Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with removing 'W32/Pedalac.A Windows virus' and 'HTML

Started by Crizzle , Aug 28 2010 05:24 AM

  • Please log in to reply

#1
Crizzle
Posted 28 August 2010 - 05:24 AM

Crizzle

    New Member

  • Member
  • Pip
  • 7 posts
Hello,

As of yesterday I've had over 2000 infections flagged up by Avira. They mostly saw 'contains recognition pattern of the W32/Pedalac.A Windows virus and HTML/Rce.Gen HTML script virus' though I've also had 'Tool.Hardoff.A program', 'TR/Horse.FHF Trojan' 'TR/Gendal.38912.G Trojan' and 'SPR/Tool.REboot.F program'. They seem to be 'infecting' exe files and htm files all over my computer which are now getting flagged up and quarantined by Avira. Not everything seems to be getting 'infected' - Google Chrome has worked fine throughout, but, I use my computer for my work and most of the software I use is getting flagged up which has brought me to a complete standstill. I've looked on the net but I haven't been able to find any information about Pedalac.A and Rce.Gen so I'm not sure what they do or how serious they are, and I'm not sure whether all the files that are getting flagged as infected really are infected. I've followed the Malware and Spyware Cleaning Guide and the problem still persists. I'm really hoping I can get all my exe files out of quarantine and up and running again so any help would be hugely appreciated as with my computer dead in the water I can't work at all!

Thanks so much,

Nic




---------------------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4488

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/28/2010 11:02:31 AM
mbam-log-2010-08-28 (11-02-31).txt

Scan type: Quick scan
Objects scanned: 130989
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{f93d5f8e-a060-82f7-71d3-4bf1b0673ab2} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: g:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (g:\windows\system32\userinit.exe,,g:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
G:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot.
G:\Documents and Settings\Crizzle\Application Data\Biubti\giox.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.





---------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-28 11:41:18
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: G:\DOCUME~1\Crizzle\LOCALS~1\Temp\axtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xB626D88E]
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xB626D0EC]
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xB626CDCE]
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xB626E938]
SSDT BA75826C ZwCreateThread
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xB626CED8]
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xB626CFC2]
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xB626DBBC]
SSDT BA75828A ZwLoadKey
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xB626D3F4]
SSDT BA758258 ZwOpenProcess
SSDT BA75825D ZwOpenThread
SSDT BA758294 ZwReplaceKey
SSDT BA75828F ZwRestoreKey
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xB626D526]
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xB626CBFC]
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xB626DB04]
SSDT \??\G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xB626D70C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 4 Bytes JMP C784FB73
.text G:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB971C360, 0x307AC7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2780] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2788] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2796] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED1A
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED8B
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEB9
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 17, 00]
.text G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2804] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


---------------------------------------------------

OTL logfile created on: 8/28/2010 11:53:53 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = J:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): G:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = G: | %SystemRoot% = G:\WINDOWS | %ProgramFiles% = G:\Program Files
Drive C: | 19.53 Gb Total Space | 11.52 Gb Free Space | 58.98% Space Free | Partition Type: NTFS
Drive D: | 7.39 Gb Total Space | 0.06 Gb Free Space | 0.85% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 36.85 Gb Free Space | 7.91% Space Free | Partition Type: NTFS
Drive G: | 78.13 Gb Total Space | 58.41 Gb Free Space | 74.76% Space Free | Partition Type: NTFS
Drive H: | 92.23 Gb Total Space | 0.91 Gb Free Space | 0.98% Space Free | Partition Type: FAT32
Drive I: | 390.63 Gb Total Space | 200.70 Gb Free Space | 51.38% Space Free | Partition Type: NTFS
Drive J: | 462.76 Gb Total Space | 27.97 Gb Free Space | 6.04% Space Free | Partition Type: NTFS
Drive M: | 298.09 Gb Total Space | 12.27 Gb Free Space | 4.12% Space Free | Partition Type: NTFS
Drive N: | 465.76 Gb Total Space | 114.64 Gb Free Space | 24.61% Space Free | Partition Type: NTFS

Computer Name: MAINNIC
Current User Name: Crizzle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - J:\Downloads\OTL.exe (OldTimer Tools)
PRC - G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - G:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - G:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - G:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
PRC - G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - G:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - G:\Documents and Settings\Crizzle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - G:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - G:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - G:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - G:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - G:\Documents and Settings\Crizzle\Application Data\Dropbox\bin\Dropbox.exe ()
PRC - G:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - G:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - G:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
PRC - G:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - G:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - J:\Downloads\OTL.exe (OldTimer Tools)
MOD - G:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (IDriverT) -- G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe File not found
SRV - (HidServ) -- G:\WINDOWS\System32\hidserv.dll File not found
SRV - (sp_rssrv) -- G:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Lavasoft Ad-Aware Service) -- G:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- G:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- G:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NIHardwareService) -- G:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)


========== Driver Services (SafeList) ==========

DRV - (sp_rsdrv2) -- G:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (Lavasoft Kernexplorer) -- G:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- G:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (taphss) -- G:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (SASKUTIL) -- G:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMSwissArmy) -- G:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- G:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (SASDIFSV) -- G:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- G:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MAUSBFASTTRACKULTRA) -- G:\WINDOWS\system32\drivers\MAudioFastTrackUltra.sys (Avid Technology, Inc.)
DRV - (avgio) -- G:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- G:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtcL001) -- G:\WINDOWS\system32\drivers\l151x86.sys (Atheros Communications, Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- G:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- G:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nv) -- G:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (CLEDX) -- G:\WINDOWS\system32\drivers\cledx.sys (Team H2O)
DRV - (MTsensor) -- G:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



O1 HOSTS File: ([2010/08/27 11:26:55 | 000,000,734 | ---- | M]) - G:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - G:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - G:\Program Files\Crawler\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [avgnt] G:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] G:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] G:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] G:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] G:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SpywareTerminator] G:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] G:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [Steam] G:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: G:\Documents and Settings\Crizzle\Start Menu\Programs\Startup\Dropbox.lnk = G:\Documents and Settings\Crizzle\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: G:\Documents and Settings\Crizzle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = G:\Program Files\ERUNT\AUTOBACK.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - G:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - G:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - G:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - G:\Program Files\Crawler\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - G:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (g:\program files\microsoft\desktoplayer.exe) - g:\program files\microsoft\desktoplayer.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - G:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - G:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: G:\Documents and Settings\Crizzle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: G:\Documents and Settings\Crizzle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - G:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/09 20:04:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/08 18:47:43 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - G:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - G:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - G:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - G:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - G:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - G:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - G:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - G:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - G:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - G:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/28 00:20:01 | 000,000,000 | ---D | C] -- G:\Program Files\Crawler
[2010/08/27 21:39:28 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Spyware Terminator
[2010/08/27 21:39:24 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010/08/27 21:39:23 | 000,000,000 | ---D | C] -- G:\Program Files\Spyware Terminator
[2010/08/27 18:36:51 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\SUPERAntiSpyware.com
[2010/08/27 18:36:51 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/27 18:36:45 | 000,000,000 | ---D | C] -- G:\Program Files\SUPERAntiSpyware
[2010/08/27 10:57:07 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Malwarebytes
[2010/08/27 10:56:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/27 10:56:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- G:\WINDOWS\System32\drivers\mbam.sys
[2010/08/27 10:56:47 | 000,000,000 | ---D | C] -- G:\Program Files\Malwarebytes' Anti-Malware
[2010/08/27 10:56:47 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/27 10:55:31 | 000,000,000 | ---D | C] -- G:\WINDOWS\ERDNT
[2010/08/27 10:54:59 | 000,000,000 | ---D | C] -- G:\Program Files\ERUNT
[2010/08/27 10:28:47 | 000,289,144 | ---- | C] (S!Ri) -- G:\WINDOWS\System32\VCCLSID.exe
[2010/08/27 10:28:47 | 000,288,417 | ---- | C] (S!Ri) -- G:\WINDOWS\System32\SrchSTS.exe
[2010/08/27 10:28:47 | 000,135,168 | ---- | C] (SteelWerX) -- G:\WINDOWS\System32\swreg.exe
[2010/08/27 10:28:47 | 000,087,552 | ---- | C] (S!Ri.URZ) -- G:\WINDOWS\System32\VACFix.exe
[2010/08/27 10:28:47 | 000,082,944 | ---- | C] (S!Ri.URZ) -- G:\WINDOWS\System32\IEDFix.exe
[2010/08/27 10:28:47 | 000,082,944 | ---- | C] (S!Ri.URZ) -- G:\WINDOWS\System32\IEDFix.C.exe
[2010/08/27 10:28:47 | 000,082,432 | ---- | C] (S!Ri.URZ) -- G:\WINDOWS\System32\404Fix.exe
[2010/08/27 10:28:47 | 000,080,384 | ---- | C] (S!Ri.URZ) -- G:\WINDOWS\System32\o4Patch.exe
[2010/08/27 10:28:47 | 000,079,360 | ---- | C] (SteelWerX) -- G:\WINDOWS\System32\swxcacls.exe
[2010/08/27 10:28:47 | 000,078,336 | ---- | C] (S!Ri.URZ) -- G:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/08/27 10:28:47 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- G:\WINDOWS\System32\Process.exe
[2010/08/27 00:45:58 | 000,000,000 | ---D | C] -- G:\Program Files\temp
[2010/08/27 00:45:49 | 000,000,000 | ---D | C] -- G:\Program Files\Microsoft
[2010/08/25 20:26:12 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\dvdcss
[2010/08/25 13:35:55 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\My Documents\My PSP8 Files
[2010/08/25 13:35:55 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Jasc Software Inc
[2010/08/25 13:35:31 | 000,000,000 | ---D | C] -- G:\Program Files\Jasc Software Inc
[2010/08/20 10:45:23 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\fltk.org
[2010/08/14 19:01:39 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Local Settings\Application Data\WMTools Downloaded Files
[2010/08/14 18:53:39 | 000,000,000 | R--D | C] -- G:\Documents and Settings\Crizzle\My Documents\My Videos
[2010/08/14 12:22:00 | 000,000,000 | ---D | C] -- G:\Program Files\Audacity
[2010/08/05 13:24:21 | 000,000,000 | -H-D | C] -- G:\Documents and Settings\All Users\Application Data\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2010/07/29 11:37:46 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\PC Tools
[2010/07/29 11:37:35 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/29 11:18:29 | 000,000,000 | ---D | C] -- G:\WINDOWS\CSC
[2010/07/29 11:07:57 | 000,000,000 | -HSD | C] -- G:\Documents and Settings\Crizzle\PrivacIE
[2010/07/28 17:05:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/28 17:05:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/28 17:05:41 | 000,000,000 | ---D | C] -- G:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/27 12:07:26 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\KORG
[2010/07/27 12:07:00 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\KORG
[2010/07/27 11:31:51 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\KORG
[2010/07/27 11:31:45 | 000,000,000 | ---D | C] -- G:\Program Files\KORG
[2010/07/23 10:09:54 | 000,000,000 | -HSD | C] -- G:\Documents and Settings\Crizzle\IETldCache
[2010/07/23 10:05:18 | 000,000,000 | ---D | C] -- G:\WINDOWS\ie8updates
[2010/07/23 10:04:54 | 000,000,000 | ---D | C] -- G:\WINDOWS\WBEM
[2010/07/23 10:04:06 | 000,000,000 | -H-D | C] -- G:\WINDOWS\ie8
[2010/07/22 00:34:59 | 000,000,000 | ---D | C] -- G:\Program Files\Steam
[2010/07/21 23:07:06 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Royz
[2010/07/21 14:26:32 | 000,000,000 | ---D | C] -- G:\Program Files\iPod
[2010/07/20 11:14:30 | 000,000,000 | ---D | C] -- G:\WINDOWS\pss
[2010/07/15 13:58:07 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Dropbox
[2010/07/15 12:07:58 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Avira
[2010/07/15 11:51:45 | 000,028,520 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/07/15 11:51:44 | 000,124,784 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\avipbb.sys
[2010/07/15 11:51:44 | 000,060,936 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\avgntflt.sys
[2010/07/15 11:51:44 | 000,045,416 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\avgntdd.sys
[2010/07/15 11:51:44 | 000,022,360 | ---- | C] (Avira GmbH) -- G:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/07/15 11:51:44 | 000,000,000 | ---D | C] -- G:\Program Files\Avira
[2010/07/15 11:51:44 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Avira
[2010/07/13 23:26:32 | 000,135,816 | ---- | C] (Avid Technology, Inc.) -- G:\WINDOWS\System32\drivers\MAudioFastTrackUltra.sys
[2010/07/13 23:26:29 | 000,000,000 | ---D | C] -- G:\Program Files\M-Audio
[2010/07/13 20:05:45 | 000,095,024 | ---- | C] (Sunbelt Software) -- G:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/13 15:34:17 | 000,064,288 | ---- | C] (Lavasoft AB) -- G:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/13 15:34:11 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Local Settings\Application Data\Sunbelt Software
[2010/07/13 15:33:51 | 000,000,000 | -H-D | C] -- G:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/07/13 15:33:39 | 000,000,000 | ---D | C] -- G:\Program Files\Lavasoft
[2010/07/13 15:33:39 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/07/13 07:13:31 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Biubti
[2010/07/12 18:49:02 | 000,000,000 | -H-D | C] -- G:\$AVG
[2010/07/10 15:24:02 | 000,000,000 | ---D | C] -- G:\WINDOWS\Sun
[2010/06/30 14:15:00 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Cycling '74
[2010/06/30 12:15:46 | 000,000,000 | ---D | C] -- G:\Program Files\AkaiPro
[2010/06/29 10:53:05 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Desktop\PHOTOS FOR FACEBOOK
[2010/06/29 10:39:40 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Desktop\Photos to draw
[2010/06/28 00:13:52 | 000,000,000 | ---D | C] -- G:\Program Files\icytower1.4
[2010/06/24 21:02:32 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Atydmi
[2010/06/23 14:35:55 | 000,000,000 | ---D | C] -- G:\Program Files\JDownloader
[2010/06/23 14:35:44 | 000,000,000 | ---D | C] -- G:\Program Files\Java
[2010/06/23 14:35:05 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Sun
[2010/06/22 16:57:38 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\dBpoweramp
[2010/06/22 14:34:33 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\AccurateRip
[2010/06/22 14:34:27 | 000,000,000 | ---D | C] -- G:\Program Files\dBpoweramp
[2010/06/21 14:24:16 | 000,000,000 | ---D | C] -- G:\Program Files\iTunes
[2010/06/21 14:22:19 | 000,000,000 | ---D | C] -- G:\WINDOWS\System32\ReinstallBackups
[2010/06/21 14:22:03 | 000,000,000 | ---D | C] -- G:\Program Files\Bonjour
[2010/06/18 01:40:25 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Kyfo
[2010/06/17 11:59:36 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\My Documents\TC Electronic
[2010/06/17 11:59:34 | 000,000,000 | ---D | C] -- G:\Program Files\TC Electronic
[2010/06/07 22:21:33 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Digidesign
[2010/06/01 10:29:17 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Waves Preferences
[2010/06/01 10:23:13 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Application Data\Waves Audio
[2010/06/01 10:21:13 | 000,000,000 | ---D | C] -- G:\Program Files\Waves
[2010/06/01 10:01:54 | 000,000,000 | -H-D | C] -- G:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2010/06/01 10:01:11 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/06/01 10:01:09 | 000,000,000 | -H-D | C] -- G:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2010/06/01 10:00:59 | 000,000,000 | ---D | C] -- G:\Program Files\Native Instruments
[2010/06/01 10:00:59 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Native Instruments
[2010/06/01 09:53:18 | 000,033,792 | ---- | C] (Team H2O) -- G:\WINDOWS\System32\drivers\cledx.sys
[2010/06/01 09:53:07 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- G:\WINDOWS\System32\SYNSOACC.dll
[2010/06/01 09:53:07 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- G:\WINDOWS\System32\SynsoLChk.dll
[2010/06/01 09:53:07 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- G:\WINDOWS\System32\Synsopos.exe
[2010/06/01 09:53:07 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- G:\WINDOWS\System32\drivers\synasUSB.sys
[2010/06/01 09:53:07 | 000,000,000 | ---D | C] -- G:\Program Files\Syncrosoft
[2010/05/31 19:53:33 | 000,000,000 | ---D | C] -- G:\Documents and Settings\Crizzle\Local Settings\Application Data\Karen's Power Tools
[2010/05/31 19:53:12 | 000,000,000 | ---D | C] -- G:\Program Files\Karen's Power Tools
[2010/05/31 19:53:02 | 000,000,000 | ---D | C] -- G:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/05/31 18:54:40 | 000,000,000 | ---D | C] -- G:\Program Files\PeerGuardian2

========== Files - Modified Within 90 Days ==========

[2010/08/28 11:47:27 | 000,002,137 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/28 11:46:32 | 000,000,260 | ---- | M] () -- G:\WINDOWS\tasks\WGASetup.job
[2010/08/28 11:46:29 | 004,456,448 | -H-- | M] () -- G:\Documents and Settings\Crizzle\NTUSER.DAT
[2010/08/28 11:46:16 | 000,000,006 | -H-- | M] () -- G:\WINDOWS\tasks\SA.DAT
[2010/08/28 11:46:02 | 000,002,048 | --S- | M] () -- G:\WINDOWS\bootstat.dat
[2010/08/28 11:26:25 | 000,000,986 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-220523388-1177238915-1003UA.job
[2010/08/28 10:03:30 | 000,002,155 | ---- | M] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/08/28 09:53:06 | 000,000,087 | ---- | M] () -- G:\WINDOWS\System32\ssprs.tgz
[2010/08/28 09:53:06 | 000,000,073 | ---- | M] () -- G:\WINDOWS\System32\ssprs.dll
[2010/08/28 09:53:04 | 000,000,219 | ---- | M] () -- G:\WINDOWS\System32\lsprst7.tgz
[2010/08/28 09:53:04 | 000,000,205 | ---- | M] () -- G:\WINDOWS\System32\lsprst7.dll
[2010/08/28 07:36:00 | 000,000,934 | ---- | M] () -- G:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-220523388-1177238915-1003Core.job
[2010/08/27 21:39:30 | 000,142,592 | ---- | M] () -- G:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010/08/27 18:36:47 | 000,001,678 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/27 18:24:05 | 000,000,458 | ---- | M] () -- G:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/27 11:26:57 | 000,002,440 | ---- | M] () -- G:\WINDOWS\System32\tmp.reg
[2010/08/27 10:56:50 | 000,000,696 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 10:55:06 | 000,000,767 | ---- | M] () -- G:\Documents and Settings\Crizzle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/27 10:55:00 | 000,000,611 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\NTREGOPT.lnk
[2010/08/27 10:55:00 | 000,000,592 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\ERUNT.lnk
[2010/08/27 10:29:41 | 000,013,040 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\INternet Password.doc
[2010/08/27 09:19:22 | 000,002,206 | ---- | M] () -- G:\WINDOWS\System32\wpa.dbl
[2010/08/27 00:18:33 | 000,000,754 | ---- | M] () -- G:\WINDOWS\WORDPAD.INI
[2010/08/26 16:22:49 | 000,000,696 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\SONGS TO WORK ON.doc
[2010/08/25 23:50:37 | 000,108,032 | ---- | M] () -- G:\Documents and Settings\Crizzle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 17:35:24 | 000,086,856 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\JCVDEngSubs.srt
[2010/08/22 16:26:47 | 000,002,300 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\Google Chrome.lnk
[2010/08/22 16:26:47 | 000,002,278 | ---- | M] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/20 10:15:17 | 000,001,729 | ---- | M] () -- G:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/13 09:58:01 | 000,090,296 | ---- | M] () -- G:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 01:01:59 | 000,001,374 | ---- | M] () -- G:\WINDOWS\imsins.BAK
[2010/08/05 11:34:56 | 001,934,306 | -H-- | M] () -- G:\Documents and Settings\Crizzle\Local Settings\Application Data\IconCache.db
[2010/07/30 10:01:10 | 000,000,477 | ---- | M] () -- G:\WINDOWS\win.ini
[2010/07/30 10:01:10 | 000,000,227 | ---- | M] () -- G:\WINDOWS\system.ini
[2010/07/29 11:10:06 | 000,355,636 | ---- | M] () -- G:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/29 11:10:06 | 000,311,934 | ---- | M] () -- G:\WINDOWS\System32\perfh009.dat
[2010/07/29 11:10:06 | 000,040,196 | ---- | M] () -- G:\WINDOWS\System32\perfc009.dat
[2010/07/27 11:40:22 | 000,001,025 | ---- | M] () -- G:\WINDOWS\System32\sysprs7.tgz
[2010/07/27 11:40:22 | 000,001,025 | ---- | M] () -- G:\WINDOWS\System32\sysprs7.dll
[2010/07/27 11:40:22 | 000,001,025 | ---- | M] () -- G:\WINDOWS\System32\clauth2.dll
[2010/07/27 11:40:22 | 000,001,025 | ---- | M] () -- G:\WINDOWS\System32\clauth1.dll
[2010/07/23 10:09:56 | 000,000,815 | ---- | M] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/15 14:00:37 | 000,001,002 | ---- | M] () -- G:\Documents and Settings\Crizzle\Start Menu\Programs\Startup\Dropbox.lnk
[2010/07/13 20:05:45 | 000,095,024 | ---- | M] (Sunbelt Software) -- G:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/07/13 15:33:49 | 000,000,885 | ---- | M] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/06 18:28:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- G:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/06 18:28:44 | 000,015,880 | ---- | M] () -- G:\WINDOWS\System32\lsdelete.exe
[2010/07/06 16:05:12 | 000,015,953 | ---- | M] () -- G:\WINDOWS\Ascd_tmp.ini
[2010/06/22 14:34:32 | 000,010,088 | ---- | M] () -- G:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/06/22 14:34:30 | 002,857,336 | ---- | M] () -- G:\WINDOWS\System32\SpoonUninstall.exe
[2010/06/22 14:34:30 | 000,033,846 | ---- | M] () -- G:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/06/22 14:34:29 | 000,014,040 | ---- | M] () -- G:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/06/22 14:34:14 | 000,033,846 | ---- | M] () -- G:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/06/22 12:09:47 | 000,003,655 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\Nicholas Nell CV 2010.rtf
[2010/06/22 12:04:25 | 000,004,205 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\Nicholas Nell CV 2010 with references.rtf
[2010/06/21 12:25:33 | 000,000,662 | ---- | M] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Live 8.1.3.lnk
[2010/06/07 16:10:20 | 000,000,000 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\test.doc

========== Files Created - No Company Name ==========

[2010/08/27 21:39:30 | 000,142,592 | ---- | C] () -- G:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010/08/27 18:36:47 | 000,001,678 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/27 10:56:50 | 000,000,696 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/27 10:55:06 | 000,000,767 | ---- | C] () -- G:\Documents and Settings\Crizzle\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/27 10:55:00 | 000,000,611 | ---- | C] () -- G:\Documents and Settings\Crizzle\Desktop\NTREGOPT.lnk
[2010/08/27 10:55:00 | 000,000,592 | ---- | C] () -- G:\Documents and Settings\Crizzle\Desktop\ERUNT.lnk
[2010/08/27 10:29:00 | 000,002,440 | ---- | C] () -- G:\WINDOWS\System32\tmp.reg
[2010/08/27 10:28:47 | 000,075,776 | ---- | C] () -- G:\WINDOWS\System32\WS2Fix.exe
[2010/08/27 10:28:47 | 000,051,200 | ---- | C] () -- G:\WINDOWS\System32\dumphive.exe
[2010/08/27 10:28:47 | 000,040,960 | ---- | C] () -- G:\WINDOWS\System32\swsc.exe
[2010/08/24 23:35:18 | 000,086,856 | ---- | C] () -- G:\Documents and Settings\Crizzle\Desktop\JCVDEngSubs.srt
[2010/08/24 12:47:35 | 001,823,744 | ---- | C] () -- G:\Documents and Settings\Crizzle\Desktop\paulstretch.exe
[2010/08/20 10:15:17 | 000,001,729 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/11 19:19:23 | 000,013,040 | ---- | C] () -- G:\Documents and Settings\Crizzle\Desktop\INternet Password.doc
[2010/07/27 11:40:22 | 000,001,025 | ---- | C] () -- G:\WINDOWS\System32\sysprs7.tgz
[2010/07/27 11:40:22 | 000,001,025 | ---- | C] () -- G:\WINDOWS\System32\sysprs7.dll
[2010/07/27 11:40:22 | 000,001,025 | ---- | C] () -- G:\WINDOWS\System32\clauth2.dll
[2010/07/27 11:40:22 | 000,001,025 | ---- | C] () -- G:\WINDOWS\System32\clauth1.dll
[2010/07/27 11:40:22 | 000,000,219 | ---- | C] () -- G:\WINDOWS\System32\lsprst7.tgz
[2010/07/27 11:40:22 | 000,000,205 | ---- | C] () -- G:\WINDOWS\System32\lsprst7.dll
[2010/07/27 11:40:22 | 000,000,087 | ---- | C] () -- G:\WINDOWS\System32\ssprs.tgz
[2010/07/27 11:40:22 | 000,000,073 | ---- | C] () -- G:\WINDOWS\System32\ssprs.dll
[2010/07/26 14:30:23 | 000,002,155 | ---- | C] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/23 10:09:56 | 000,000,815 | ---- | C] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 14:27:18 | 000,002,137 | ---- | C] () -- G:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/15 14:00:37 | 000,001,002 | ---- | C] () -- G:\Documents and Settings\Crizzle\Start Menu\Programs\Startup\Dropbox.lnk
[2010/07/13 15:42:51 | 000,015,880 | ---- | C] () -- G:\WINDOWS\System32\lsdelete.exe
[2010/07/13 15:35:00 | 000,000,458 | ---- | C] () -- G:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/13 15:33:49 | 000,000,885 | ---- | C] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/05 16:40:51 | 000,000,754 | ---- | C] () -- G:\WINDOWS\WORDPAD.INI
[2010/06/28 12:07:06 | 000,885,466 | ---- | C] () -- G:\WINDOWS\nautilus.wav
[2010/06/22 14:34:32 | 000,033,846 | ---- | C] () -- G:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/06/22 14:34:32 | 000,010,088 | ---- | C] () -- G:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/06/22 14:34:29 | 002,857,336 | ---- | C] () -- G:\WINDOWS\System32\SpoonUninstall.exe
[2010/06/22 14:34:29 | 000,033,846 | ---- | C] () -- G:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/06/22 14:34:29 | 000,014,040 | ---- | C] () -- G:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/06/22 12:04:25 | 000,004,205 | ---- | C] () -- G:\Documents and Settings\Crizzle\Desktop\Nicholas Nell CV 2010 with references.rtf
[2010/06/22 11:57:00 | 000,003,655 | ---- | C] () -- G:\Documents and Settings\Crizzle\Desktop\Nicholas Nell CV 2010.rtf
[2010/06/22 10:32:32 | 000,000,696 | ---- | C] () -- G:\Documents and Settings\Crizzle\Desktop\SONGS TO WORK ON.doc
[2010/06/21 12:25:33 | 000,000,662 | ---- | C] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Live 8.1.3.lnk
[2010/06/07 16:10:20 | 000,000,000 | ---- | C] () -- G:\Documents and Settings\Crizzle\Desktop\test.doc
[2010/06/01 09:53:12 | 000,147,425 | ---- | C] () -- G:\WINDOWS\System32\SYNSOACC-Aide.chm
[2010/06/01 09:53:12 | 000,120,468 | ---- | C] () -- G:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2010/06/01 09:53:12 | 000,114,279 | ---- | C] () -- G:\WINDOWS\System32\SYNSOACC-Help.chm
[2010/05/26 12:29:22 | 000,008,704 | ---- | C] () -- G:\WINDOWS\System32\CNMVS7J.DLL
[2010/05/24 22:06:35 | 000,163,840 | ---- | C] () -- G:\WINDOWS\System32\ArtFfct.dll
[2010/05/21 13:17:26 | 000,108,032 | ---- | C] () -- G:\Documents and Settings\Crizzle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/21 13:07:47 | 000,005,810 | R--- | C] () -- G:\WINDOWS\System32\drivers\ASACPI.sys
[2010/05/21 13:07:46 | 000,015,953 | ---- | C] () -- G:\WINDOWS\Ascd_tmp.ini
[2010/05/21 13:07:38 | 000,010,288 | ---- | C] () -- G:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/09/16 18:07:00 | 001,703,936 | ---- | C] () -- G:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/16 18:07:00 | 001,478,656 | ---- | C] () -- G:\WINDOWS\System32\nview.dll
[2007/09/16 18:07:00 | 001,019,904 | ---- | C] () -- G:\WINDOWS\System32\nvwimg.dll
[2007/09/16 18:07:00 | 000,466,944 | ---- | C] () -- G:\WINDOWS\System32\nvshell.dll
[2007/09/16 18:07:00 | 000,286,720 | ---- | C] () -- G:\WINDOWS\System32\nvnt4cpl.dll

========== LOP Check ==========

[2010/05/24 12:03:36 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Ableton
[2010/05/24 22:51:10 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Audio Ease
[2010/07/21 14:13:42 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\avg9
[2010/05/26 12:29:24 | 000,000,000 | -H-D | M] -- G:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/31 19:53:33 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2010/07/27 12:07:07 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\KORG
[2010/06/01 10:01:11 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/08/27 21:45:08 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010/07/29 11:59:59 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/01 10:01:09 | 000,000,000 | -H-D | M] -- G:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2010/05/24 12:52:01 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/13 15:33:52 | 000,000,000 | -H-D | M] -- G:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2010/05/25 10:49:23 | 000,000,000 | ---D | M] -- G:\Documents and Settings\All Users\Application Data\{A518DCBE-06AD-461B-8F2E-C53AA3525C15}
[2010/08/05 13:24:21 | 000,000,000 | -H-D | M] -- G:\Documents and Settings\All Users\Application Data\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2010/06/01 10:01:54 | 000,000,000 | -H-D | M] -- G:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2010/06/25 12:30:17 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Ableton
[2010/08/28 07:22:09 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Atydmi
[2010/05/24 22:51:08 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Audio Ease
[2010/08/28 11:02:31 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Biubti
[2010/06/30 14:15:00 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Cycling '74
[2010/07/30 16:01:19 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\dBpoweramp
[2010/08/28 11:47:03 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Dropbox
[2010/08/20 10:45:23 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\fltk.org
[2010/07/27 12:07:26 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\KORG
[2010/08/27 10:58:21 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Kyfo
[2010/08/27 01:12:14 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Royz
[2010/08/28 09:48:37 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Spyware Terminator
[2010/08/26 01:02:28 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\uTorrent
[2010/06/01 10:23:13 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Waves Audio
[2010/06/01 10:29:17 | 000,000,000 | ---D | M] -- G:\Documents and Settings\Crizzle\Application Data\Waves Preferences
[2010/08/27 18:24:05 | 000,000,458 | ---- | M] () -- G:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/28 11:46:32 | 000,000,260 | ---- | M] () -- G:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/28 11:45:52 | 2145,386,496 | -HS- | M] () -- G:\pagefile.sys
[2010/08/27 11:27:32 | 000,002,219 | ---- | M] () -- G:\rapport.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/05/21 12:52:00 | 000,000,067 | -HS- | M] () -- G:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/05/07 12:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- G:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7J.DLL
[2005/05/07 12:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- G:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7J.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/05/21 13:39:43 | 000,094,208 | ---- | M] () -- G:\WINDOWS\system32\config\default.sav
[2010/05/21 13:39:43 | 001,089,536 | ---- | M] () -- G:\WINDOWS\system32\config\software.sav
[2010/05/21 13:39:43 | 000,954,368 | ---- | M] () -- G:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/05/21 12:52:25 | 000,000,294 | -HS- | M] () -- G:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/21 12:59:06 | 000,000,119 | -HS- | M] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/05/21 12:59:05 | 000,000,079 | ---- | M] () -- G:\Documents and Settings\Crizzle\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2009/04/24 23:15:58 | 001,823,744 | ---- | M] () -- G:\Documents and Settings\Crizzle\Desktop\paulstretch.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >
[2010/08/27 10:46:55 | 000,000,016 | ---- | M] () -- G:\Program Files\Internet Explorer\dmlconf.dat

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/21 12:59:05 | 000,000,122 | -HS- | M] () -- G:\Documents and Settings\Crizzle\Favorites\Desktop.ini

< %systemroot%\System32\Wbem\*.exe >
[2008/04/14 05:42:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\wbem\mofcomp.exe
[2008/04/14 05:42:36 | 000,036,352 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\wbem\scrcons.exe
[2001/08/23 12:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\wbem\unsecapp.exe
[2008/04/14 05:42:40 | 000,116,224 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\wbem\wbemtest.exe
[2001/08/23 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\wbem\winmgmt.exe
[2008/04/14 05:42:42 | 000,196,608 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\wbem\wmiadap.exe
[2008/04/14 05:42:42 | 000,126,464 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\wbem\wmiapsrv.exe
[2008/04/14 05:42:42 | 000,358,912 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\wbem\wmic.exe
[2009/02/06 11:10:02 | 000,227,840 | ---- | M] (Microsoft Corporation) -- G:\WINDOWS\system32\wbem\wmiprvse.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"AutoInstallMinorUpdates" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-13 00:02:03

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> G:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 28 August 2010 - 05:33 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
i'd find your windows cd

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#3
Crizzle
Posted 30 August 2010 - 03:19 AM

Crizzle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,

Thanks for reply. I ran TFC again last night and after it shut the computer down to reboot, windows wouldn't restart. I've tried running it in safe mode but I get the same result which is just a blank screen. I suspect what has happened is that Antivir has quarantined either one or several files that are needed for start up as it seemed to have started quarantining .dll files. On a side note I clicked on the Kaspersky link for the online scan before I ran TFC to have a look and the online Kaspersky scan told me that my computer did not meet the system requirements for a scan - I've been running XP Pro SP3 on a quadcore machine.

This all really doesn't sound too promising. I have my Windows CD and I have a recent back up of my main data which I keep on an external hard drive which hasn't been attached to the computer since it picked up this infection. Is there anything I can try before having to resort to reinstalling windows? Despite the main back up, it would still cause quite a bit of data loss however, the main concern is the amount of time that it will take to get everything up and running again as I'm a musician and I run a lot of software that's very time consuming to install. I'm also concerned that I'll loose the large number of files that have been quarantined by Antivir or that even with a clean install of windows, the infections will still be out there on some of my storage - I have about 3 terabytes attached to the computer.

Any help would is hugely appreciated.

Thanks so much,

Nic
  • 0

#4
Rorschach112
Posted 30 August 2010 - 05:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yeah


Boot from the Windows XP installation CD.

At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".

When you are asked for the Administrator password, leave it blank and press "Enter".

At the command prompt, type chkdsk /r and press "Enter". (Note the space before /r) The disk check operation will start.

This will be a very thorough check of the hard drive and the file system...be patient and let it complete. It may appear to hang or even back up a few times...this is normal. 60 to 90 minutes is not unusual for this check...it may take longer in some cases.

Once the check completes and you are back at the command prompt, type exit and press "Enter". Let your computer boot normally to Windows.



place the windows cd in your CD ROM drive and follow the instructions below:
  • Click on Start and select Run... type sfc /scannow (note the space) (Let this run undisturbed until the window with the blue progress bar goes away)

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.
  • 0

#5
Crizzle
Posted 31 August 2010 - 11:14 AM

Crizzle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello,



Thanks for the reply. I found my windows CD, entered Recovery Console and did the chkdsk /r. This all seemed to go fine and at the end once completed I exited and tried to boot windows however when it tried to boot windows - the screen remained blank at the point at which the normal windows loading screen comes up. I tried the this several times and even tried leaving it for some time to see if it was just being very slow but to no avail.

So, I installed a fresh version of XP on a separate partition and followed the instructions above... ran TFC, Anti-Malware and then the Kaspersky online scanner. The online scanner is still running - 9 hours in and only 27% done but it has located 1 Threat and 3 Infected objects. I also installed Avira again - which slightly worryingly has once again started to flash up with lots of warnings about the same viruses. I'll post the Kaspersky report once it's done but at this rate it's going to take another 21 hours or so.

Is there anything else I should be doing / trying?

Thanks so much.

Nic
  • 0

#6
Rorschach112
Posted 31 August 2010 - 11:37 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
no I just need to see those scan results

you may have to format your PC though
  • 0

#7
Crizzle
Posted 01 September 2010 - 02:40 AM

Crizzle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello,

The Kaspersky online scan completed. I've attached the report. It came up with no mentions of the pedalac.a virus or the Rce.Gen virus but found multiple entries of Trojan.Win32.Patched.ki. I've read that this is often a false positive.

During the Kaspersky scan yesterday Avira found another 67 objects. Mostly Pedalac.A and Rce.Gen, but also an instance of both TR/Crypt.XPACK.Gen Trojan and TR/Renaz,13280, and two instances of TR/Crypt.XPACK.Gen Trojan HTML script virus. The other slightly worrying thing is that Avira has briefly turned itself off a few times.

Thanks,

Nic

Attached Files


Edited by Crizzle, 01 September 2010 - 02:41 AM.

  • 0

#8
Rorschach112
Posted 01 September 2010 - 06:41 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.
  • Backup all your documents and important items only.
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe, .pdf, .jpg, .doc or .scr files
  • Reformat and Reinstall as outlined HERE


I suggest you do the following immediately:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

  • 0

#9
Crizzle
Posted 01 September 2010 - 08:39 AM

Crizzle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,

Thanks for getting back to me. Missions! I have 2 internal hard drives that have had software installed on them and two external drives attached to the computer. I have a back up of my major work off the computer on an additional external hard drive that hadn't been attached to the computer for a few days before my computer got infected so that should be fine however my main daily backup is on the second internal hard drive. I mainly want to save photos and music. If I get rid of all .rar and .exe files etc from these and move all the music etc to an external drive, will I still need to reformat that drive or might I be able save the data on it. I have about 3 terabites of data on my computer of which I'd like to loose as little as possible!

In the above post you said the following:

DO NOT backup any executable files (,exe .scr .html or .htm)
Do Not back up compressed files (zip/cab/rar) files that may contain .exe, .pdf, .jpg, .doc or .scr files

Does this mean that I can't backup standard jpg files that aren't compressed?

Thanks,

Nic
  • 0

#10
Rorschach112
Posted 01 September 2010 - 09:09 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
non compressed jpg files should be fine

what you can do is backup the files as long as they are not on the list above, then scan the external hard drive with kaspersky. if anything is infected, then do the backup again without the infected files
  • 0

#11
Crizzle
Posted 01 September 2010 - 09:21 AM

Crizzle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Great. Thanks. I'll try that.

I've also just had another terabyte internal hard drive delivered today. If I format that and put non infected files onto it ie no (,exe .scr .html or .htm) files. Should that be ok too? I can then just reformat the other drives with windows on (I now have two windows installations - one working and one not).

Thanks again.

Nic
  • 0

#12
Rorschach112
Posted 01 September 2010 - 09:49 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes that should be fine
  • 0

#13
Crizzle
Posted 02 September 2010 - 06:59 AM

Crizzle

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,

I'm busy backing up. Quick question, do I have to reformat all drives that have had exe .scr .html or .htm files on them or can I just delete those files from them. I will be reformatting my windows drive for sure.

Thanks so much.

Nic
  • 0

#14
Rorschach112
Posted 02 September 2010 - 08:33 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
scan any extra drives you have with kaspersky, if it doesn't find anything then you don't need to do anything for them
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP