Win32:Ertfor-C and others?

View previous topic View next topic Go down

Win32:Ertfor-C and others?

Post by Arashmickey on Tue 21 Jun 2011, 5:56 am

Hi all. My laptop is in a bad state so I looked up ole' hijackthis, found your site instead! You guys really took it to the next level! I hope you can spare me a reformat

I first noticed the problem when I saw a process described as "Systray .exe stub" and I messed around just a little trying to get rid of it. Hopefully I didn't cause any damage before I found this site.

I followed your posting instructions. Below is my otl.txt and below that again my aswmbr.txt.

Many thanks in advance!



OTL logfile created on: 20-6-2011 20:30:51 - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = D:\~Arashmickey\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,24% Memory free
8,19 Gb Paging File | 6,93 Gb Available in Paging File | 84,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 82,42 Gb Total Space | 5,19 Gb Free Space | 6,30% Space Free | Partition Type: NTFS
Drive D: | 51,94 Gb Total Space | 4,51 Gb Free Space | 8,68% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 5,92 Gb Free Space | 40,45% Space Free | Partition Type: NTFS
Drive F: | 661,18 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PCARASHMICKEY | User Name: arashmickey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-06-20 18:10:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- D:\~Arashmickey\Desktop\OTL.exe
PRC - [2011-06-20 10:37:51 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\ARASHM~1\AppData\Local\Temp\6OcCF01.exe
PRC - [2008-06-15 13:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008-06-15 13:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008-01-21 04:49:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe


========== Modules (SafeList) ==========

MOD - [2011-06-20 18:10:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- D:\~Arashmickey\Desktop\OTL.exe
MOD - [2008-01-21 04:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009-06-14 23:12:12 | 000,203,264 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-03-31 17:00:18 | 000,268,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009-03-31 17:00:02 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008-12-21 20:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008-01-21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006-11-02 13:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008-07-27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-06-15 13:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008-01-21 04:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008-01-21 04:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-09-07 19:08:28 | 000,027,200 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwleaf.sys -- (Fwleaf)
DRV:64bit: - [2010-08-11 01:56:48 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\leafnets.sys -- (leafnets)
DRV:64bit: - [2010-07-29 00:25:16 | 000,029,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ivusb.sys -- (ivusb)
DRV:64bit: - [2009-11-21 18:17:22 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-10-22 13:54:24 | 000,040,464 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\44032132.sys -- (44032132)
DRV:64bit: - [2009-10-09 23:30:56 | 000,352,784 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\4403213.sys -- (setup_9.0.0.722_20.06.2011_10-58drv)
DRV:64bit: - [2009-09-25 17:59:46 | 000,157,712 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\44032131.sys -- (44032131)
DRV:64bit: - [2009-06-14 23:48:02 | 006,031,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009-06-14 23:48:02 | 006,031,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009-03-31 18:53:54 | 000,069,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009-03-31 17:00:28 | 000,477,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009-03-31 16:19:00 | 000,225,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008-12-21 20:34:48 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008-12-16 18:56:52 | 001,526,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008-08-31 20:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008-06-15 00:12:08 | 000,395,800 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008-01-21 04:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Stuurprogramma voor Intel(R)
DRV:64bit: - [2008-01-21 04:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008-01-21 04:46:52 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2007-02-18 00:22:48 | 000,296,816 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vmm.sys -- (vmm)
DRV:64bit: - [2007-01-29 06:20:34 | 000,079,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006-09-18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2011-02-03 14:27:49 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.6.2011020301
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.20.00

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\internet\Mozilla Firefox\components [2010-07-04 06:46:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\internet\Mozilla Firefox\plugins [2010-03-14 04:01:40 | 000,000,000 | ---D | M]

[2009-09-30 20:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arashmickey\AppData\Roaming\mozilla\Extensions
[2011-06-20 09:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arashmickey\AppData\Roaming\mozilla\Firefox\Profiles\tf1eu0ei.default\extensions
[2009-12-10 15:47:51 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\arashmickey\AppData\Roaming\mozilla\Firefox\Profiles\tf1eu0ei.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009-09-30 20:10:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\arashmickey\AppData\Roaming\mozilla\Firefox\Profiles\tf1eu0ei.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011-03-24 05:40:37 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\arashmickey\AppData\Roaming\mozilla\Firefox\Profiles\tf1eu0ei.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2009-12-10 15:47:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\arashmickey\AppData\Roaming\mozilla\Firefox\Profiles\tf1eu0ei.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011-04-17 19:12:27 | 000,000,000 | ---D | M] (Perapera-kun: Popup Japanese, Chinese, and Korean Translator) -- C:\Users\arashmickey\AppData\Roaming\mozilla\Firefox\Profiles\tf1eu0ei.default\extensions\chineseperakun@gmail.com
[2011-03-24 05:41:33 | 000,000,000 | ---D | M] ("Multiple Tab Handler") -- C:\Users\arashmickey\AppData\Roaming\mozilla\Firefox\Profiles\tf1eu0ei.default\extensions\multipletab@piro.sakura.ne.jp
[2011-04-17 19:14:10 | 000,000,000 | ---D | M] (Chinese-English Dictionary for Perapera-kun) -- C:\Users\arashmickey\AppData\Roaming\mozilla\Firefox\Profiles\tf1eu0ei.default\extensions\peraperakun-chinese@gmail.com
[2011-06-20 09:48:11 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\arashmickey\AppData\Roaming\mozilla\Firefox\Profiles\tf1eu0ei.default\extensions\plugin@yontoo.com

O1 HOSTS File: ([2006-09-18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (C:\Windows\SysWow64\id13bv9z6.dll) - {D2A123C3-A500-90BD-A820-04B53A2C8952} - File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LvMZPiejlof] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [LvMZPiejlof] File not found
O4 - HKCU..\Run: [Quqgqw] C:\Users\arashmickey\AppData\Roaming\Quqgqw.exe ()
O4 - HKCU..\Run: [Snapiroq] C:\Users\arashmickey\AppData\Local\eapiupit.dll (FileZilla Project)
O4 - HKCU..\Run: [VirtualBrowseAloud] File not found
O4 - Startup: C:\Users\arashmickey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows\Startup\setup_9.0.0.722_20.06.2011_10-58.lnk = D:\~Arashmickey\Desktop\Virus Removal Tool\setup_9.0.0.722_20.06.2011_10-58\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002-03-26 03:03:42 | 000,024,576 | R--- | M] () - F:\AutoRunMorrowind.exe -- [ CDFS ]
O32 - AutoRun File - [2002-04-04 03:12:04 | 000,000,150 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{900b806d-d6b9-11de-a1ff-00256453d695}\Shell - "" = AutoRun
O33 - MountPoints2\{900b806d-d6b9-11de-a1ff-00256453d695}\Shell\AutoRun\command - "" = G:\aowSMInstaller.exe
O33 - MountPoints2\{ada93fa7-c4a8-11df-a273-00256453d695}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{ada93fa7-c4a8-11df-a273-00256453d695}\Shell\Install\command - "" = H:\Setup.exe
O33 - MountPoints2\{b9a9acbe-de50-11de-9159-00256453d695}\Shell\AutoRun\command - "" = H:\15977231.EXE
O33 - MountPoints2\{b9a9acc3-de50-11de-9159-00256453d695}\Shell - "" = AutoRun
O33 - MountPoints2\{b9a9acc3-de50-11de-9159-00256453d695}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{e5c96ba4-aa03-11de-b369-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e5c96ba4-aa03-11de-b369-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRunMorrowind.exe -- [2002-03-26 03:03:42 | 000,024,576 | R--- | M] ()
O33 - MountPoints2\{e5c96ba4-aa03-11de-b369-806e6f6e6963}\Shell\install\command - "" = F:\Setup.exe -- [2001-09-05 11:23:24 | 000,056,320 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {78310121-036D-427A-9FAA-A9D8135E5F8F} - .NET Framework
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: VIDC.CSCD - camcodec.dll ()
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-06-20 20:04:34 | 001,904,128 | ---- | C] (AVAST Software) -- D:\~Arashmickey\Desktop\aswMBR.exe
[2011-06-20 18:10:18 | 000,579,072 | ---- | C] (OldTimer Tools) -- D:\~Arashmickey\Desktop\OTL.exe
[2011-06-20 10:26:33 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011-06-20 10:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011-06-20 09:59:51 | 000,000,000 | ---D | C] -- D:\~Arashmickey\Desktop\Virus Removal Tool
[2011-06-20 09:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011-06-20 09:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PageRage
[2011-06-20 09:47:47 | 000,000,000 | ---D | C] -- C:\Users\arashmickey\AppData\Local\NVIDIA Corporation
[2011-06-18 05:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011-06-07 21:59:16 | 000,000,000 | ---D | C] -- C:\Users\arashmickey\AppData\Roaming\IDM
[2011-06-04 23:41:43 | 000,000,000 | ---D | C] -- C:\Age of Wonders Shadow Magic(0)
[2011-06-02 16:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave New World v3.0 Beta
[2011-06-02 13:54:42 | 000,000,000 | ---D | C] -- C:\Age of Wonders Shadow Magic
[2011-06-02 04:46:21 | 000,000,000 | ---D | C] -- D:\~Arashmickey\Desktop\forge 05312011
[2008-01-21 04:49:14 | 000,096,256 | ---- | C] (FileZilla Project) -- C:\Users\arashmickey\AppData\Local\eapiupit.dll

========== Files - Modified Within 30 Days ==========

[2011-06-20 20:04:49 | 001,904,128 | ---- | M] (AVAST Software) -- D:\~Arashmickey\Desktop\aswMBR.exe
[2011-06-20 18:37:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-20 18:37:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-20 18:10:20 | 000,579,072 | ---- | M] (OldTimer Tools) -- D:\~Arashmickey\Desktop\OTL.exe
[2011-06-20 10:41:58 | 000,727,080 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2011-06-20 10:41:57 | 001,614,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-06-20 10:41:57 | 000,650,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-06-20 10:41:57 | 000,154,908 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2011-06-20 10:41:57 | 000,125,212 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-06-20 10:37:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-20 10:36:04 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2011-06-20 10:25:49 | 000,000,036 | ---- | M] () -- C:\Users\arashmickey\AppData\Local\housecall.guid.cache
[2011-06-20 10:00:34 | 000,001,373 | ---- | M] () -- C:\Users\arashmickey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows\Startup\setup_9.0.0.722_20.06.2011_10-58.lnk
[2011-06-20 09:47:49 | 000,100,252 | -H-- | M] () -- C:\Windows\avp32.exe
[2011-06-20 09:47:47 | 000,152,064 | ---- | M] () -- C:\Users\arashmickey\AppData\Roaming\Quqgqw.exe
[2011-06-18 05:40:45 | 000,001,468 | ---- | M] () -- C:\Users\Public\Desktop\BattleForgeÖ.lnk
[2011-06-14 00:40:45 | 007,012,659 | ---- | M] () -- D:\~Arashmickey\Desktop\the-free-out-mayday-2011.pdf
[2011-06-13 10:59:21 | 023,838,594 | ---- | M] () -- D:\~Arashmickey\Desktop\The Handbook of Human Ownership - A Manual for New Tax Farmers Captions.mp3
[2011-06-05 09:26:47 | 001,218,812 | ---- | M] () -- D:\~Arashmickey\Desktop\Healing_Our_World.pdf
[2011-06-05 05:38:14 | 000,000,599 | ---- | M] () -- D:\~Arashmickey\Desktop\Dwigmod5.0.lnk
[2011-06-02 16:26:54 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011-05-30 17:28:07 | 002,181,779 | ---- | M] () -- D:\~Arashmickey\Desktop\roads_web.pdf

========== Files Created - No Company Name ==========

[2011-06-20 10:34:50 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2011-06-20 10:25:49 | 000,000,036 | ---- | C] () -- C:\Users\arashmickey\AppData\Local\housecall.guid.cache
[2011-06-20 10:00:34 | 000,001,373 | ---- | C] () -- C:\Users\arashmickey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows\Startup\setup_9.0.0.722_20.06.2011_10-58.lnk
[2011-06-20 09:59:51 | 000,352,784 | ---- | C] () -- C:\Windows\SysNative\drivers\4403213.sys
[2011-06-20 09:59:51 | 000,157,712 | ---- | C] () -- C:\Windows\SysNative\drivers\44032131.sys
[2011-06-20 09:59:51 | 000,040,464 | ---- | C] () -- C:\Windows\SysNative\drivers\44032132.sys
[2011-06-20 09:47:50 | 000,152,064 | ---- | C] () -- C:\Users\arashmickey\AppData\Roaming\Quqgqw.exe
[2011-06-20 09:47:49 | 000,100,252 | -H-- | C] () -- C:\Windows\avp32.exe
[2011-06-18 05:40:45 | 000,001,468 | ---- | C] () -- C:\Users\Public\Desktop\BattleForgeÖ.lnk
[2011-06-14 00:40:45 | 007,012,659 | ---- | C] () -- D:\~Arashmickey\Desktop\the-free-out-mayday-2011.pdf
[2011-06-13 10:58:53 | 023,838,594 | ---- | C] () -- D:\~Arashmickey\Desktop\The Handbook of Human Ownership - A Manual for New Tax Farmers Captions.mp3
[2011-06-05 09:26:45 | 001,218,812 | ---- | C] () -- D:\~Arashmickey\Desktop\Healing_Our_World.pdf
[2011-06-05 05:38:14 | 000,000,599 | ---- | C] () -- D:\~Arashmickey\Desktop\Dwigmod5.0.lnk
[2011-06-02 16:26:54 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011-05-30 17:28:07 | 002,181,779 | ---- | C] () -- D:\~Arashmickey\Desktop\roads_web.pdf
[2011-04-17 02:53:11 | 001,585,964 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-02-03 13:24:56 | 000,000,981 | ---- | C] () -- C:\Windows\eReg.dat
[2010-11-17 03:28:28 | 002,059,264 | ---- | C] () -- C:\Windows\setup_rangers_2.exe
[2010-04-17 17:26:39 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2010-04-17 17:26:39 | 000,004,038 | ---- | C] () -- C:\Windows\unins000.dat
[2010-02-27 23:48:42 | 000,000,223 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010-02-04 21:20:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-02-04 21:20:38 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-02-04 21:20:38 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010-02-04 21:20:37 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009-11-07 18:54:24 | 000,000,632 | ---- | C] () -- C:\Windows\Sfc3ng.INI
[2009-10-26 00:40:17 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009-10-06 22:06:20 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009-10-04 20:09:46 | 000,033,838 | ---- | C] () -- C:\Users\arashmickey\AppData\Roaming\wklnhst.dat
[2009-09-30 19:52:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009-09-30 16:36:51 | 000,000,203 | ---- | C] () -- C:\Windows\WININIT.INI
[2009-09-26 02:01:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009-05-02 06:13:25 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009-05-02 06:13:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008-01-21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008-01-21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006-11-02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006-11-02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006-11-02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006-11-02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002-09-18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2006-11-02 09:29:16 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\stdole2.tlb

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011-03-23 00:52:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010-12-23 00:56:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AIWar
[2009-09-26 02:23:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010-12-13 18:27:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cinemaware
[2009-09-26 02:16:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2011-02-01 14:22:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2009-09-30 16:30:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2009-09-30 16:17:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2010-11-14 23:29:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2011-02-28 00:10:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA Games
[2011-02-05 19:18:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Flv Audio Video Extractor
[2010-12-13 17:54:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Games
[2011-03-19 21:22:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GOG.com
[2011-04-22 21:37:43 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2009-09-26 02:18:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011-06-07 21:59:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\internet
[2009-09-30 17:57:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009-09-26 02:15:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010-07-20 17:42:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LucasArts
[2009-09-26 02:31:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010-05-10 18:37:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Compatibility Toolkit 5
[2009-09-26 02:25:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010-08-17 07:53:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010-06-25 08:43:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Virtual PC
[2009-09-26 02:25:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011-02-01 14:50:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2011-04-17 02:50:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2006-11-02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009-10-01 02:35:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011-03-13 02:59:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Software
[2011-03-13 02:59:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Swift Sound
[2011-06-20 09:48:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PageRage
[2011-04-22 20:39:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2006-11-02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010-10-26 22:15:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ReflexiveArcade
[2009-11-17 08:02:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RelevantKnowledge
[2010-08-06 09:48:41 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010-09-19 16:40:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SoftLogica
[2011-03-24 19:26:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\software
[2011-05-30 18:32:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010-07-05 05:16:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro
[2006-11-02 17:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2008-01-21 05:09:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2008-01-21 05:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration
[2008-01-21 05:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2009-09-30 17:57:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2009-09-30 17:57:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006-11-02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2008-01-21 05:09:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2008-01-21 05:09:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar


< MD5 for: AGP440.SYS >
[2008-01-21 04:46:51 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008-01-21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008-01-21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009-05-02 05:42:09 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009-05-02 05:42:09 | 000,022,584 | ---- | M] () MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys
[2009-05-02 05:42:09 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: DISK.SYS >
[2008-01-21 04:46:53 | 000,068,664 | ---- | M] () MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\SysNative\drivers\disk.sys
[2008-01-21 04:46:53 | 000,068,664 | ---- | M] (Microsoft Corporation) MD5=2DC415FC05FB8A079F896CBBACB19324 -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_55e51d682c89f490\disk.sys

< MD5 for: IASTOR.SYS >
[2008-06-15 00:12:08 | 000,395,800 | ---- | M] (Intel Corporation) MD5=0B6C9C8F2E00E8B61C8379E62A9F921B -- C:\Drivers\storage\R228145\f6flpy64\IaStor.sys
[2008-06-15 13:12:08 | 000,395,800 | ---- | M] (Intel Corporation) MD5=0B6C9C8F2E00E8B61C8379E62A9F921B -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008-06-15 00:12:08 | 000,395,800 | ---- | M] () MD5=0B6C9C8F2E00E8B61C8379E62A9F921B -- C:\Windows\SysNative\drivers\iaStor.sys
[2008-06-15 13:11:58 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008-01-21 04:51:03 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008-01-21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2008-01-21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008-01-21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008-01-21 04:46:54 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008-01-21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\internet\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010-03-14 04:01:37 | 000,552,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\internet\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010-03-14 04:01:37 | 000,552,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\internet\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010-03-14 04:01:37 | 000,552,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\internet\Mozilla Firefox\firefox.exe [2010-03-14 04:01:31 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\internet\Mozilla Firefox\firefox.exe" -preferences [2010-03-14 04:01:31 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\internet\Mozilla Firefox\firefox.exe" -safe-mode [2010-03-14 04:01:31 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2008-01-21 04:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2008-01-21 04:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2008-01-21 04:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2009-07-18 23:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2008-01-21 04:48:18 | 000,084,992 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2008-01-21 04:48:18 | 000,084,992 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2008-01-21 04:48:18 | 000,084,992 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2009-07-18 23:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation)

< End of report >








aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-20 20:38:37
-----------------------------
20:38:37.105 OS Version: Windows x64 6.0.6001 Service Pack 1
20:38:37.105 Number of processors: 2 586 0x170A
20:38:37.105 ComputerName: PCARASHMICKEY UserName: arashmickey
20:38:37.713 Initialize success
20:39:49.208 AVAST engine defs: 11061901
20:39:59.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:39:59.910 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
20:39:59.910 Disk 0 MBR read error 0
20:39:59.925 Disk 0 MBR scan
20:39:59.925 Disk 0 unknown MBR code
20:39:59.925 MBR BIOS signature not found 0
20:39:59.925 Service scanning
20:40:01.376 Disk 0 trace - called modules:
20:40:01.423 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys spdc.sys hal.dll
20:40:01.439 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e2b250]
20:40:01.439 3 CLASSPNP.SYS[fffffa60007b8b3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004604050]
20:40:02.406 AVAST engine scan C:\Windows
20:41:54.227 File: C:\Windows\avp32.exe **INFECTED** Win32:Ertfor-C [Trj]
20:46:55.915 Disk 0 MBR fix error
20:47:03.153 Disk 0 MBR has been saved successfully to "D:\~Arashmickey\Desktop\MBR.dat"
20:47:03.185 The log file has been saved successfully to "D:\~Arashmickey\Desktop\aswMBR.txt"



Arashmickey

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-06-21
Operating System : vista home premium sp1

View user profile

Back to top Go down

Re: Win32:Ertfor-C and others?

Post by Pancake on Tue 21 Jun 2011, 9:40 am

Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper













Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Win32:Ertfor-C and others?

Post by Arashmickey on Tue 21 Jun 2011, 1:50 pm

Thank you very, very much, pancake! Help yourself to some strawberries and maple syrup I would say ;)

I followed your instructions, with one little exception: after running malwarebyte anti-malware, and after it restarted my computer, on impulse I decided to do another quick scan with it. This time it only found 1 infection and didn't ask me to restart, after which I ran combofix. I just hope that extra step doesn't cause any additional problems.

So below are two logs from mbam and one from combofix.

PS i just noticed I installed the dutch-language version. I'm very sorry if it's any trouble.

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Databaseversie: 6906

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21-6-2011 4:05:20
mbam-log-2011-06-21 (04-05-20).txt

Scantype: Snelle scan
Objecten gescand: 160742
Verstreken tijd: 2 minuut/minuten, 43 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 8
Registerwaarden ge´nfecteerd: 6
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 2
Bestanden ge´nfecteerd: 3

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\YontooIEClient.Layers.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\YontooIEClient.Layers (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Agent) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Snapiroq (Trojan.Agent.U) -> Value: Snapiroq -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvMZPiejlof (Trojan.Downloader.Gen) -> Value: LvMZPiejlof -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvMZPiejlof (Trojan.Downloader.Gen) -> Value: LvMZPiejlof -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
c:\program files (x86)\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
c:\recycle.bin (Trojan.Spyeyes) -> Delete on reboot.

Bestanden ge´nfecteerd:
c:\program files (x86)\PageRage\yontooieclient.dll (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows\avp32.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\recycle.bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.











Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Databaseversie: 6906

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21-6-2011 4:12:25
mbam-log-2011-06-21 (04-12-25).txt

Scantype: Snelle scan
Objecten gescand: 160564
Verstreken tijd: 3 minuut/minuten, 1 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 0
Registerwaarden ge´nfecteerd: 1
Registerdata ge´nfecteerd: 0
Mappen ge´nfecteerd: 0
Bestanden ge´nfecteerd: 0

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2W6JUGZDUYVV4Y9GOQ (Trojan.SpyEyes) -> Value: 2W6JUGZDUYVV4Y9GOQ -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)













ComboFix 11-06-19.0r1 - arashmickey 21-06-2011 4:20.1.2 - x64
Microsoft« Windows VistaÖ Home Premium 6.0.6001.1.1252.44.1043.18.4091.2980 [GMT 2:00]
Running from: d:\~arashmickey\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\arashmickey\AppData\Roaming\FFSJ
c:\users\arashmickey\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\arashmickey\AppData\Roaming\Quqgqw.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RELEVANTKNOWLEDGE
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-21 02:30 . 2011-06-21 02:32 -------- d-----w- c:\users\arashmickey\AppData\Local\temp
2011-06-21 02:30 . 2011-06-21 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-21 01:54 . 2011-06-21 01:54 -------- d-----w- c:\users\arashmickey\AppData\Roaming\Malwarebytes
2011-06-21 01:54 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-21 01:54 . 2011-06-21 01:54 -------- d-----w- c:\programdata\Malwarebytes
2011-06-21 01:54 . 2011-06-21 01:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-21 01:54 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 08:34 . 2011-06-20 08:36 102400 ----a-w- c:\windows\RegBootClean.exe
2011-06-20 08:26 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-06-20 08:00 . 2011-06-21 02:07 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-20 07:48 . 2011-06-21 02:05 -------- d-----w- c:\program files (x86)\PageRage
2011-06-20 07:47 . 2011-06-20 07:47 -------- d-----w- c:\users\arashmickey\AppData\Local\NVIDIA Corporation
2011-06-07 19:59 . 2011-06-07 21:13 -------- d-----w- c:\users\arashmickey\AppData\Roaming\IDM
2011-06-02 14:26 . 2011-06-02 14:26 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2011-06-02 11:54 . 2011-06-08 13:32 -------- d-----w- C:\Age of Wonders Shadow Magic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-13 61440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\arashmickey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows\Startup\
_uninst_setup_9.0.0.722_20.06.2011_10-58.exe.lnk - c:\users\arashmickey\AppData\Local\Temp\_uninst_setup_9.0.0.722_20.06.2011_10-58.exe.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc [x]
S3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [x]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF5167.cfxxe" [X]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-03-26 2115664]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\arashmickey\AppData\Roaming\Mozilla\Firefox\Profiles\tf1eu0ei.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Internet\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Multiple Tab Handler: [You must be registered and logged in to see this link.] - %profile%\extensions\multipletab@piro.sakura.ne.jp
FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Ext: Perapera-kun: Popup Japanese, Chinese, and Korean Translator: [You must be registered and logged in to see this link.] - %profile%\extensions\chineseperakun@gmail.com
FF - Ext: Chinese-English Dictionary for Perapera-kun: [You must be registered and logged in to see this link.] - %profile%\extensions\peraperakun-chinese@gmail.com
FF - Ext: Yontoo Layers: [You must be registered and logged in to see this link.] - %profile%\extensions\plugin@yontoo.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-VirtualBrowseAloud - d:\~arashmickey\Desktop\Browsealoud.exe
Wow6432Node-HKCU-Run-Quqgqw - c:\users\arashmickey\AppData\Roaming\Quqgqw.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - %ProgramFiles(x86)%\IDT\WDM\sttray64.exe
AddRemove-PlugY, The Survival Kit - d:\diablo ii\Mod PlugY\PlugY Uninstaller.exe
AddRemove-Rage of Mages 2 - c:\windows\rm2uinst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3536914536-2107403732-2587805866-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72121FC6-2B6D-970E-BA72-8E07DCC81397}*]
"haoldgpocmlimega"=hex:6a,61,64,69,62,65,6f,62,66,62,67,63,63,6a,63,6a,66,66,
68,70,00,00
"gahkepcmmhocbn"=hex:61,63,64,69,6e,63,6c,64,6a,66,6e,62,67,6b,6f,66,70,64,6f,
6b,6e,61,70,62,65,6d,6d,65,62,66,69,6c,62,70,64,6e,67,68,68,69,6b,62,70,6c,\
"iamlmkoglgogegpgab"=hex:69,61,69,69,6d,63,6b,68,67,70,61,6b,6b,6d,6a,62,61,64,
00,00
.
[HKEY_USERS\S-1-5-21-3536914536-2107403732-2587805866-1000_Classes\Wow6432Node\CLSID\{467aeb81-e97b-40ca-85d0-fa61bed9470e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000080
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,18,3b,e7,00,7d,2d,64,cc,48,fe,5f,4a,3c,ce,\
.
[HKEY_USERS\S-1-5-21-3536914536-2107403732-2587805866-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):63,7c,ce,a0,8d,dc,f5,c8,bb,af,bf,48,f9,9e,21,43,39,1f,6a,13,1d,
a4,8c,74,2e,eb,63,7c,7d,c8,74,f5,15,5f,1c,49,1d,77,50,1b,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2011-06-21 04:36:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-21 02:36
.
Pre-Run: 4.635.312.128 bytes beschikbaar
Post-Run: 4.819.243.008 bytes beschikbaar
.
- - End Of File - - B1D65D9D2045BD4DE0205706D1B9DE0D

Arashmickey

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-06-21
Operating System : vista home premium sp1

View user profile

Back to top Go down

Re: Win32:Ertfor-C and others?

Post by Pancake on Tue 21 Jun 2011, 2:11 pm

Ok.All done.I see no more malware.Log looks good! All those detections are either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.


ComboFix /uninstall






Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================








Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Win32:Ertfor-C and others?

Post by Arashmickey on Wed 22 Jun 2011, 8:38 am

Brilliant! Thanks again man.

I read through the links, ended up keeping malware and replacing the windows stuff with avast and comodo. Not that I worry much about these things, but it didn't even cost me 15 minutes, which I can easily spare

Cheers&beers,
Arash

Arashmickey

Newbie Surfer
Newbie Surfer

Posts : 18
Joined : 2011-06-21
Operating System : vista home premium sp1

View user profile

Back to top Go down

Re: Win32:Ertfor-C and others?

Post by Pancake on Wed 22 Jun 2011, 9:42 am

Ok,Glad to have helped out.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Win32:Ertfor-C and others?

Post by Sponsored content Today at 7:37 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum