlogon Notify: crypt - crypts.dll (file missing)
    O20 - Winlogon Notify: gebyvsp - gebyvsp.dll (file missing)
    O20 - Winlogon Notify: hgghgfe - C:\WINDOWS\SYSTEM32\hgghgfe.dll
    O20 - Winlogon Notify: mljgecc - mljgecc.dll (file missing)
    O20 - Winlogon Notify: vturppn - vturppn.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
    O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 8801 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
    R1 RCFOX (SonicWALL IPsec Driver) - c:\windows\system32\drivers\rcfox.sys <Not Verified; SonicWALL, Inc.; RCFOX IPSec Driver>
    R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>

    S3 KMW_KBD (Kensington Input Devices Class filter driver) - c:\windows\system32\drivers\kmw_kbd.sys (file missing)
    S3 KMW_USB (Kensington MouseWorks USB filter driver) - c:\windows\system32\drivers\kmw_usb.sys <Not Verified; Kensington Technology Group; KMW>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S2 LexBceS (LexBce Server) - c:\windows\system32\lexbces.exe (file missing)
    S2 Pml Driver HPZ12 - c:\windows\system32\hpzipm12.exe (file missing)
    S2 WLTRYSVC - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
    S3 RampartSvc (SonicWall VPN Client Service) - c:\program files\sonicwall\sonicwall global vpn client\rampartsvc.exe <Not Verified; SonicWALL, Inc.; RampartSvc Module>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID:
    Description: Zune
    Device ID: USB\VID_045E&PID_0710\500293FF-FB8D-18B2-82D8-26EEADCC0CE8
    Manufacturer:
    Name: Zune
    PNP Device ID: USB\VID_045E&PID_0710\500293FF-FB8D-18B2-82D8-26EEADCC0CE8
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2008-01-31 19:00:19 400 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


    -- Files created between 2008-01-10 and 2008-02-10 -----------------------------

    2008-02-10 16:02:02 0 d-------- C:\WINDOWS\LastGood
    2008-02-03 22:02:40 0 d-------- C:\WINDOWS\Prefetch
    2008-02-03 20:24:04 0 d-------- C:\WINDOWS\setup.pss
    2008-02-03 15:17:41 6758 --ahs---- C:\WINDOWS\system32\abadd.ini2
    2008-02-03 15:17:31 327232 --a------ C:\WINDOWS\system32\ddaba.dll
    2008-02-03 09:26:13 150990 --ahs---- C:\WINDOWS\system32\stutv.ini2
    2008-02-03 09:25:53 327232 --a------ C:\WINDOWS\system32\vtuts.dll
    2008-02-02 16:00:59 366592 --a------ C:\WINDOWS\system32\hgghgfe.dll
    2008-02-01 17:33:17 7581 --ahs---- C:\WINDOWS\system32\ihhkj.ini2
    2008-02-01 17:33:09 327232 --a------ C:\WINDOWS\system32\jkhhi.dll
    2008-02-01 17:32:33 11134 --a------ C:\WINDOWS\system32\msvcr20.dll
    2008-02-01 17:32:32 0 d-------- C:\Program Files\IObit
    2008-02-01 17:27:57 366592 --a------ C:\WINDOWS\system32\byxvtsr.dll
    2008-01-31 21:24:02 2031648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-31 21:06:08 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-01-31 21:05:52 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
    2008-01-31 21:05:33 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    2008-01-31 21:04:04 0 d-------- C:\WINDOWS\system32\ZoneLabs
    2008-01-31 21:03:08 0 d-------- C:\WINDOWS\Internet Logs
    2008-01-31 19:19:09 0 d-------- C:\Program Files\Symantec
    2008-01-31 19:18:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-01-31 18:59:16 0 d-------- C:\Program Files\TuneUp Utilities 2007
    2008-01-31 18:55:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-31 18:36:01 0 d-------- C:\Program Files\Trend Micro
    2008-01-31 18:34:43 12434 --a------ C:\WINDOWS\system32\ssttqnm.dll
    2008-01-31 18:34:41 19389 --ahs---- C:\WINDOWS\system32\mllmk.exe
    2008-01-29 20:11:11 12434 --a------ C:\WINDOWS\system32\mllmmkj.dll
    2008-01-29 20:11:10 19389 --ahs---- C:\WINDOWS\system32\vtstr.exe
    2008-01-27 18:11:03 12434 --a------ C:\WINDOWS\system32\ssqpnkj.dll
    2008-01-27 18:11:03 19389 --ahs---- C:\WINDOWS\system32\awvtt.exe
    2008-01-23 21:26:54 12434 --a------ C:\WINDOWS\system32\pmkhigg.dll
    2008-01-23 21:26:53 19389 --ahs---- C:\WINDOWS\system32\vtutu.exe
    2008-01-20 21:44:35 2100 --ahs---- C:\WINDOWS\system32\pmnlm.exe
    2008-01-20 20:18:09 12434 --a------ C:\WINDOWS\system32\ssttusr.dll
    2008-01-20 20:18:08 19389 --ahs---- C:\WINDOWS\system32\ssqrq.exe
    2008-01-19 13:51:25 12434 --a------ C:\WINDOWS\system32\jkkjhgh.dll
    2008-01-18 22:32:04 12434 --a------ C:\WINDOWS\system32\ssqrsqr.dll
    2008-01-18 22:32:02 19389 --ahs---- C:\WINDOWS\system32\gebyx.exe
    2008-01-17 20:50:38 2100 --ahs---- C:\WINDOWS\system32\awtqp.exe
    2008-01-17 20:31:07 12434 --a------ C:\WINDOWS\system32\pmnnopo.dll
    2008-01-17 20:31:05 19389 --ahs---- C:\WINDOWS\system32\ddaya.exe
    2008-01-15 19:11:22 12434 --a------ C:\WINDOWS\system32\ddayvwu.dll
    2008-01-15 19:11:18 19389 --ahs---- C:\WINDOWS\system32\pmkhi.exe
    2008-01-15 19:06:08 121364 --a------ C:\WINDOWS\system32\amwdeddr.dll
    2008-01-15 14:22:21 12434 --a------ C:\WINDOWS\system32\jkkljjk.dll
    2008-01-15 14:22:05 19389 --ahs---- C:\WINDOWS\system32\sstqp.exe
    2008-01-13 20:35:59 66080 --a------ C:\WINDOWS\system32\pmnlj.exe
    2008-01-12 19:13:19 34802 --a------ C:\WINDOWS\system32\awvvv.exe
    2008-01-12 07:37:33 66080 --a------ C:\WINDOWS\system32\pmkhe.exe
    2008-01-10 20:56:23 66080 --a------ C:\WINDOWS\system32\ssttr.exe
    2008-01-10 00:19:43 66080 --a------ C:\WINDOWS\system32\mlljj.exe


    -- Find3M Report ---------------------------------------------------------------

    2008-02-10 15:59:26 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-02-03 21:14:36 23428 --a----c- C:\WINDOWS\system32\emptyregdb.dat
    2008-01-31 19:18:47 0 d-------- C:\Program Files\Common Files
    2008-01-09 23:04:59 66080 --a------ C:\WINDOWS\system32\ssttq.exe
    2008-01-09 21:42:13 66080 --a------ C:\WINDOWS\system32\ddaby.exe
    2008-01-06 11:02:38 66080 --a------ C:\WINDOWS\system32\pmkhh.exe
    2008-01-01 08:19:59 66080 --a------ C:\WINDOWS\system32\ddcca.exe
    2007-12-31 08:15:01 66080 --a------ C:\WINDOWS\system32\geebc.exe
    2007-12-30 11:26:31 66080 --a------ C:\WINDOWS\system32\gebca.exe
    2007-12-29 10:22:09 66080 --a------ C:\WINDOWS\system32\ddayy.exe
    2007-12-29 10:11:12 0 d-------- C:\Documents and Settings\Bob Wagner\Application Data\Lavasoft
    2007-12-29 10:08:38 0 d-------- C:\Program Files\Lavasoft
    2007-12-29 09:04:52 66080 --a------ C:\WINDOWS\system32\ssqpm.exe
    2007-12-29 08:45:48 66080 --a------ C:\WINDOWS\system32\awvvw.exe
    2007-12-28 16:23:23 66080 --a------ C:\WINDOWS\system32\ddccc.exe
    2007-12-28 10:59:31 66080 --a------ C:\WINDOWS\system32\ssttt.exe
    2007-12-28 10:26:35 66080 --a------ C:\WINDOWS\system32\pmnll.exe
    2007-12-28 07:17:30 66080 --a------ C:\WINDOWS\system32\geedc.exe
    2007-12-27 16:36:29 66080 --a------ C:\WINDOWS\system32\ddccb.exe
    2007-12-27 16:07:42 66080 --a------ C:\WINDOWS\system32\gebyy.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB37385-9FB3-4C99-992E-5F5E7F11A6E4}]
    02/03/2008 09:25 AM 327232 --a------ C:\WINDOWS\system32\vtuts.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    02/02/2008 04:00 PM 366592 --a------ C:\WINDOWS\system32\hgghgfe.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [12/22/2006 11:27 AM]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [12/22/2006 11:28 AM]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 05:48 PM]
    "WMI Performance Adapter Services"="C:\WINDOWS\system32\drivers\wmiapsrvs.exe" []
    "SearchIndexer"="C:\WINDOWS\system32\ruxytvur.dll" []
    "WMI Standard Event Consumer - hosting"="C:\WINDOWS\system32\wbem\scrcs.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
    "AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [05/25/2005 12:12 PM]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07/15/2007 07:59 PM]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WMI Performance Adapter Services"=C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    "WMI Standard Event Consumer - hosting"=C:\WINDOWS\system32\wbem\scrcs.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "WMC_WMPDBExport"=C:\Program Files\Windows Media Player\wmdbexport.exe
    "TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    C:\Documents and Settings\Bob Wagner\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 5:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    DESKTOP.INI [2/3/2008 9:27:13 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\hgghgfe.dll [02/02/2008 04:00 PM 366592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvuu]
    cbxuvuu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]
    crypts.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyvsp]
    gebyvsp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghgfe]
    hgghgfe.dll 02/02/2008 04:00 PM 366592 C:\WINDOWS\SYSTEM32\hgghgfe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgecc]
    mljgecc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturppn]
    vturppn.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtuts.dll
    "WMI Performance Adapter Services"= C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    "WMI Standard Event Consumer - hosting"= C:\WINDOWS\system32\wbem\scrcs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bob Wagner^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
    path=C:\Documents and Settings\Bob Wagner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
    backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    "C:\Program Files\Apoint\Apoint.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
    BCMSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    C:\Program Files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "C:\Program Files\Dell\Media Experience\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    %SystemRoot%\system32\mobsync.exe /logon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\LaunchU3.exe -a




    -- End of Deckard's System Scanner: finished at 2008-02-10 17:38:57 ------------


    Deckard's System Scanner v20071014.68
    Run by Bob Wagner on 2008-02-10 17:31:22
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 4 Restore Point(s) --
    4: 2008-02-10 22:31:32 UTC - RP4 - Deckard's System Scanner Restore Point
    3: 2008-02-10 21:39:27 UTC - RP3 - System Checkpoint
    2: 2008-02-08 01:17:51 UTC - RP2 - System Checkpoint
    1: 2008-02-05 18:06:47 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as My Name.exe) ------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:33:42 PM, on 2/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\Bob Wagner\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Bob Wagner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4CB37385-9FB3-4C99-992E-5F5E7F11A6E4} - C:\WINDOWS\system32\vtuts.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgghgfe.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ruxytvur.dll",sitypnow
    O4 - HKLM\..\Run: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
    O4 - HKLM\..\RunServices: [WMI Performance Adapter Services] C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - hosting] C:\WINDOWS\system32\wbem\scrcs.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170681473656
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
    O17 - HKLM\Software\..\Telephony: DomainName = internal.conemaugh.kcp
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = internal.conemaugh.kcp
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: cbxuvuu - cbxuvuu.dll (file missing)
    O20 - Winlogon Notify: crypt - crypts.dll (file missing)
    O20 - Winlogon Notify: gebyvsp - gebyvsp.dll (file missing)
    O20 - Winlogon Notify: hgghgfe - C:\WINDOWS\SYSTEM32\hgghgfe.dll
    O20 - Winlogon Notify: mljgecc - mljgecc.dll (file missing)
    O20 - Winlogon Notify: vturppn - vturppn.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
    O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

    --
    End of file - 8801 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
    R1 RCFOX (SonicWALL IPsec Driver) - c:\windows\system32\drivers\rcfox.sys <Not Verified; SonicWALL, Inc.; RCFOX IPSec Driver>
    R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>

    S3 KMW_KBD (Kensington Input Devices Class filter driver) - c:\windows\system32\drivers\kmw_kbd.sys (file missing)
    S3 KMW_USB (Kensington MouseWorks USB filter driver) - c:\windows\system32\drivers\kmw_usb.sys <Not Verified; Kensington Technology Group; KMW>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    S2 LexBceS (LexBce Server) - c:\windows\system32\lexbces.exe (file missing)
    S2 Pml Driver HPZ12 - c:\windows\system32\hpzipm12.exe (file missing)
    S2 WLTRYSVC - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
    S3 RampartSvc (SonicWall VPN Client Service) - c:\program files\sonicwall\sonicwall global vpn client\rampartsvc.exe <Not Verified; SonicWALL, Inc.; RampartSvc Module>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID:
    Description: Zune
    Device ID: USB\VID_045E&PID_0710\500293FF-FB8D-18B2-82D8-26EEADCC0CE8
    Manufacturer:
    Name: Zune
    PNP Device ID: USB\VID_045E&PID_0710\500293FF-FB8D-18B2-82D8-26EEADCC0CE8
    Service:


    -- Scheduled Tasks -------------------------------------------------------------

    2008-01-31 19:00:19 400 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


    -- Files created between 2008-01-10 and 2008-02-10 -----------------------------

    2008-02-10 16:02:02 0 d-------- C:\WINDOWS\LastGood
    2008-02-03 22:02:40 0 d-------- C:\WINDOWS\Prefetch
    2008-02-03 20:24:04 0 d-------- C:\WINDOWS\setup.pss
    2008-02-03 15:17:41 6758 --ahs---- C:\WINDOWS\system32\abadd.ini2
    2008-02-03 15:17:31 327232 --a------ C:\WINDOWS\system32\ddaba.dll
    2008-02-03 09:26:13 150990 --ahs---- C:\WINDOWS\system32\stutv.ini2
    2008-02-03 09:25:53 327232 --a------ C:\WINDOWS\system32\vtuts.dll
    2008-02-02 16:00:59 366592 --a------ C:\WINDOWS\system32\hgghgfe.dll
    2008-02-01 17:33:17 7581 --ahs---- C:\WINDOWS\system32\ihhkj.ini2
    2008-02-01 17:33:09 327232 --a------ C:\WINDOWS\system32\jkhhi.dll
    2008-02-01 17:32:33 11134 --a------ C:\WINDOWS\system32\msvcr20.dll
    2008-02-01 17:32:32 0 d-------- C:\Program Files\IObit
    2008-02-01 17:27:57 366592 --a------ C:\WINDOWS\system32\byxvtsr.dll
    2008-01-31 21:24:02 2031648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-31 21:06:08 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-01-31 21:05:52 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
    2008-01-31 21:05:33 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    2008-01-31 21:04:04 0 d-------- C:\WINDOWS\system32\ZoneLabs
    2008-01-31 21:03:08 0 d-------- C:\WINDOWS\Internet Logs
    2008-01-31 19:19:09 0 d-------- C:\Program Files\Symantec
    2008-01-31 19:18:47 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-01-31 18:59:16 0 d-------- C:\Program Files\TuneUp Utilities 2007
    2008-01-31 18:55:20 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-31 18:36:01 0 d-------- C:\Program Files\Trend Micro
    2008-01-31 18:34:43 12434 --a------ C:\WINDOWS\system32\ssttqnm.dll
    2008-01-31 18:34:41 19389 --ahs---- C:\WINDOWS\system32\mllmk.exe
    2008-01-29 20:11:11 12434 --a------ C:\WINDOWS\system32\mllmmkj.dll
    2008-01-29 20:11:10 19389 --ahs---- C:\WINDOWS\system32\vtstr.exe
    2008-01-27 18:11:03 12434 --a------ C:\WINDOWS\system32\ssqpnkj.dll
    2008-01-27 18:11:03 19389 --ahs---- C:\WINDOWS\system32\awvtt.exe
    2008-01-23 21:26:54 12434 --a------ C:\WINDOWS\system32\pmkhigg.dll
    2008-01-23 21:26:53 19389 --ahs---- C:\WINDOWS\system32\vtutu.exe
    2008-01-20 21:44:35 2100 --ahs---- C:\WINDOWS\system32\pmnlm.exe
    2008-01-20 20:18:09 12434 --a------ C:\WINDOWS\system32\ssttusr.dll
    2008-01-20 20:18:08 19389 --ahs---- C:\WINDOWS\system32\ssqrq.exe
    2008-01-19 13:51:25 12434 --a------ C:\WINDOWS\system32\jkkjhgh.dll
    2008-01-18 22:32:04 12434 --a------ C:\WINDOWS\system32\ssqrsqr.dll
    2008-01-18 22:32:02 19389 --ahs---- C:\WINDOWS\system32\gebyx.exe
    2008-01-17 20:50:38 2100 --ahs---- C:\WINDOWS\system32\awtqp.exe
    2008-01-17 20:31:07 12434 --a------ C:\WINDOWS\system32\pmnnopo.dll
    2008-01-17 20:31:05 19389 --ahs---- C:\WINDOWS\system32\ddaya.exe
    2008-01-15 19:11:22 12434 --a------ C:\WINDOWS\system32\ddayvwu.dll
    2008-01-15 19:11:18 19389 --ahs---- C:\WINDOWS\system32\pmkhi.exe
    2008-01-15 19:06:08 121364 --a------ C:\WINDOWS\system32\amwdeddr.dll
    2008-01-15 14:22:21 12434 --a------ C:\WINDOWS\system32\jkkljjk.dll
    2008-01-15 14:22:05 19389 --ahs---- C:\WINDOWS\system32\sstqp.exe
    2008-01-13 20:35:59 66080 --a------ C:\WINDOWS\system32\pmnlj.exe
    2008-01-12 19:13:19 34802 --a------ C:\WINDOWS\system32\awvvv.exe
    2008-01-12 07:37:33 66080 --a------ C:\WINDOWS\system32\pmkhe.exe
    2008-01-10 20:56:23 66080 --a------ C:\WINDOWS\system32\ssttr.exe
    2008-01-10 00:19:43 66080 --a------ C:\WINDOWS\system32\mlljj.exe


    -- Find3M Report ---------------------------------------------------------------

    2008-02-10 15:59:26 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-02-03 21:14:36 23428 --a----c- C:\WINDOWS\system32\emptyregdb.dat
    2008-01-31 19:18:47 0 d-------- C:\Program Files\Common Files
    2008-01-09 23:04:59 66080 --a------ C:\WINDOWS\system32\ssttq.exe
    2008-01-09 21:42:13 66080 --a------ C:\WINDOWS\system32\ddaby.exe
    2008-01-06 11:02:38 66080 --a------ C:\WINDOWS\system32\pmkhh.exe
    2008-01-01 08:19:59 66080 --a------ C:\WINDOWS\system32\ddcca.exe
    2007-12-31 08:15:01 66080 --a------ C:\WINDOWS\system32\geebc.exe
    2007-12-30 11:26:31 66080 --a------ C:\WINDOWS\system32\gebca.exe
    2007-12-29 10:22:09 66080 --a------ C:\WINDOWS\system32\ddayy.exe
    2007-12-29 10:11:12 0 d-------- C:\Documents and Settings\Bob Wagner\Application Data\Lavasoft
    2007-12-29 10:08:38 0 d-------- C:\Program Files\Lavasoft
    2007-12-29 09:04:52 66080 --a------ C:\WINDOWS\system32\ssqpm.exe
    2007-12-29 08:45:48 66080 --a------ C:\WINDOWS\system32\awvvw.exe
    2007-12-28 16:23:23 66080 --a------ C:\WINDOWS\system32\ddccc.exe
    2007-12-28 10:59:31 66080 --a------ C:\WINDOWS\system32\ssttt.exe
    2007-12-28 10:26:35 66080 --a------ C:\WINDOWS\system32\pmnll.exe
    2007-12-28 07:17:30 66080 --a------ C:\WINDOWS\system32\geedc.exe
    2007-12-27 16:36:29 66080 --a------ C:\WINDOWS\system32\ddccb.exe
    2007-12-27 16:07:42 66080 --a------ C:\WINDOWS\system32\gebyy.exe


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB37385-9FB3-4C99-992E-5F5E7F11A6E4}]
    02/03/2008 09:25 AM 327232 --a------ C:\WINDOWS\system32\vtuts.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
    02/02/2008 04:00 PM 366592 --a------ C:\WINDOWS\system32\hgghgfe.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 05:38 PM]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 07:49 PM]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [12/22/2006 11:27 AM]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [12/22/2006 11:28 AM]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 05:48 PM]
    "WMI Performance Adapter Services"="C:\WINDOWS\system32\drivers\wmiapsrvs.exe" []
    "SearchIndexer"="C:\WINDOWS\system32\ruxytvur.dll" []
    "WMI Standard Event Consumer - hosting"="C:\WINDOWS\system32\wbem\scrcs.exe" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
    "AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [05/25/2005 12:12 PM]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07/15/2007 07:59 PM]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "WMI Performance Adapter Services"=C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    "WMI Standard Event Consumer - hosting"=C:\WINDOWS\system32\wbem\scrcs.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "WMC_WMPDBExport"=C:\Program Files\Windows Media Player\wmdbexport.exe
    "TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    "tscuninstall"=%systemroot%\system32\tscupgrd.exe

    C:\Documents and Settings\Bob Wagner\Start Menu\Programs\Startup\
    DESKTOP.INI [8/11/2004 5:15:06 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    DESKTOP.INI [2/3/2008 9:27:13 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)
    "NoResolveSearch"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "LinkResolveIgnoreLinkInfo"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\hgghgfe.dll [02/02/2008 04:00 PM 366592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvuu]
    cbxuvuu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]
    crypts.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyvsp]
    gebyvsp.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghgfe]
    hgghgfe.dll 02/02/2008 04:00 PM 366592 C:\WINDOWS\SYSTEM32\hgghgfe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgecc]
    mljgecc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturppn]
    vturppn.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtuts.dll
    "WMI Performance Adapter Services"= C:\WINDOWS\system32\drivers\wmiapsrvs.exe
    "WMI Standard Event Consumer - hosting"= C:\WINDOWS\system32\wbem\scrcs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bob Wagner^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
    path=C:\Documents and Settings\Bob Wagner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
    backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    "C:\Program Files\Apoint\Apoint.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
    BCMSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    C:\Program Files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    "C:\Program Files\Dell Support\DSAgnt.exe" /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    C:\WINDOWS\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    "C:\Program Files\Microsoft IntelliPoint\point32.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    "C:\Program Files\Dell\Media Experience\PCMService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    %SystemRoot%\system32\mobsync.exe /logon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\LaunchU3.exe -a




    -- End of Deckard's System Scanner: finished at 2008-02-10 17:38:57 ------------

     
    TravDude, Feb 10, 2008
    #5
  6. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Wow! What a mess. Very nasty trojans, vundo worm. and more! Two choices: one reformat, which I'd recommend. And two, we start removing all these infections which will take hours. Your choice. Let me know.
     
    QuikDraw, Feb 10, 2008
    #6
  7. TravDude

    TravDude Member

    Joined:
    May 26, 2006
    Messages:
    58
    Likes Received:
    0
    Trophy Points:
    16
    Quite a nice mess I have, huh? My dad has been using the computer for a few years without any virus protection of adware scanners of any sort. I've managed to remove the files that I might need in the future onto a flash drive. If reformating is the best method, we can go with that. What is the proper method? Is it as simple as using my windows xp disc to perform a new installation? Thanks for all of your help.
     
    TravDude, Feb 12, 2008
    #7
  8. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    You've decided to reformat. Wise choice! Navigate to this forum and post a new thread for assistance with reformatting and reinstallation of windows for your Dell computer. (Software, operating systems and more > Windows - General discussion.)
    Title the thread, Need help to reformat/reinstall WinXP on Dell computer. In the message area, describe your computer, and the CD's you have for the job.

    I mainly do malware help. This alone keeps me very busy. The guys over there do that sort of thing daily. After your done there, come back here and let me know your newly reformatted and ready to install some free programs to protect your PC. I will show you where to download everything you need. And how to protect your PC in the future.

    Do not surf the net without any protection!

    Good luck!

    QuikDraw
     
    Last edited: Feb 12, 2008
    QuikDraw, Feb 12, 2008
    #8

Share This Page