Hi there, Recently my computer has been suffering from constant pop up annoyances and browser re-directing problems, the problem first came to light a couple of days ago when I first noticed the pop-ups appearing and redirecting me to ads for winantivirus2007, system doctor etc. Also sometimes when this happens I get an error message stating there has been a visual c runtime error; upon pressing ok in the error dialogue box my explorer, task bar etc. refreshes. Before finding my way here I tried vundofix and its search function came up with a number of files (maybe 8 or so) the program said it was able to clean some of them but it was not able to delete vtsts.dll, awtqpqr.dll and ststv.ini which are residing in my windows/system32 folder. I have followed the steps pointed out and would appreciate very much someone helping me out with this
here are my logs as follows :
Activescan :
HTML Code:
Incident Status Location
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\awtqpqr.dll
Adware:adware/block-checker Not disinfected Windows Registry
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\phill\Cookies\phill@adtech[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\phill\Cookies\phill@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\phill\Cookies\phill@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\phill\Cookies\phill@drivecleaner[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\phill\Cookies\phill@errorsafe[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\phill\Cookies\phill@stats.drivecleaner[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\phill\Cookies\phill@stats1.reliablestats[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\phill\Cookies\phill@statse.webtrendslive[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\phill\Cookies\phill@systemdoctor[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\phill\Cookies\phill@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\phill\Cookies\phill@winantispyware[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\phill\Cookies\phill@winantivirus[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\phill\Cookies\phill@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\phill\Cookies\phill@www.errorsafe[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@247realmedia[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@adrevolver[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@advertising[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@anm.co[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@bs.serving-sys[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@questionmarket[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\phill\Local Settings\Temp\Cookies\phill@tradedoubler[1].txt
Potentially unwanted tool:Application/DriveCleaner Not disinfected C:\Documents and Settings\phill\Local Settings\Temporary Internet Files\Content.IE5\P33ZO3NZ\installdrivecleanerstart[1].cab
Virus:Generic Malware Disinfected C:\Torrents\BrainWaves generator\Bwgen\Bwgen_Crack.exe
Virus:Generic Malware Not disinfected C:\Torrents\BrainWaves generator\Bwgen.rar[Bwgen\Bwgen_Crack.exe]
Hacktool:HackTool/EvID Not disinfected C:\Torrents\EvID4226Patch223d-en.zip[EvID4226Patch.exe]
Hacktool:HackTool/EvID Not disinfected C:\Torrents\New Folder\EvID4226Patch.exe
Virus:Generic Trojan Disinfected C:\Torrents\O&O Defrag 10 Professional\o&o.defrag.v10.0.build.1634.patch-MCCJ.exe
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\awtqpqr.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\tuvstqp.dll.bad
Deckards System Scanner Main.txt
HTML Code:
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2007-10-04 03:25:17 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
[color=red]System Drive C: has 5.9 GiB (less than 15%) free.[/color]
-- HijackThis (run as phill.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:27:40, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Torrents\dss.exe
C:\Torrents\phill.exe
C:\WINDOWS\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B64115FD-1395-49E8-BFBA-61E74C29E9C1} - C:\WINDOWS\system32\vtsts.dll
O2 - BHO: (no name) - {C3352FCD-CFE5-4F35-831A-19C68DDB7CF4} - C:\WINDOWS\system32\awtqpqr.dll
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://F:\setup\RiffLick.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: awtqpqr - C:\WINDOWS\SYSTEM32\awtqpqr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 6764 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 aslm75 - c:\windows\system32\drivers\aslm75.sys
R2 LF30FS - c:\program files\everstrike software\lock folder xp 3.6\lf30xp.sys
R3 AmdTools (AMD Special Tools Driver) - c:\windows\system32\drivers\amdtools.sys <Not Verified; AMD, Inc.; Special Tools Driver>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 US428 (US428 Driver) - c:\windows\system32\drivers\us428.sys <Not Verified; Frontier Design Group, LLC; TASCAM US-428>
R3 Us428WdmService (US428 Wdm Audio) - c:\windows\system32\drivers\us428wdm.sys <Not Verified; Frontier Design Group, LLC; TASCAM US-428>
S3 KORGUMDS (KORG USB-MIDI Driver for Windows XP) - c:\windows\system32\drivers\korgumds.sys <Not Verified; KORG Inc.; KORG USB-MIDI Driver for Windows XP>
S3 MA_CMIDI (%EVOL_USB.SvcDesc%) - c:\windows\system32\drivers\ma_cmidi.sys <Not Verified; M-Audio; M-Audio USB MIDI Keyboard Interface>
S3 US428DL (US428 Firmware Downloader) - c:\windows\system32\drivers\us428dl.sys <Not Verified; Frontier Design Group; TASCAM US-428>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 bgsvcgen (B's Recorder GOLD Library General Service) - "c:\windows\system32\bgsvcgen.exe" <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
R2 MA_CMIDI_InstallerService (M-Audio CMIDI Installer) - c:\program files\m-audio ma_cmidi\ma_cmidi_inst.exe <Not Verified; ; MA_CMIDI USB MIDI Installer Service>
S2 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78
Service:
-- Scheduled Tasks -------------------------------------------------------------
2007-10-04 03:00:00 488 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
-- Files created between 2007-09-04 and 2007-10-04 -----------------------------
2007-10-04 03:54:47 0 d-------- C:\Program Files\SpywareBlaster
2007-10-03 18:50:36 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-03 17:42:43 0 d-------- C:\Program Files\Windows File Explorer
2007-10-03 17:15:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-03 17:15:20 0 d-------- C:\Program Files\Security Task Manager
2007-10-03 16:34:37 0 d-------- C:\VundoFix Backups
2007-10-02 18:08:20 0 d-------- C:\Program Files\Lavasoft
2007-10-02 18:08:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-02 15:19:02 0 d-------- C:\Program Files\Spyware Doctor
2007-10-02 15:19:02 0 d-------- C:\Documents and Settings\phill\Application Data\PC Tools
2007-10-02 15:16:16 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-10-02 14:52:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-10-01 13:16:23 0 d-------- C:\Program Files\Alwil Software
2007-10-01 09:06:18 87104 --a------ C:\WINDOWS\system32\bqvbjouv.dll
2007-10-01 00:37:54 0 d-------- C:\Documents and Settings\phill\Application Data\LEAPS
2007-10-01 00:34:48 0 d-------- C:\Documents and Settings\phill\Application Data\Pegasys Inc
2007-10-01 00:30:51 56976 --a------ C:\WINDOWS\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-10-01 00:30:51 33408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS <Not Verified; B.H.A Corporation; B's Recorder GOLD>
2007-10-01 00:30:51 122512 --a------ C:\WINDOWS\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-10-01 00:29:59 0 d-------- C:\Program Files\Pegasys Inc
2007-09-30 20:58:25 244832 -----n--- C:\WINDOWS\system32\vtsts.dll
2007-09-30 20:46:09 0 d---s---- C:\Documents and Settings\Administrator\UserData
2007-09-30 20:45:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-09-30 20:43:57 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-09-30 20:43:57 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-09-30 20:43:57 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-09-30 20:43:57 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-09-30 20:43:57 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-09-30 20:43:57 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-09-30 20:43:57 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-09-30 20:43:57 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-09-30 20:43:57 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-09-30 20:43:57 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-09-30 20:43:57 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-09-30 20:43:57 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-09-30 20:43:57 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-09-30 20:43:57 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-09-30 20:43:43 0 d-------- C:\WINDOWS\CSC
2007-09-30 20:42:25 44054 -----n--- C:\WINDOWS\system32\awtqpqr.dll
2007-09-30 20:42:23 341 --a------ C:\WINDOWS\retadpu1000520.exe
2007-09-30 18:52:03 0 d-------- C:\WINDOWS\system32\LogFiles
2007-09-30 18:52:03 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-30 18:51:36 0 d-------- C:\01ea9a70862e2fa3db78
2007-09-30 18:38:18 0 d-------- C:\Documents and Settings\phill\Application Data\Media Player Classic
2007-09-30 17:59:17 14994264 --a------ C:\WINDOWS\2.exe
2007-09-30 17:18:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-30 17:18:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-30 00:44:20 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-09-30 00:27:21 0 d-------- C:\Documents and Settings\phill\Application Data\SpywareBot
2007-09-29 23:48:20 0 d-------- C:\ConverterOutput
2007-09-29 23:47:14 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-09-29 23:47:14 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-09-29 23:47:14 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-09-29 23:47:14 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-09-29 23:47:13 0 d-------- C:\Program Files\Cucusoft
2007-09-23 20:55:26 0 d-------- C:\Program Files\Sonnox
2007-09-21 16:40:03 0 dr-h----- C:\Documents and Settings\phill\Application Data\SecuROM
2007-09-21 16:28:56 0 d-------- C:\Program Files\Sierra Entertainment
2007-09-21 14:19:18 0 d-------- C:\Program Files\Universal Extractor
2007-09-20 13:31:26 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-19 20:34:11 0 d-------- C:\Documents and Settings\phill\Application Data\Google
2007-09-19 20:33:12 0 d-------- C:\Program Files\Google
2007-09-19 20:33:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-19 11:32:09 0 d-------- C:\Program Files\MegaSpoof
2007-09-18 17:16:13 0 d-------- C:\Program Files\Power Tab Software
2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 19:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 19:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-16 16:35:02 0 d-------- C:\Program Files\Bit Che
2007-09-09 22:24:55 0 d-------- C:\Program Files\Guitar Scales Method
2007-09-09 03:12:54 0 d-------- C:\Documents and Settings\phill\Application Data\ATTNaturalVoices
-- Find3M Report ---------------------------------------------------------------
2007-10-03 20:19:14 0 d-------- C:\Program Files\M-Audio MA_CMIDI
2007-10-02 18:22:39 0 d-------- C:\Documents and Settings\phill\Application Data\uTorrent
2007-10-02 18:07:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-01 16:42:19 112 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-10-01 16:42:19 112 --a------ C:\WINDOWS\msocreg32.dat
2007-09-30 21:00:30 0 d-------- C:\Program Files\VideoLAN
2007-09-30 20:30:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-30 20:29:09 0 d-------- C:\Documents and Settings\phill\Application Data\DivX
2007-09-30 20:19:33 0 d-------- C:\Program Files\DivX
2007-09-30 18:53:32 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-30 18:06:22 0 d-------- C:\Program Files\MSN Messenger
2007-09-30 17:59:55 0 d-------- C:\Program Files\XviD
2007-09-25 18:01:57 0 d-------- C:\Program Files\KONAMI
2007-09-20 12:20:43 0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-15 07:56:11 304160 --a------ C:\StiImg.dat
2007-09-03 18:03:19 0 d-------- C:\Program Files\Ableton
2007-09-03 18:01:03 4636532 --a------ C:\WINDOWS\system32\TmpA2134906
2007-08-29 18:59:10 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-08-29 18:59:10 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-08-21 01:26:52 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-21 01:26:52 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-08-19 16:06:02 0 d-------- C:\Program Files\db-audioware
2007-08-15 23:33:14 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 23:30:26 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-15 19:06:08 0 d-------- C:\Documents and Settings\phill\Application Data\SopCast
2007-08-15 19:02:57 0 d-------- C:\Program Files\SopCast
2007-08-15 14:46:43 0 d-------- C:\Program Files\MSXML 6.0
2007-08-15 14:29:52 0 d-------- C:\Program Files\TVAnts
2007-08-11 16:27:51 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-09 19:30:01 0 d-------- C:\Program Files\Arturia
2007-08-04 01:14:38 0 d-------- C:\Program Files\Bome's Midi Translator
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B64115FD-1395-49E8-BFBA-61E74C29E9C1}]
30/09/2007 20:58 244832 --------- C:\WINDOWS\system32\vtsts.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3352FCD-CFE5-4F35-831A-19C68DDB7CF4}]
30/09/2007 20:42 44054 --------- C:\WINDOWS\system32\awtqpqr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe" [28/06/2006 16:42]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [25/09/2006 10:12]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [14/09/2006 21:09]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 01:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [23/12/2006 07:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03:43]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [09/09/2006 10:16]
"LFAgent"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 11:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:56]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [02/11/2006 14:43]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [21/07/2007 16:56:19]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C3352FCD-CFE5-4F35-831A-19C68DDB7CF4}"= C:\WINDOWS\system32\awtqpqr.dll [30/09/2007 20:42 44054]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqpqr]
awtqpqr.dll 30/09/2007 20:42 44054 C:\WINDOWS\system32\awtqpqr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\vtsts
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
-- End of Deckard's System Scanner: finished at 2007-10-04 04:29:07 ------------