Thread: Viruses and Trojans, Oh My!
View Single Post
Old 08-06-2007, 08:51 AM   #1 (permalink)
AWSOME
Registered User
 
Join Date: Oct 2006
Posts: 12
OS: Win2000


Viruses and Trojans, Oh My!
I think I have vundo and something called downloader. (Nortan Anti-virus detected it but I don't think it got rid of it.) So yeah, I know you guys are the best so can you help me?

Deckard's System Scanner v20070804.61
Run by Kenneth on 2007-08-06 at 09:37:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-06 09:41:50
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)

Running processes:
C:\WINNT\system32\SMSS.EXE
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\mstask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\wbem\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINPENJR\win32\PPHIDPAD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
C:\Internet download\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F0 - win.ini: run=
F3 - REG:win.ini: Run=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINNT\system32\vqcxqdqe.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINNT\system32\iifedbc.dll
O2 - BHO: (no name) - {EFADAF50-FD11-44E3-99BA-AE72D4980F29} - C:\WINNT\system32\mlljg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O4 - HKEY_LOCAL_MACHINE\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKEY_LOCAL_MACHINE\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKEY_LOCAL_MACHINE\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKEY_LOCAL_MACHINE\..\Run: [SystemOptimizer] rundll32.exe "C:\WINNT\system32\blqnfcmi.dll",forkonce
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} () - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176860841987
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: iifedbc - C:\WINNT\system32\iifedbc.dll
O20 - Winlogon Notify: mlljg - C:\WINNT\system32\mlljg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Macromedia Licensing Service - Unknown owner - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\winnt\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\winnt\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\winnt\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 ppmoucls - c:\winnt\system32\drivers\ppmoucls.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 pptchpad (PenPower Touchpad) - c:\winnt\system32\drivers\pptchpd5.sys
R2 enodpl - c:\winnt\system32\drivers\enodpl.sys
R2 tandpl - c:\winnt\system32\drivers\tandpl.sys
R3 ASAPIW2k - c:\winnt\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 Cap7134 (TVFM 503 WDM Video Capture) - c:\winnt\system32\drivers\cap7134.sys <Not Verified; AVerMedia TECHNOLOGIES, Inc.; cap7134>
R3 SaiClass - c:\winnt\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>
R3 SaiMini - c:\winnt\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>

S3 EagleNT - c:\winnt\system32\drivers\eaglent.sys (file missing)
S3 NCHSSVAD (SoundTap Recorder) - c:\winnt\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
S3 SaiNtHid - c:\winnt\system32\drivers\sainthid.sys <Not Verified; Saitek; Configuration Software>
S3 SaiNtSub - c:\winnt\system32\drivers\saintsub.sys <Not Verified; Saitek; Configuration Software>
S3 scrcap - c:\winnt\system32\drivers\scrcap.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Easy Internet Keyboard
Device ID: ACPI\PNP0303\4&102163C3&0
Manufacturer: Logitech
Name: Easy Internet Keyboard
PNP Device ID: ACPI\PNP0303\4&102163C3&0
Service: i8042prt

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: ZD Soft Screen Capture Driver
Device ID: ROOT\DISPLAY\0000
Manufacturer: ZD Soft
Name: ZD Soft Screen Capture Driver
PNP Device ID: ROOT\DISPLAY\0000
Service: scrcap


-- Scheduled Tasks -------------------------------------------------------------

2006-12-17 07:07:14 554 --a------ C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - Stan Siu.job


-- Files created between 2007-07-06 and 2007-08-06 -----------------------------

2025-01-01 18:38:16 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Symantec
2007-08-06 09:21:05 125504 --a------ C:\WINNT\system32\blqnfcmi.dll
2007-08-06 09:15:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_450.dat
2007-08-06 09:13:54 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2a8.dat
2007-08-06 08:58:02 125504 -----n--- C:\WINNT\system32\mcxxhcbt.dll
2007-08-03 17:02:28 1760125 ---hs---- C:\WINNT\system32\gjllm.ini2
2007-08-03 1514 0 d-------- C:\Program Files\Pinnacle Systems
2007-08-03 13:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-08-03 13:58:09 0 d-------- C:\Program Files\SmartSound Software
2007-08-03 13:19:36 155721 -----n--- C:\WINNT\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2007-08-03 13:19:36 204881 -----n--- C:\WINNT\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2007-08-03 13:19:35 81920 -----n--- C:\WINNT\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux>
2007-08-03 13:19:35 46592 -----n--- C:\WINNT\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600>
2007-08-03 13:19:35 294912 -----n--- C:\WINNT\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo>
2007-08-03 13:19:34 44544 -----n--- C:\WINNT\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-08-03 13:19:34 73728 -----n--- C:\WINNT\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2007-08-03 13:19:34 32768 -----n--- C:\WINNT\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2007-08-03 13:19:34 40960 -----n--- C:\WINNT\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ>
2007-08-03 13:19:34 18432 --a------ C:\WINNT\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2007-08-03 13:19:34 114759 -----n--- C:\WINNT\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2007-08-03 13:12:56 11264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
2007-08-03 13:12:54 406016 --a------ C:\WINNT\system32\PSDrvCheck.exe
2007-08-03 13:12:53 19456 --a------ C:\WINNT\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; >
2007-08-03 13:12:12 61440 --a------ C:\WINNT\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows>
2007-08-03 13:12:09 49152 --a------ C:\WINNT\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2007-08-03 10:53:22 69184 --a------ C:\WINNT\system32\vqcxqdqe.dll
2007-08-03 10:49:09 125504 --a------ C:\WINNT\system32\cdcuscnb.dll
2007-08-03 09:59:13 0 d-------- C:\Program Files\SmartSound Software Inc
2007-08-03 08:58:47 0 d--h---c- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2007-08-02 22:03:53 1762414 ---hs---- C:\WINNT\system32\gjllm.bak2
2007-08-02 21:39:39 228960 --a------ C:\WINNT\system32\mlljg.dll
2007-08-02 21:29:26 31254 --a------ C:\WINNT\system32\iifedbc.dll
2007-08-02 11:45:41 0 --a------ C:\WINNT\2
2007-08-02 11:42:16 18 --a------ C:\WINNT\?
2007-08-02 11:15:29 0 d-------- C:\Program Files\Microsoft SQL Server
2007-08-02 11:10:09 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Sony
2007-07-27 09:35:33 0 d-------- C:\Program Files\notepad2
2007-07-26 10:10:13 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Galactic Magnate
2007-07-26 09:48:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4dc.dat
2007-07-24 16:26:17 0 d-------- C:\Program Files\Qualcomm
2007-07-22 16:57:47 0 d-------- C:\Program Files\Virtools
2007-07-21 22:17:38 0 d-------- C:\WINNT\Simpson Backround
2007-07-18 18:38:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-07-18 14:36:00 595 --a------ C:\WINNT\eReg.dat
2007-07-18 07:43:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_428.dat
2007-07-15 2324 0 d-------- C:\Program Files\Three Rings Design
2007-07-15 23:00:02 0 d-------- C:\Documents and Settings\Kenneth\Application Data\yoclient
2007-07-13 20:22:13 0 d-------- C:\Program Files\DivX
2007-07-12 10:01:55 83968 --a------ C:\WINNT\UnGins.exe
2007-07-11 09:19:22 0 d-------- C:\Program Files\Toolkit3
2007-07-11 08:38:47 283862 --a------ C:\WINNT\system32\smpeg.dll
2007-07-11 08:38:47 310849 --a------ C:\WINNT\system32\SDL_ttf.dll
2007-07-11 08:38:47 396903 --a------ C:\WINNT\system32\SDL_mixer.dll
2007-07-11 08:38:47 211033 --a------ C:\WINNT\system32\SDL_image.dll
2007-07-11 08:38:47 335629 --a------ C:\WINNT\system32\SDL.dll
2007-07-10 17:51:18 53248 --a------ C:\WINNT\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2007-07-10 17:51:18 356352 --a------ C:\WINNT\system32\SciLexer.dll <Not Verified; Neil Hodgson neilh@scintilla.org; Scintilla>
2007-07-10 17:51:18 352256 --a------ C:\WINNT\system32\libmng.dll
2007-07-10 17:51:18 368640 --a------ C:\WINNT\system32\js32.dll
2007-07-10 17:51:18 233472 --a------ C:\WINNT\system32\corona.dll
2007-07-10 17:51:18 618496 --a------ C:\WINNT\system32\audiere.dll <Not Verified; http://aegisknight.org/; audiere>
2007-07-10 17:17:43 0 --a------ C:\WINNT\a
2007-07-10 17:17:23 317952 -ra------ C:\WINNT\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2007-07-10 17:17:23 48640 -ra------ C:\WINNT\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>


-- Find3M Report ---------------------------------------------------------------

2007-08-06 09:41:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-03 19:05:22 1101952 ---h----- C:\WINNT\ShellIconCache
2007-08-03 13:58:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 12:19:17 0 d-------- C:\Program Files\Pinnacle
2007-08-02 22:28:47 18 --a------ C:\WINNT\?
2007-08-02 21:05:24 0 d-------- C:\Program Files\Bethesda Softworks
2007-08-02 18:44:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\CoreFTP
2007-08-01 18:48:23 17250 --a------ C:\WINNT\mozver.dat
2007-07-25 13:34:21 0 d-------- C:\Program Files\Java
2007-07-23 20:30:27 0 d-------- C:\Program Files\Canon
2007-07-18 14:25:48 0 d-------- C:\Program Files\EA GAMES
2007-07-16 18:40:24 0 d-------- C:\Program Files\Norton Internet Security
2007-07-10 17:57:12 0 d-------- C:\Program Files\WMV9_VCM
2007-06-28 23:27:59 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-06-28 23:27:59 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe
2007-06-28 23:27:51 0 d-------- C:\Program Files\Illustrate
2007-06-28 23:21:15 0 d-------- C:\Program Files\Audacity
2007-06-28 23:21:15 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Audacity
2007-06-28 12:15:32 0 d-------- C:\Documents and Settings\Kenneth\Application Data\IBP
2007-06-28 10:45:24 0 d-------- C:\Program Files\CamStudio
2007-06-27 21:08:20 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Viewpoint
2007-06-26 22:24:59 0 d-------- C:\Program Files\POP Peeper
2007-06-25 12:27:07 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Azureus
2007-06-25 09:05:58 0 d-------- C:\Program Files\Real
2007-06-22 11:59:16 0 d-------- C:\Documents and Settings\Kenneth\Application Data\MSNInstaller
2007-06-20 09:04:37 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Reno 911 Paintball
2007-06-18 13:46:03 0 d-------- C:\Documents and Settings\Kenneth\Application Data\fretsonfire
2007-06-14 11:19:15 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Atari
2007-06-14 09:10:52 0 d-------- C:\Program Files\AIM6
2007-06-12 21:23:26 0 d-a------ C:\Program Files\Common Files
2007-06-12 21:23:26 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Netscape
2007-06-12 21:22:17 0 d-------- C:\Program Files\Netscape
2007-06-12 10:37:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\POP Peeper
2007-06-06 19:31:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\OpenOffice.org2
2007-05-20 09:58:30 65536 --a------ C:\WINNT\IFinst27.exe
2007-05-12 21:22:33 169 --a------ C:\WINNT\system32\EUSOFT.SYS
2007-05-12 19:38:58 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_608.dat
2007-05-07 18:21:42 737280 --a------ C:\WINNT\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
08/03/07 10:53a 69184 --a------ C:\WINNT\system32\vqcxqdqe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}]
08/02/07 09:29p 31254 --a------ C:\WINNT\system32\iifedbc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFADAF50-FD11-44E3-99BA-AE72D4980F29}]
08/02/07 09:39p 228960 --a------ C:\WINNT\system32\mlljg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p]
"nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p]
"Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a]
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p]
"SystemOptimizer"="C:\WINNT\system32\blqnfcmi.dll" [08/06/07 09:21a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"= C:\WINNT\system32\iifedbc.dll [08/02/07 09:29p 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbc]
iifedbc.dll 08/02/07 09:29p 31254 C:\WINNT\system32\iifedbc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljg]
C:\WINNT\system32\mlljg.dll 08/02/07 09:39p 228960 C:\WINNT\system32\mlljg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2007-08-06 at 09:54:18 ---------

Thank you so much!
Attached Files
File Type: txt extra.txt (19.8 KB, 0 views)
AWSOME is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here