Active Google Redirecting Problem

asdfghjkl · 2009/09/09

[Active] Google Redirecting Problem

Hi,
I am using Mozilla Firefox 3.5.2.
Whenever I search on Google and I click ona link, it redirects me.
I read the malware post, so I thought that I should post this DDS post thing.

DDS (Ver_09-07-30.01) - NTFSx86
Run by AznOrigami (Leon) at 8:13:34.25 on Wed 09/09/2009
Internet Explorer: 7.0.6000.16890 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vistaâ„¢ Enterprise 6.0.6000.0.1252.1.1033.18.2039.1071 [GMT -7:00]

AV: avast! antivirus 4.8.1351 [VPS 090908-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1351 [VPS 090908-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Airlink101\Airlink101 Cardbus & PCI Wireless LAN Utility\RtlService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Airlink101\Airlink101 Cardbus & PCI Wireless LAN Utility\RtWlan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SLUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\AznOrigami (Leon)\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-7053377985-3338457542-858984716-1705\rundll32.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
uRun: [oovoo.exe] c:\program files\oovoo\ooVoo.exe /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Airlink101 WLAN Monitor] c:\program files\airlink101\airlink101 wlan monitor\WLANmon.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.167,85.255.112.72
TCP: {7BBC986A-FF5C-4570-8291-A40995DB7590} = 85.255.112.167,85.255.112.72
TCP: {EB85CC65-8DE4-422C-9A5B-31C9FE2F07E5} = 85.255.112.167,85.255.112.72
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\aznori~1\appdata\roaming\mozilla\firefox\profiles\el1mgrhz.default\
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-1 114768]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-8-10 25896]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-1 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-1 53328]
R2 RealtekPCI;RealtekPCI;c:\program files\airlink101\airlink101 cardbus & pci wireless lan utility\RtlService.exe [2009-8-10 36864]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-27 24652]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2006-11-2 1083520]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2006-11-2 361472]

=============== Created Last 30 ================

2009-09-08 22:16 <DIR> --d----- c:\program files\Trend Micro
2009-09-05 15:05 <DIR> --d----- c:\users\aznori~1\appdata\roaming\ooVoo Details
2009-09-05 15:05 <DIR> --d----- c:\programdata\EmailNotifier
2009-09-05 15:05 <DIR> --d----- c:\progra~2\EmailNotifier
2009-09-05 15:05 <DIR> --d----- c:\program files\oovootb
2009-09-05 15:05 <DIR> --d----- c:\program files\ooVoo
2009-09-01 20:33 53,328 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-31 21:13 <DIR> --d----- c:\program files\Canon
2009-08-27 20:08 <DIR> --d----- c:\programdata\Viewpoint
2009-08-27 20:08 <DIR> --d----- c:\progra~2\Viewpoint
2009-08-27 20:08 <DIR> --d----- c:\programdata\acccore
2009-08-27 20:08 <DIR> --d----- c:\program files\Viewpoint
2009-08-27 20:08 <DIR> --d----- c:\progra~2\acccore
2009-08-27 20:08 <DIR> --d----- c:\programdata\AOL OCP
2009-08-27 20:08 <DIR> --d----- c:\programdata\AOL
2009-08-27 20:07 <DIR> --d----- c:\program files\common files\AOL
2009-08-27 20:07 <DIR> --d----- c:\program files\AIM6
2009-08-22 14:36 299,008 a------- c:\windows\system32\TubeFinder.exe
2009-08-22 14:36 364,544 a------- c:\windows\system32\PropertyGrid.ocx
2009-08-22 14:36 208,500 a------- c:\windows\system32\ReyXpBasics.tlb
2009-08-22 14:36 141,312 a------- c:\windows\system32\MSCMCFR.DLL
2009-08-22 14:36 119,568 a------- c:\windows\system32\VB6FR.DLL
2009-08-22 14:36 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-08-22 14:36 84,512 a------- c:\windows\system32\PICCLP32.OCX
2009-08-22 14:36 32,768 a------- c:\windows\system32\CMDLGFR.DLL
2009-08-22 14:36 24,576 a------- c:\windows\system32\ControlSubX.ocx
2009-08-22 14:36 9,728 a------- c:\windows\system32\PCCLPFR.DLL
2009-08-22 14:36 <DIR> --d----- c:\program files\Free FLV Converter
2009-08-22 14:34 <DIR> --d----- c:\program files\DVDVideoSoft
2009-08-22 14:34 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2009-08-22 14:25 <DIR> --d----- c:\program files\vixy.net
2009-08-20 17:32 <DIR> --d-h--- c:\programdata\CanonBJ
2009-08-20 17:31 230,912 a------- c:\windows\system32\CNMLM9H.DLL
2009-08-20 17:31 1,339,392 a------- c:\windows\system32\CNC240C.DLL
2009-08-20 17:31 270,336 a------- c:\windows\system32\CNC240L.DLL
2009-08-20 17:31 188,416 a------- c:\windows\system32\CNC240O.DLL
2009-08-20 17:31 98,304 a------- c:\windows\system32\CNC240I.DLL
2009-08-20 15:40 <DIR> --d----- c:\users\aznorigami (leon)\dwhelper
2009-08-19 17:09 <DIR> --d----- c:\users\aznori~1\appdata\roaming\Nexon
2009-08-19 12:20 <DIR> --d----- c:\program files\Pixelan
2009-08-19 12:19 <DIR> --d----- c:\program files\Sonic Foundry
2009-08-19 10:27 <DIR> --d----- c:\program files\Sun
2009-08-19 10:26 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-19 10:24 <DIR> --d----- c:\users\aznori~1\appdata\roaming\MySQL
2009-08-19 10:21 <DIR> --d----- c:\program files\MySQL
2009-08-15 16:05 32,592 a------- c:\windows\system32\msonpmon.dll
2009-08-15 16:02 <DIR> --d----- c:\windows\PCHEALTH
2009-08-15 15:59 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-08-15 15:58 <DIR> --d----- c:\programdata\Microsoft Help
2009-08-14 16:52 <DIR> --d----- c:\programdata\Adobe
2009-08-14 15:24 <DIR> --d----- c:\programdata\Macromedia
2009-08-14 15:22 <DIR> --d----- c:\program files\Macromedia
2009-08-14 15:22 <DIR> --d----- c:\program files\common files\Macromedia
2009-08-14 15:21 <DIR> --d----- c:\windows\Downloaded Installations
2009-08-14 14:01 719,872 a------- c:\windows\system32\devil.dll
2009-08-14 14:01 318,976 a------- c:\windows\system32\avisynth.dll
2009-08-14 14:01 70,656 a------- c:\windows\system32\yv12vfw.dll
2009-08-14 14:01 70,656 a------- c:\windows\system32\i420vfw.dll
2009-08-14 14:01 27,648 a------- c:\windows\system32\AVSredirect.dll
2009-08-14 14:01 <DIR> --d----- c:\program files\AviSynth 2.5
2009-08-14 13:59 <DIR> --d----- c:\program files\eRightSoft
2009-08-14 12:34 <DIR> --d----- c:\users\aznori~1\appdata\roaming\Any Video Converter
2009-08-12 21:40 <DIR> --d----- C:\divx
2009-08-12 21:28 <DIR> --d----- c:\users\aznori~1\appdata\roaming\VistaCodecs
2009-08-12 21:27 <DIR> --d----- c:\program files\VistaCodecPack
2009-08-12 21:26 <DIR> --d----- c:\programdata\VistaCodecs
2009-08-12 21:26 <DIR> --d----- c:\progra~2\VistaCodecs
2009-08-12 21:05 <DIR> --d----- c:\program files\CCleaner
2009-08-12 20:42 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-08-12 11:48 <DIR> --d----- c:\program files\Magic Bullet Editors 2.0 Vegas
2009-08-12 10:19 <DIR> --d----- c:\programdata\Sony
2009-08-12 09:57 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-08-12 09:57 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-08-12 09:57 24,064 a------- c:\windows\system32\netcfg.exe
2009-08-12 09:57 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-12 09:57 22,016 a------- c:\windows\system32\netiougc.exe
2009-08-12 09:52 <DIR> --d----- c:\users\aznori~1\appdata\roaming\IObit
2009-08-12 09:52 <DIR> --d----- c:\program files\IObit
2009-08-12 09:51 223,232 a------- c:\windows\system32\WMASF.DLL
2009-08-12 09:51 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-08-12 09:51 2,048 a------- c:\windows\system32\asferror.dll
2009-08-12 09:50 72,704 a------- c:\windows\system32\secur32.dll
2009-08-12 09:50 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-08-12 09:50 7,680 a------- c:\windows\system32\lsass.exe
2009-08-12 09:50 25,600 a------- c:\windows\system32\amxread.dll
2009-08-12 09:50 14,848 a------- c:\windows\system32\apilogen.dll
2009-08-12 09:46 223,232 a------- c:\windows\system32\SLC.dll
2009-08-12 09:46 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-08-12 09:46 33,280 a------- c:\windows\system32\slwmi.dll
2009-08-12 09:46 566,784 a------- c:\windows\system32\SLCommDlg.dll
2009-08-12 09:46 351,232 a------- c:\windows\system32\SLUI.exe
2009-08-12 09:46 186,368 a------- c:\windows\system32\SLLUA.exe
2009-08-12 09:46 57,856 a------- c:\windows\system32\SLUINotify.dll
2009-08-12 09:46 2,605,568 a------- c:\windows\system32\SLsvc.exe
2009-08-12 09:46 39,936 a------- c:\windows\system32\slcinst.dll
2009-08-12 09:42 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-08-12 09:42 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2009-08-12 09:42 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-08-11 15:56 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-11 15:49 <DIR> --d----- c:\program files\Sony
2009-08-11 15:18 <DIR> --d----- c:\programdata\eSellerate
2009-08-11 15:18 <DIR> --d----- c:\program files\common files\eSellerate
2009-08-11 15:18 <DIR> --d----- c:\progra~2\eSellerate
2009-08-11 15:17 <DIR> --d----- c:\program files\NewBlue
2009-08-11 15:14 <DIR> --d----- c:\program files\BannedStory
2009-08-11 14:40 <DIR> --d----- c:\users\aznori~1\appdata\roaming\ObviousFX
2009-08-11 14:40 <DIR> --d----- c:\programdata\ObviousFX
2009-08-11 14:40 <DIR> --d----- c:\progra~2\ObviousFX
2009-08-11 14:22 3,272,704 a------- c:\windows\system32\sapphire_ae.dll
2009-08-11 14:22 <DIR> --d----- c:\program files\GenArts
2009-08-11 14:07 90,112 a------- c:\windows\unvise32.exe
2009-08-11 13:46 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-08-11 12:18 <DIR> --d----- c:\programdata\FLEXnet
2009-08-11 11:30 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-08-11 11:30 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-08-11 11:30 348,160 a------- c:\windows\system32\MSVCR71.dll
2009-08-11 11:30 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-08-11 11:30 61,440 a------- c:\windows\system32\winipsec.dll
2009-08-11 11:30 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2009-08-11 11:30 272,896 a------- c:\windows\system32\polstore.dll
2009-08-11 11:30 55,296 a------- c:\users\aznori~1\appdata\roaming\taskeng.exe
2009-08-11 11:29 62,813 a------- c:\program files\Uninstall.exe
2009-08-11 11:27 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-08-11 11:27 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2009-08-11 11:27 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2009-08-11 11:26 205,824 a------- c:\windows\system32\msoeacct.dll
2009-08-11 11:26 87,040 a------- c:\windows\system32\msoert2.dll
2009-08-11 11:26 39,424 a------- c:\windows\system32\ACCTRES.dll
2009-08-11 11:24 194,560 a------- c:\windows\system32\WebClnt.dll
2009-08-11 11:24 110,080 a------- c:\windows\system32\drivers\mrxdav.sys
2009-08-11 11:24 2,028,032 a------- c:\windows\system32\win32k.sys
2009-08-11 11:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-11 11:23 156,160 a------- c:\windows\system32\t2embed.dll
2009-08-11 11:23 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-11 11:23 34,304 a------- c:\windows\system32\atmlib.dll
2009-08-11 11:23 24,064 a------- c:\windows\system32\lpk.dll
2009-08-11 11:23 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-11 11:21 49,664 a------- c:\windows\system32\csrsrv.dll
2009-08-11 11:21 376,320 a------- c:\windows\system32\winsrv.dll
2009-08-11 11:19 376,832 a------- c:\windows\system32\winhttp.dll
2009-08-11 11:18 297,472 a------- c:\windows\system32\gdi32.dll
2009-08-11 11:17 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-08-11 11:17 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-08-11 11:16 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-08-11 11:16 374,456 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-08-11 11:15 500,736 a------- c:\windows\system32\msdtcprx.dll
2009-08-11 11:15 30,208 a------- c:\windows\system32\xolehlp.dll
2009-08-11 11:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-11 11:14 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-11 11:14 1,687,040 a------- c:\windows\system32\gameux.dll
2009-08-11 11:13 303,616 a------- c:\windows\system32\wmpeffects.dll
2009-08-11 11:13 1,194,496 a------- c:\windows\system32\msxml3.dll
2009-08-11 11:13 2,048 a------- c:\windows\system32\msxml3r.dll
2009-08-11 11:12 414,208 a------- c:\windows\system32\msscp.dll
2009-08-11 11:11 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-08-11 11:11 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-08-11 11:11 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-08-11 11:11 86,016 a------- c:\windows\system32\icfupgd.dll
2009-08-11 11:11 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-08-11 11:11 16,896 a------- c:\windows\system32\wfapigp.dll
2009-08-11 11:11 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-08-11 11:11 61,952 a------- c:\windows\system32\cmifw.dll
2009-08-11 11:11 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-08-11 11:11 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-08-11 11:09 2,048 a------- c:\windows\system32\tzres.dll
2009-08-11 11:07 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-08-11 11:07 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-11 11:07 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-11 11:07 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-11 11:04 696,832 a------- c:\windows\system32\localspl.dll
2009-08-11 11:02 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-08-11 11:02 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-08-11 11:02 109,624 a------- c:\windows\system32\drivers\ataport.sys
2009-08-11 11:02 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-08-11 11:02 17,464 a------- c:\windows\system32\drivers\intelide.sys
2009-08-11 11:02 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-08-11 11:02 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-08-11 11:01 2,923,520 a------- c:\windows\explorer.exe
2009-08-11 10:58 25,600 a------- c:\windows\system32\LangCleanupSysprepAction.dll
2009-08-11 10:58 166,912 a------- c:\windows\system32\lpksetup.exe
2009-08-11 10:58 23,552 a------- c:\windows\system32\lpremove.exe
2009-08-11 10:58 10,240 a------- c:\windows\system32\MUILanguageCleanup.dll
2009-08-11 10:58 337,408 a------- c:\windows\system32\intl.cpl
2009-08-11 10:57 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-08-11 10:57 224,768 a------- c:\windows\system32\drivers\usbport.sys
2009-08-11 10:57 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2009-08-11 10:57 23,040 a------- c:\windows\system32\drivers\usbuhci.sys
2009-08-11 10:57 8,704 a------- c:\windows\system32\hcrstco.dll
2009-08-11 10:57 8,704 a------- c:\windows\system32\hccoin.dll
2009-08-11 10:57 192,000 a------- c:\windows\system32\drivers\usbhub.sys
2009-08-11 10:57 73,216 a------- c:\windows\system32\drivers\usbccgp.sys
2009-08-11 10:51 <DIR> --d----- c:\windows\system32\x64
2009-08-11 10:51 920,088 a------- c:\windows\system32\igxpun.exe
2009-08-11 10:51 319,456 a------- c:\windows\system32\difxapi.dll
2009-08-11 10:46 320,000 a------- c:\windows\system32\drivers\csc.sys
2009-08-11 10:45 37,376 a------- c:\windows\system32\printcom.dll
2009-08-11 10:45 441,856 a------- c:\windows\system32\win32spl.dll
2009-08-11 10:45 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-08-11 10:45 14,848 a------- c:\windows\system32\wshrm.dll
2009-08-11 10:44 11,776 a------- c:\windows\system32\sbunattend.exe
2009-08-11 10:44 558,080 a------- c:\windows\system32\oleaut32.dll
2009-08-11 10:44 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-08-11 10:43 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-08-11 10:43 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-08-11 10:43 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-08-11 10:43 269,824 a------- c:\windows\system32\schannel.dll
2009-08-11 10:42 2,855,424 a------- c:\windows\system32\mf.dll
2009-08-11 10:42 98,816 a------- c:\windows\system32\mfps.dll
2009-08-11 10:42 94,720 a------- c:\windows\system32\logagent.exe
2009-08-11 10:42 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-08-11 10:42 24,576 a------- c:\windows\system32\mfpmp.exe
2009-08-11 10:42 2,048 a------- c:\windows\system32\mferror.dll
2009-08-11 10:42 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-08-11 10:42 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-08-11 10:42 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-08-11 10:42 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-08-11 10:42 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-08-11 10:41 737,792 a------- c:\windows\system32\inetcomm.dll
2009-08-11 10:41 84,480 a------- c:\windows\system32\INETRES.dll
2009-08-11 10:41 1,645,568 a------- c:\windows\system32\connect.dll
2009-08-11 10:40 152,576 a------- c:\windows\system32\imagehlp.dll
2009-08-11 10:40 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-08-11 10:40 5,120 a------- c:\windows\system32\wmi.dll
2009-08-11 10:40 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-08-11 10:39 1,327,104 a------- c:\windows\system32\quartz.dll
2009-08-11 10:39 974,336 a------- c:\windows\system32\crypt32.dll
2009-08-11 10:39 99,840 a------- c:\windows\system32\poqexec.exe
2009-08-11 10:37 <DIR> --d----- c:\program files\common files\DivX Shared
2009-08-11 10:37 <DIR> --d----- c:\program files\DivX
2009-08-11 10:34 633,856 a------- c:\windows\system32\user32.dll
2009-08-11 10:33 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-08-11 10:33 2,048 a------- c:\windows\system32\msxml6r.dll
2009-08-11 10:32 750,080 a------- c:\windows\system32\qmgr.dll
2009-08-11 10:28 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-08-10 18:13 <DIR> --d----- c:\program files\uTorrent
2009-08-10 18:13 <DIR> --d----- c:\users\aznori~1\appdata\roaming\uTorrent
2009-08-10 18:02 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-10 18:02 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-10 18:01 <DIR> --d----- c:\program files\iPod
2009-08-10 18:01 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-10 18:01 <DIR> --d----- c:\program files\iTunes
2009-08-10 18:01 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-10 18:00 <DIR> --d----- c:\program files\Bonjour
2009-08-10 17:59 <DIR> --d----- c:\programdata\Apple Computer
2009-08-10 17:57 <DIR> --d----- c:\programdata\Apple
2009-08-10 17:57 <DIR> --d----- c:\programdata\NOS
2009-08-10 17:43 1,136,128 a------- c:\windows\system32\DZAUTH.dll
2009-08-10 17:43 608,448 a------- c:\windows\system32\COMCTL32.OCX
2009-08-10 17:43 224,016 a------- c:\windows\system32\TABCTL32.OCX
2009-08-10 17:43 212,240 a------- c:\windows\system32\RICHTX32.OCX
2009-08-10 17:43 198,640 a------- c:\windows\system32\MCI32.OCX
2009-08-10 17:43 98,304 a------- c:\windows\system32\PRJCHAMELEON.OCX
2009-08-10 17:40 152,848 a------- c:\windows\system32\COMDLG32.OCX
2009-08-10 17:40 132,880 a------- c:\windows\system32\MSINET.OCX
2009-08-10 17:40 108,336 a------- c:\windows\system32\MSWINSCK.OCX
2009-08-10 17:40 73,728 a------- c:\windows\system32\UnZip.dll
2009-08-10 17:40 31,232 a------- c:\windows\system32\zgate.dll
2009-08-10 16:33 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-08-10 16:32 83,456 a------- c:\windows\system32\wudriver.dll
2009-08-10 16:32 162,064 a------- c:\windows\system32\wuwebv.dll
2009-08-10 16:32 31,232 a------- c:\windows\system32\wuapp.exe
2009-08-10 11:55 <DIR> --d----- c:\windows\OPTIONS
2009-08-10 11:55 361,472 -----r-- c:\windows\system\RTL85n86.sys
2009-08-10 11:55 25,896 a------- c:\windows\system32\drivers\RtlProt.sys
2009-08-10 11:55 <DIR> --d----- c:\windows\system32\Airlink101 Cardbus & PCI Wireless Driver and Utility
2009-08-10 11:53 302,080 a------- c:\windows\lwd.exe
2009-08-10 11:53 1,327,189 a------- c:\windows\system32\odSupp_M.dll
2009-08-10 11:53 241,664 a------- c:\windows\system32\wnicapi.dll
2009-08-10 11:53 196,608 a------- c:\windows\system32\WlanApp.dll
2009-08-10 11:53 184,320 a------- c:\windows\system32\aIPH.dll
2009-08-10 11:53 49,152 a------- c:\windows\system32\JJAKEn.dll
2009-08-10 11:53 49,152 a------- c:\windows\system32\AQCKGen.dll
2009-08-10 11:53 675,840 a------- c:\windows\system32\ANIWZCS2.dll
2009-08-10 11:53 45,115 a------- c:\windows\system32\ANICtl.dll
2009-08-10 11:52 48,128 a------- c:\windows\system32\ANIO64.sys
2009-08-10 11:52 36,864 a------- c:\windows\system32\ANIOApi.dll
2009-08-10 11:52 28,195 a------- c:\windows\system32\ANIO.sys
2009-08-10 11:52 16,997 a------- c:\windows\system32\ANIO.VXD
2009-08-10 11:52 11,904 a------- c:\windows\system32\anio4.sys
2009-08-10 11:52 <DIR> --d----- c:\program files\ANI
2009-08-10 11:52 <DIR> --d----- c:\program files\Airlink101

==================== Find3M ====================

2009-08-20 17:33 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-20 17:33 51,200 a------- c:\windows\inf\infpub.dat
2009-08-20 17:33 86,016 a------- c:\windows\inf\infstor.dat
2009-08-12 14:55 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-12 09:50 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-08-11 12:47 174 a--sh--- c:\program files\desktop.ini
2009-08-11 11:25 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2009-08-11 11:25 356,352 a------- c:\windows\system32\wbem\wbemcomn.dll
2009-08-11 11:25 24,064 a------- c:\windows\system32\wtsapi32.dll
2009-08-11 11:25 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-08-11 11:25 542,720 a------- c:\windows\system32\sysmain.dll
2009-08-11 11:25 502,784 a------- c:\windows\system32\wlansvc.dll
2009-08-11 11:25 290,816 a------- c:\windows\system32\wlanmsm.dll
2009-08-11 11:25 67,584 a------- c:\windows\system32\wlanhlp.dll
2009-08-11 11:25 47,104 a------- c:\windows\system32\wlanapi.dll
2009-08-11 11:25 297,984 a------- c:\windows\system32\wlansec.dll
2009-08-11 11:14 2,560 a------- c:\windows\apppatch\AcRes.dll
2009-08-11 11:14 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2009-08-11 11:14 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-11 11:14 537,600 a------- c:\windows\apppatch\AcLayers.dll
2009-08-11 11:14 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-11 10:48 72,704 a------- c:\windows\system32\admparse.dll
2009-08-11 10:48 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-08-11 10:48 827,392 a------- c:\windows\system32\wininet.dll
2009-08-11 10:48 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-11 10:48 48,128 a------- c:\windows\system32\mshtmler.dll
2009-08-11 10:48 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-08-11 10:48 56,320 a------- c:\windows\system32\iesetup.dll
2009-07-06 12:21 1,003,520 a------- c:\windows\system32\VSFilter.dll
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2003-11-03 17:07 499,712 a------- c:\program files\msvcp71.dll
2003-11-03 17:07 348,160 a------- c:\program files\msvcr71.dll
2003-05-30 09:22 344,064 a----r-- c:\program files\msvcr70.dll
2002-01-05 03:40 487,424 a------- c:\program files\msvcp70.dll
2006-05-03 02:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 03:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 05:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 8:14:02.48 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vistaâ„¢ Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 8/7/2009 12:01:37 PM
System Uptime: 9/9/2009 8:01:42 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | $(Model_String)
Processor: Intel(R) Core(TM)2 CPU @ 2.00GHz | CPU 1 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 362 GiB total, 234.793 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.392 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP20: 8/14/2009 4:18:24 PM - Installed
RP21: 8/14/2009 4:19:23 PM - Installed Macromedia Flash 8
RP22: 8/15/2009 11:06:08 AM - Scheduled Checkpoint
RP24: 8/15/2009 3:56:46 PM - Installed Microsoft Office Enterprise 2007
RP25: 8/19/2009 10:20:00 AM - Installed MySQL Server 5.0
RP26: 8/19/2009 10:22:25 AM - Installed MySQL Tools for 5.0
RP27: 8/19/2009 10:23:50 AM - Installed Java(TM) SE Development Kit 6 Update 16
RP28: 8/19/2009 10:26:00 AM - Installed Java(TM) 6 Update 16
RP29: 8/19/2009 12:50:05 PM - Installed MapleStory.
RP30: 8/20/2009 5:22:38 PM - Installed Adobe Reader 9.1.
RP31: 8/20/2009 5:31:47 PM - Device Driver Package Install: Canon Printers
RP32: 8/20/2009 5:32:11 PM - Device Driver Package Install: Canon Imaging devices
RP33: 9/2/2009 4:27:03 PM - Installed Windows Media Player Firefox Plugin
RP34: 9/2/2009 6:33:46 PM - Installed MapleStory.
RP35: 9/3/2009 7:23:58 PM - Removed MapleStory.
RP36: 9/3/2009 7:47:50 PM - Installed MapleStory.
RP38: 9/5/2009 3:04:44 PM - Installed ooVoo

==== Installed Programs ======================

AAC Decoder
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 9.1
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AdobeColorCommonSetRGB
Advanced SystemCare 3
AIM 6
Airlink101 Cardbus & PCI Wireless Driver and Utility
ANIO Service
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
BannedStory 3.0
Bonjour
Canon MP240 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
CCleaner (remove only)
Cycore FX 1.0.1 for After Effects
DebugMode PluginPac (remove only)
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Free FLV Converter V 6.6.4
Free YouTube to Mp3 Converter version 3.2
GenArts Sapphire Plug-ins Version 1.07 for After Effects
H.264 Decoder
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
iTunes
Java DB 10.4.2.1
Java(TM) 6 Update 16
Java(TM) SE Development Kit 6 Update 16
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Magic Bullet Editors 2.0 Vegas
Magic Bullet Suite 2.0
Magic Bullet Suite 2.1
MapleStory
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.23)
MySQL Server 5.0
MySQL Tools for 5.0
NewBlue 3D Explosions for Vegas
NewBlue 3D Transformations for Vegas
NewBlue Art Blends 2.0 for Vegas
NewBlue Art Effects 2.0 for Vegas
NewBlue Film Effects for Vegas
NewBlue Motion Blends 2.0 for Vegas
ooVoo
ooVoo Toolbar (Remove Toolbar Only)
Panopticum NewYearToys 1.1 for Adobe After Effects
Photoshop Camera Raw
Pixel Bender Toolkit
QuickTime
SpiceMASTER 2.5 PRO for Vegas
Suite Shared Configuration CS4
SUPER © Version 2009.bld.36 (June 10, 2009)
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.762
Vegas Pro 9.0
Viewpoint Media Player
Vista Codec Package
vixy converter uninstall
Windows Media Player Firefox Plugin
WinRAR archiver
WLAN Monitor

==== Event Viewer Messages From Past Week ========

9/8/2009 4:12:09 PM, Error: EventLog [6008] - The previous system shutdown at 9:57:40 PM on 9/7/2009 was unexpected.
9/7/2009 3:49:33 PM, Error: EventLog [6008] - The previous system shutdown at 9:28:57 AM on 9/6/2009 was unexpected.
9/4/2009 7:50:46 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\AznOrigami (Leon)\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
9/2/2009 8:26:27 AM, Error: volmgr [46] - Crash dump initialization failed!
9/2/2009 5:03:54 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.
9/2/2009 5:03:53 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

==== End Of File ===========================

I have also used AWC (Advanced System Care Pro) 3.3.4 and I'm using Security Analyzer, and it gave me a report. A lot of Yellow Question marks which mean that they don't know if it trusted or not.
But I found a thing installed called TrustedInstaller.exe....
And I waas thinking like: Wha?
I am using Avast 4.8 Pro.
Avast found a virus on Web Shield, but it still redirects me.
Thank you ahead of time.
Sorry about my first thread.
Thanks Admin!
-AsDfGhJkL

broni · 2009/09/09

Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.

To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

When prompted to run the scan, click Yes.

GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

asdfghjkl · 2009/09/10

Uh. When I use this, it crashes. :[
It said it stopped working

broni · 2009/09/10

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

asdfghjkl · 2009/09/10

I get an error....
CFScript Name Error
Were you trying to run a CFScript?
The name CFS is incorrectly spelled.
And then it closes.
And nothing happens

asdfghjkl · 2009/09/10

Also, the start button doesn't work after I run it

broni · 2009/09/10

Delete your Combofix file.
Get fresh one from HERE.
I renamed it for a reason.

asdfghjkl · 2009/09/14

Thank you but when i run it, it asks me to update it. Sorry I haven't been bumping this, I was busy with my SATS xd
Anyways, it asks to to upgrade and also it still gives me script error. I turned of avast xO

broni · 2009/09/14

Let's try one more time. Delete your current Combofix file.
Get new one from HERE

asdfghjkl · 2009/09/15

After I ran combofix, I got a log. But it was called Bug.txt...
Tell me if this is the one. SORRY IF IT ISN'T

PUSHD "C:\32788R22FWJFW"

SET "Comspec=C:\Windows\system32\cmd.execf"

IF NOT EXIST C:\Windows\system32\cmd.exe GOTO Not_NT

VER 1>OsVer

GREP.cfxxe -F "5.1.2" OsVer 1>XP.mac

IF 1 == 0 GOTO NT

DEL XP.mac

GREP.cfxxe -F "6.0.6" OsVer 1>Vista.mac

IF 0 == 0 GOTO NT

SET "Ver_CF=09-09-11.01"

IF NOT EXIST NircmdB.exe COPY /Y Nircmd.cfxxe NircmdB.exe
1 file(s) copied.

PEV UZIP License\pv_5_2_2.zip .\

MOVE /Y PV.exe PV.cfxxe
1 file(s) moved.

IF NOT EXIST PEV.cfxxe COPY /Y PEV.exe PEV.cfxxe
1 file(s) copied.

GREP.cfxxe -isq "ProductType.*WinNT" WinNT00 || GOTO Not_NT

SED "/^PATH=/I!d; s///; s/\x22//g" Oripath 1>OriPath00

PEV -rtf -s+901 .\OriPath00 && (
SED -r "s/\x22//g; s/(.{900}).*/\1/; s/;[^;]*$//" OriPath00 1>OriPath01
FOR /F "TOKENS=*" %G IN (OriPath01) DO @SET "PATH=C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;%G"
)

IF NOT EXIST OriPath01 FOR /F "TOKENS=*" %G IN (OriPath00) DO SET "PATH=C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;%G"

SET "PATH=C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared"
Killing 'runonce.exe'
Killing 'grpconv.exe'
Killing 'procmon.exe'
Killing 'ANDRE.EXE'
Killing 'TOLO.exe'
Killing 'Merlin.scr'
Killing 'jalang.exe'
Killing 'jalangkung.exe'
Killing 'jantungan.exe'
Killing 'DOSEN.exe'
Killing 'C3W3K4MPUS.exe'
pv: No matching processes found

PEV -rtf --c:##5# .\* and { License.exe or 32788R22FWJFW.exe or OsVer.exe or WinNT.exe or N_.exe } 1>temp00 && (
PV -o%f * 1>temp01
PEV -tf -t!o --files:temp01 --c:##5#b#f# 1>temp02
GREP -Fif temp00 temp02 1>temp03
SED "/.* /!d; s///" temp03 1>temp04
SED ":a; $!N; s/\n/\x22 \x22/; ta; s/.*/\x22&\x22/" temp04 1>temp05
FOR /F "TOKENS=*" %G IN (temp05) DO @NIRCMD KILLPROCESS %G
)
Active code page: 1252
Could Not Find C:\32788R22FWJFW\AbortB

CALL :MDCheck
Could Not Find C:\32788R22FWJFW\md5sum00.pif

PEV -rtf -md5FAD60384256E302DA4C0EC89B5D3C60B .\md5sum.pif || CALL :MDFaiL ChkSum_Fail
.\md5sum.pif

PEV -tf --files:files.pif --c:##5#b#f# 1>mdCheck00.dat

GREP -vs "^!MD5:" mdCheck00.dat 1>mdCheck0a.dat

GREP -Fvf md5sum.pif mdCheck0a.dat 1>mdCheck01.dat && CALL :MDFaiL

GOTO :EOF

=============================================

ALLUSERSPROFILE=C:\ProgramData
cfExt=cfxxe
CFLDR=32788R22FWJFW
Chksum=FAD60384256E302DA4C0EC89B5D3C60B
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
Command switches used=Command switches used
CommonProgramFiles=C:\Program Files\Common Files
Completion time=Completion time
COMPUTERNAME=AZNORIGAMILE-PC
ComSpec=C:\Windows\system32\cmd.execf
Connecting to=Connecting to
Connecting to ComboFix servers=Connecting to ComboFix servers
Cryptography Services Error=Cryptography Services Error
Disclaimer=The following websites are not in any way affiliated to ComboFix:~n~n http://www.combofix.org/~n http://www.combofixdownload.com/~n~nIf you have purchased anything from them, I suggest you instruct your~nfinanciers to cancel the transaction.~n~n ----------------------- -----------------------~n~nA guide on proper ComboFix usage may be found at:~nhttp://www.bleepingcomputer.com/combofix/how-to-use-combofix~n~nComboFix is meant for private use. It should never be used in an~nunsupervised environment. If infections are found, it will automatically~nreboot the machine to complete the removal process. Please ensure all~nopened windows are closed before proceeding.~n~nThis software is provided 'as is', without warranty of any kind. All~nimplied warranties are expressly disclaimed. If you do not agree to the~nabove terms, please click No to exit" "DISCLAIMER OF WARRANTY ON SOFTWARE.
DLLs Loaded Under Running Processes=DLLs Loaded Under Running Processes
Drivers/Services=Drivers/Services
Fail2Delete=failed to delete
File Associations=File Associations
File Replicators=File Replicators
Files Infected - Patched=Files Infected - Patched
FIREFOX POLICIES=FIREFOX POLICIES
FP_NO_HOST_CHECK=NO
hidden files=hidden files
HOMEDRIVE=C:
HOMEPATH=\Users\AznOrigami (Leon)
is infected=is infected
is missing=is missing
KMD=CF19370.exe
LANG_CF=EN
Line1=Please wait.
Line10=ComboFix has detected the presence of rootkit activity and needs to reboot the machine~nKindly note down on paper, the name of each file. We may need it later~n~n%~G" "Rootkit !!
Line10A=ComboFix has detected the presence of rootkit activity and needs to reboot the machine" "Rootkit !!
Line11=Scanning for infected files . . .
Line12=This typically doesn't take more than 10 minutes
Line13=However, scan times for badly infected machines may easily double
Line14=%G ...... driver unloaded successfully.
Line15=Rootkit driver %G is still present. A rootkit scan is required
Line16=ComboFix has changed your clock settings.
Line17=Do not change it back. It shall be restored later
Line18=ComboFix encountered a terminal error!! Please upload this file - C:\ComboFix_error.dat
Line19=to: http://www.bleepingcomputer.com/submit-malware.php?channel=4
Line2=ComboFix is preparing to run.
Line20=Preparing Log Report.
Line21=Do not run any programs until ComboFix has finished
Line22=No new files created in this timespan
Line23=*Note* empty entries ^& legit default entries are not shown
Line24=Contents of the 'Scheduled Tasks' folder
Line25=Almost done . . This window will close in a short while
Line26=Please wait a few seconds for the report log to pop up
Line27=ComboFix's log shall be located at C:\COMBOFIX.TXT
Line28=Rebooting Windows . . . Please wait
Line29=Please allow ComboFix to reboot the machine.
Line3=You need Administrative privileges to run this tool" "Not Admin !!
Line30=Overlay aborted ... Please run ComboFix once more
Line31=Date Error: ~%CurrDate.yyyy-MM-dd%~n~nCheck your settings" "DATE ERROR
Line32=C:\Windows\system32\HAL.DLL is missing !!~n~nIt's IMPORTANT that you DO NOT reboot/shutdown the machine~n~nPost to the forums for immediate help. Do not click OK until further instructed" "CRITICAL WARNING !!
Line33=ComboFix needs to submit malware files for further analysis.~n~nPlease ensure that you're connected to the internet before clicking OK" "Submit Files for further analysis
Line34=Submit malware to Bleeping Computer for analysis.
Line35=Copy/Paste the filepath below into the box above and click Send.
Line36=Infected copy of %~1 was found and disinfected
Line36A=Restored copy from - %~2
Line37=%~1 . . . is infected!!
Line38=((((((((((((((((((((((((( Files Created from %thirty% to %dateX% )))))))))))))))))))))))))))))))
Line39=(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
Line4=C:\Windows\regedit.exe is missing~n~nCopy one from another machine" "Terminal Error - Missing file
Line40=Webserver appears to be temporarily inaccessible.~nFor your convenience, ComboFix created a submissions form located at:~n~n* C:\CF-Submit.htm~n~nPlease use that to manually upload it later. " "Upload Failed!!
Line41=((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
Line42=((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
Line43=Deleting Files:
Line43A=Deleting Folders:
Line44=- REDUCED FUNCTIONALITY MODE -
Line45=SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
Line46=scanning hidden processes ...
Line47=scanning hidden autostart entries ...
Line48=scanning hidden files ...
Line49=-- Snapshot reset to current date --
Line5=Current date is ~%CurrDate.yyyy-MM-dd%. ComboFix has expired~n~nClick 'Yes' to run in REDUCED FUNCTIONALITY mode~n~nClick 'No' to exit" "Version_%ver_CF%
Line50=ComboFix is uninstalled" "Info
Line51=Will only install the Recovery Console for Windows XP
Line52=Boot Partition cannot be enumerated correctly
Line53=%BootDir%Boot.ini is not correctly formated
Line54=This machine already has the Recovery Console installed.~n~nAborting operations
Line55=Please click 'YES' in the End User License Agreement (EULA) dialog that follows ..." "Installing the Recovery Console
Line56=Installation file - %~G - cannot be found
Line57=You didn't select YES~n~nInstallation is aborted
Line58=Contents of %BootDir%cmdcons are not in order.~n~nPlease disable your security programs before trying again
Line59=Congratulations!!! The Microsoft Recovery Console was successfully installed.~n~nOn each restart of the machine, a black screen will offer you the option to boot into recovery console mode.~nFor normal use, just ignore the black screen. Windows shall boot normally in 2 seconds~n~nClick 'Yes' to continue scanning for malware" "Info
Line6=Were you trying to run CFScript?~n~nThe name, CFScript appears to be incorrectly spelt" "CFScript Name Error
Line60=Click 'Yes' to continue scanning for malware~n~nClick 'No' to exit" "What's next ?
Line62=There's a newer version of ComboFix available.~n~nWould you like to update ComboFix?" "Update
Line63=--- WARNING !! ---~n~nA critical update is required.~n~nComboFix shall now update itself.~n~n--- WARNING !! ---" "Mandatory Update
Line64=Failed to download updated copy.~n~nWill continue with existing copy" "Failed Download
Line65=ComboFix shall now restart" "Updated
Line66=Interference detected~n~nPlease perform a Rootkit Scan" "Abort!
Line67=You cannot rename ComboFix as %FileName%~n~nPlease use another name, preferbaly made up of alphanumeric characters
Line68=%cd% not in expected location~n~n Inform sUBs now!!
Line69=ComboFix effected repairs on missing C:\Windows\system32\hal.dll
Line7=Attempting to create a new System Restore point
Line70=This machine does not have the 'Microsoft Windows recovery console' installed~n~nWithout it, ComboFix shall not attempt the fixing of some serious infections.~n~nClick 'Yes' to have ComboFix download/install it.~n~nNOTE: this requires an active internet connection." "Microsoft Windows Recovery Console
Line71=Click 'Yes' if this is a WINDOWS XP *HOME EDITION* machine" "XP Home Edition
Line72=Failed to download required files. Aborting ... ~n~nShall continue scanning for malware
Line73=Internal error! Failed to enumerate download path. ~n~nAborting ... Shall continue scanning for malware
Line74=You do not appear to be connected to the internet. Kindly connect before clicking 'OK'
Line75=The following files were trying to attach to ComboFix. They shall be disabled~nKindly note down on paper, the name of each file. We may need it later~n~n%~G" "Parasites found !!
Line76=ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix's running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking 'OK'." "Warning !!
Line77=%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk" "Warning !!
Line78=%~1 was missing
Line79=%~1 . . . is missing!!
Line8=Rich text formats (RTF) are unacceptable !!~n~nPlease save CFScript commands as a textfile, using Notepad.exe" "ERROR - Script format is incorrect
Line80=!! ALERT !! It is NOT SAFE to continue!~n~nThe contents of the ComboFix package has been compromised.~nPlease download a fresh copy from:~n~nhttp://www.bleepingcomputer.com/combofix/how-to-use-combofix~n~nNote: You may be infected with a file patching virus 'Virut'" "Error
Line81=ComboFix's script appears tampered. It is not safe to continue.~nComboFix shall now exit. Please inform the forum helper that's aiding~nyou. Unless further instructed to do so, do not run ComboFix again." "Failed Verification
Line82=Webserver appears to be temporarily inaccessible.~nFor your convenience, a zipped file has been created at:~n~nC:\CFCollect.zip~n~nPlease upload the file to BleepingComputer~n~nDo not forget to fill in the 'Comments' section" "Upload Failed!!
Line83=NETSVCS REQUIRES REPAIRS - current entries shown
Line84=http://download.bleepingcomputer.com/sUBs/ComboFix.exe~nhttp://www.forospyware.com/sUBs/ComboFix.exe~n~nComboFix.exe may be downloaded from any of the above sites. If you~nhave downloaded from some other site, there's a likely chance that it~nmay be tainted. For peace of mind, I suggest that you delete the current~ncopy and get a fresh one." "Caution
Line85=Manual Fix is required for restoring CommonStartup
Line9=Rootkit driver %G is present. ... attempting disinfection
Line90=ComboFix needs to perform a deeper scan
Line91=This should not take more than 10-15 minutes
Line92=Infected HTML files detected.
Line93=ComboFix will now attempt to disinfect
Line94=This is going to take some time
Line95=Disinfection complete !!! ... continuing Log Report preparation
Line96=Recovery in Progress . . .
Line97=WARNING !! Do not manually reboot the machine yourself
LOCKED REGISTRY KEYS=LOCKED REGISTRY KEYS
LOGONSERVER=\\AZNORIGAMILE-PC
machine was rebooted=machine was rebooted
not completed=not completed
NUMBER_OF_PROCESSORS=2
ORPHANS REMOVED=ORPHANS REMOVED
OS=Windows_NT
Other Running Processes=Other Running Processes
Other Services/Drivers In Memory=Other Services/Drivers In Memory
Path=C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared
PATHEXT=.cfxxe;.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Possible infected sites=Possible infected sites
Post-Run=Post-Run
Pre-Run=Pre-Run
Previous Run=Previous Run
PROCESS=PROCESS
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$
PUBLIC=C:\Users\Public
Qrntn=C:\Qoobox\Quarantine
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RecoveryConsole=WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Resident AV is active=Resident AV is active
RestorePoint= * Created a new restore point
RKEY_=hklm\software\microsoft\windows nt\currentversion\windows
Running from=Running from
scan completed successfully=scan completed successfully
sfxcmd= "C:\Users\AznOrigami (Leon)\Desktop\c9fg56sd.exe"
sfxname=C:\Users\AznOrigami (Leon)\Desktop\c9fg56sd.exe
Stage=Completed Stage_
Supplementary Scan=Supplementary Scan
SYSTEM=C:\Windows\system32
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\AZNORI~1\AppData\Local\Temp
The following files were disabled during the run=The following files were disabled during the run
TMP=C:\Users\AZNORI~1\AppData\Local\Temp
Upload was successful=Upload was successful
Uploading files to server=Uploading files to server
USERDOMAIN=AznOrigamiLe-PC
USERNAME=AznOrigami (Leon)
USERPROFILE=C:\Users\AznOrigami (Leon)
Ver_CF=09-09-11.01
windir=C:\Windows

=============================================

IF NOT DEFINED sfxname GOTO END

GREP -F \ temp01 && CALL :Aux

GREP -Fi "C:\Windows\system32\userinit.exe" Userinit00 || (SWREG ADD "hklm\software\microsoft\windows nt\currentversion\winlogon" /v Userinit /d "C:\Windows\system32\userinit.exe," )
Userinit REG_SZ C:\Windows\system32\userinit.exe,

SET SfxCmd 1>SET00

SED -r "/SfxCmd=/I!d; s///; s/\s*$//; s/^(\x22[^\x22]*\x22|[^\x22]\S*) +//; s/^\x22*C:\\Users\\AznOrigami (Leon)\\Desktop\\c9fg56sd.exe\x22*//I; s/^([^\x22]\S*)/@SET SfxCmd=\x22\1\x22/; s/^(\x22.*)/@SET SfxCmd=\1/" SET00 1>sfx.cmd

DEL /A/F SET00

ATTRIB +R "C:\Users\AznOrigami (Leon)\Desktop\c9fg56sd.exe"
@SET SfxCmd= "C:\Users\AznOrigami (Leon)\Desktop\c9fg56sd.exe "

CALL sfx.cmd

CALL AV.cmd

SET /a AVCount+=1

NIRCMD EXEC HIDE PV -d9000 -kf CSCRIPT.EXE

CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs

PV -kf CSCRIPT.exe PV.*
Killing 'CSCRIPT.exe'
Killing 'PV.*'

IF NOT EXIST AvBlack00 GREP -Fisf AVBlack resident.txt 1>AvBlack00 && (
SED -r "s/\x22//g; s/.*\) //; s/.*(\{.{8}-.{4}-.{4}-.{4}-.{12}\}).*/\1/" AvBlack00 1>AvBlack01
FOR /F "TOKENS=*" %G IN (AvBlack01) DO @CSCRIPT.EXE //NOLOGO //E:VBSCRIPT //T:5 wmi_rem.vbs "%~G"
NIRCMD EXEC HIDE PV -d6000 -kf CSCRIPT.EXE
CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:08 av.vbs
PV -kf CSCRIPT.exe PV.*
)

GREP -Fivf AVWhite resident.txt | GREP -E "^(AV|SP): .*enabled\* \(" 1>AVChk && (
SED -r "s/^AV:/antivirus: /; s/^SP:/antispyware: /; s/ \*(On-access scanning |)enabled\*.*//" AVChk | SED ":a; $!N;s/\n/~n/;ta" 1>AVChkB
NIRCMD LOOP 2 80 BEEP 3000 200
IF 1 LEQ 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "ComboFix has detected the following real time scanner(s) to be active:~n~n%G~n~nAntivirus and intrusion prevention programs are known to interfere~nwith ComboFix's running. This may lead to unpredictable results or~npossible machine damage.~n~nPlease disable these scanners before clicking 'OK'." "Warning !!" " " && GOTO Av-check
IF 1 GTR 1 FOR /F "TOKENS=*" %G IN (AVChkB) DO @NIRCMD INFOBOX "%G~n~nThe above real time scanner(s) are still active but ComboFix shall~ncontinue to run. Kindly note that this is at your own risk" "Warning !!" " "
)

DEL /A/F/Q AVChk? AvWhite AvBlack AvBlack0?

SET AVCount=

IF EXIST vista.mac CALL :Vista

IF NOT DEFINED RKEY_ GOTO :EOF

IF /I " " EQU "RKEYB" GOTO RKEYB

COPY /Y /B C:\Windows\system32\sc.exe C:\Windows\system32\swsc.exe
1 file(s) copied.

HANDLE csrss.exe.mui 1>MUI00

SED -r "/.*(.:\\.*)\\[^\\]*$/!d; s//\1/" MUI00 1>MUI01

SED -r -n "G; s/\n/&&/; /^([ -~]*\n).*\n\1/d; s/\n//; h; P" MUI01 1>MUI

FOR /F "TOKENS=*" %G IN (MUI) DO (
IF EXIST "%~G\sc.exe.mui" COPY /Y /B "%~G\sc.exe.mui" "%~G\swsc.exe.mui"
IF EXIST "%~G\cmd.exe.mui" (
SWXCACLS "%~G\cmd.exe.mui" /OA /Q
SWXCACLS "%~G\cmd.exe.mui" /P /GA:F /GS:F /GP:X /GU:X /Q
COPY /Y "%~G\cmd.exe.mui" "%~G\CF19370.exe.mui"
SWXCACLS "%~G\cmd.exe.mui" /g SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464:f /GA:X /GS:X /GP:X /GU:X /Q
SWXCACLS "%~G\cmd.exe.mui" /o SID#S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464 /Q
)
)

DEL /A/F/Q MUI0?

GOTO :EOF

GREP -Fx "REGEDIT4" Fin.dat || (
ECHO.1> "C:\Users\AZNORI~1\AppData\Local\Temp\tdsstdss"
PEV -rtf "C:\Users\AZNORI~1\AppData\Local\Temp\tdsstdss" || (
ECHO.1>***_tdssserv
CALL c.bat
GOTO END
)

GOTO AbortD
)
REGEDIT4

IF /I "C:\32788R22FWJFW" NEQ "C:\32788R22FWJFW" GOTO Abort

IF EXIST "C:\Users\AZNORI~1\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log" DEL /A/F "C:\Users\AZNORI~1\AppData\Local\Temp\32788R22FWJFW32788R22FWJFW.log"

COPY /Y /B "C:\Windows\system32\cmd.execf" "C:\Windows\system32\CF19370.exe"
1 file(s) copied.

SET "COMSPEC=C:\Windows\system32\CF19370.exe"

FOR /F "TOKENS=*" %G IN ( "C:\Users\AznOrigami (Leon)\Desktop\c9fg56sd.exe ") DO (
SET "FileName=%~NG"
SET "FilePath=%~DPG"
)

(
SET "FileName=c9fg56sd"
SET "FilePath=C:\Users\AznOrigami (Leon)\Desktop\"
)

SET FileName 1>FileName

GREP -ix "FileName=[-[:alnum:]@.]*" FileName || GOTO AbortB
FileName=c9fg56sd

DIR /AD/B C:\* 1>DirName00

GREP -ivx ComboFix DirName00 1>DirName01

GREP -Fisqx "c9fg56sd" DirName01 && CALL :NameChk

IF EXIST DirName0? DEL /A/F/Q DirName0?

IF EXIST Oldsfxname00 DEL /A/F Oldsfxname00

IF EXIST "\c9fg56sd\" (
SWXCACLS "\c9fg56sd" /RESET /Q
RD /S/Q "\c9fg56sd"
IF EXIST "\c9fg56sd\" (
PV -kf *.cfxxe
RD /S/Q "\c9fg56sd"
)
IF EXIST "\c9fg56sd\" (
HANDLE "C:\c9fg56sd" 1>temp00
SED -R "/.* pid: (\d*) +(\S*):.*/I!d;s//@ECHO.y|Handle -c \2 -p \1/" temp00 1>temp00.bat
CALL temp00.bat
DEL /A/F temp00.bat temp00
RD /S/Q "\c9fg56sd"
)
)

IF EXIST "\c9fg56sd\" RD /S/Q "\c9fg56sd"

IF EXIST "\c9fg56sd\" GOTO :EOF

PEV UZIP "License\streamtools.zip" License && MOVE /Y License\SF.exe 1>N_\29156 2>&1

GREP -Eisq "=.\/u.$" sfx.cmd && IF EXIST MsName.bat (ECHO.@SET SfxCmd= 1>sfx.cmd ) ELSE echo..1>ItsBeenPhun

DEL /A/F prep.done MsName.bat

CD ..

(

ECHO.MD "\c9fg56sd"
ECHO.ATTRIB -H -S "\32788R22FWJFW\*"
ECHO.MOVE /y "\32788R22FWJFW\*" "\c9fg56sd"
ECHO.RD /S/Q "\32788R22FWJFW"
IF EXIST "\32788R22FWJFW.0.tmp\" ECHO.RD /S/Q "\32788R22FWJFW.0.tmp"
IF EXIST "C:\32788R22FWJFW\ItsBeenPhun" ECHO.NIRCMD EXEC2 HIDE "C:\c9fg56sd" "C:\Windows\system32\CF19370.exe" /c c.bat
IF NOT EXIST "C:\32788R22FWJFW\ItsBeenPhun" ECHO.START "." /d "C:\c9fg56sd" "C:\Windows\system32\CF19370.exe" /k c.bat
ECHO.PV -kf cmd.exe cmd.execf
ECHO.DEL /A/F C:\Start_.cmd
) 1>Start_.cmd

SET "PATH=C:\c9fg56sd;C:\32788R22FWJFW;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared"

HIDEC "C:\Windows\system32\CF19370.exe" /F:OFF /D /C C:\Start_.cmd

NIRCMD WAIT 2000

broni · 2009/09/15

No. Look in your C drive for a file "combofix.txt ".

asdfghjkl · 2009/09/15

Uhh. I get a file called c9fg56sd and when i open it, it opens to another C;/ Drive.

Type: File (vagueness)
Location: C:/
Size: 312 KB (320,000 bytes)
Size on Disk: 316 KB (323,584 bytes)
1 file 0 folders

broni · 2009/09/15

it opens to another C;/ Drive
Click to expand...

I'm not sure, if I understand....

asdfghjkl · 2009/09/15

broni · 2009/09/15

I see now...

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

asdfghjkl · 2009/09/15

OTL.txt:

OTL logfile created on: 9/15/2009 8:39:16 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\AznOrigami (Leon)\Desktop
Windows Vista Enterprise Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.13% Memory free
4.00 Gb Paging File | 3.32 Gb Available in Paging File | 82.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 362.27 Gb Total Space | 240.28 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
Drive D: | 10.34 Gb Total Space | 1.39 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
Drive E: | 2.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AZNORIGAMILE-PC
Current User Name: AznOrigami (Leon)
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/06/01 20:30:54 | 05,804,032 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2007/07/27 11:49:46 | 00,036,864 | ---- | M] (Realtek) -- C:\Program Files\Airlink101\Airlink101 Cardbus & PCI Wireless LAN Utility\RtlService.exe
PRC - [2008/05/08 14:00:32 | 00,843,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Airlink101\Airlink101 Cardbus & PCI Wireless LAN Utility\RtWlan.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/08/11 11:01:23 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/06/30 09:55:40 | 02,329,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/08/11 11:20:26 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/10/12 19:38:04 | 00,958,464 | ---- | M] () -- C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WlanMon.exe
PRC - [2006/06/29 17:34:20 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/03/25 17:07:22 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/03/25 17:07:34 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009/08/19 10:26:35 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/17 09:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/10 18:13:39 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2008/03/25 17:07:36 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/07/16 17:35:18 | 17,304,880 | ---- | M] (ooVoo) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2009/07/09 13:07:14 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/06 10:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2009/09/15 20:35:40 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\AznOrigami (Leon)\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/08/17 08:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/17 09:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 09:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])
SRV - [2009/08/17 09:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/11/01 23:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/11/02 02:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/08/11 13:46:10 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2006/11/02 05:36:31 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2006/11/02 05:36:33 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2009/06/01 20:30:54 | 05,804,032 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL [Auto | Running])
SRV - [2006/11/02 05:36:33 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/07/27 11:49:46 | 00,036,864 | ---- | M] (Realtek) -- C:\Program Files\Airlink101\Airlink101 Cardbus & PCI Wireless LAN Utility\RtlService.exe -- (RealtekPCI [Auto | Running])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2009/08/11 11:20:26 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2006/11/02 05:36:49 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/13 14:00:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/13 14:00:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/08/30 16:17:19 | 00,000,000 | ---D | M]

[2009/09/02 17:38:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/13 14:00:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/19 10:26:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/13 14:00:18 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 14:00:18 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/08/19 10:26:35 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 15:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/09/13 14:00:19 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/10 18:00:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/10 18:00:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/10 18:00:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/10 18:00:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/10 18:00:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/10 18:00:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/10 18:00:01 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 11:35:18 | 00,000,787 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (797 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Airlink101 WLAN Monitor] C:\Program Files\Airlink101\Airlink101 WLAN Monitor\WLANmon.exe ()
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [oovoo.exe] C:\Program Files\ooVoo\ooVoo.exe (ooVoo)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.167,85.255.112.72
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7053377985-3338457542-858984716-1705\rundll32.exe) - C:\RECYCLER\S-1-5-21-7053377985-3338457542-858984716-1705\.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/27 22:34:32 | 00,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/15 19:39:04 | 00,000,000 | --SD | C] -- C:\c9fg56sd
[2009/09/10 19:24:45 | 00,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/09/10 19:24:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/09/10 19:24:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/09/10 19:24:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/09/10 19:24:45 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/09/10 19:24:45 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/09/10 19:24:45 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/09/10 19:24:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/10 19:24:28 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/08 22:16:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/05 15:05:47 | 00,000,000 | ---D | C] -- C:\ProgramData\EmailNotifier
[2009/09/05 15:05:38 | 00,000,000 | ---D | C] -- C:\Program Files\oovootb
[2009/09/05 15:05:28 | 00,000,549 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2009/09/05 15:05:28 | 00,000,000 | ---D | C] -- C:\Program Files\ooVoo

========== Files - Modified Within 14 Days ==========

[2009/09/15 20:40:00 | 00,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9C48359B-21C4-4F9F-986D-76751747DC1A}.job
[2009/09/15 20:13:44 | 00,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/15 20:13:44 | 00,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/15 20:00:01 | 00,000,282 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/09/15 19:18:26 | 00,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4DBAC220-CD3C-4A65-9890-B63F35448396}.job
[2009/09/15 19:18:13 | 00,000,400 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2009/09/15 19:18:01 | 00,000,394 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2009/09/15 19:13:47 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/15 19:13:40 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/15 19:13:39 | 21,384,31488 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\Windows\PEV.exe
[2009/09/10 18:15:58 | 00,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/10 18:15:58 | 00,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/10 18:15:57 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/05 15:05:28 | 00,000,549 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

========== LOP Check ==========

[2009/09/15 19:18:13 | 00,000,400 | ---- | M] () -- C:\Windows\Tasks\AWC AutoSweep.job
[2009/09/15 19:18:01 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2009/09/15 19:13:47 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/14 22:07:29 | 00,031,688 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/09/15 19:18:26 | 00,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4DBAC220-CD3C-4A65-9890-B63F35448396}.job
[2009/09/15 20:40:00 | 00,000,446 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9C48359B-21C4-4F9F-986D-76751747DC1A}.job
[2009/09/15 20:00:01 | 00,000,282 | -H-- | M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2006/11/02 02:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

Extras.txt

OTL Extras logfile created on: 9/15/2009 8:39:16 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\AznOrigami (Leon)\Desktop
Windows Vista Enterprise Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16890)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.13% Memory free
4.00 Gb Paging File | 3.32 Gb Available in Paging File | 82.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 362.27 Gb Total Space | 240.28 Gb Free Space | 66.33% Space Free | Partition Type: NTFS
Drive D: | 10.34 Gb Total Space | 1.39 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
Drive E: | 2.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AZNORIGAMILE-PC
Current User Name: AznOrigami (Leon)
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{811EE2DC-7C04-4399-A33A-3D7D657C3439}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{89066934-E000-45E4-9AE6-A87449030C7E}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{BC0FC298-4C6F-40B8-AC3A-1E1A28A69D28}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CDAEC2A-48D5-4986-BA31-7804B9CABE67}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1FAF34AD-DE04-4230-8283-5F2279F31766}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2F86B314-2D3A-4BA8-8435-1970C562D64F}" = protocol=17 | dir=in | app=c:\program files\airlink101\airlink101 cardbus & pci wireless lan utility\rtwlan.exe |
"{569E7B70-5508-412C-BCEB-C83816D99273}" = protocol=6 | dir=in | app=c:\users\aznorigami (leon)\desktop\74\maplestory.exe |
"{696F7976-5BE3-4553-AF92-68776F565539}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8EDCA013-B49C-476E-95B9-1E077B34DE77}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9F542669-5520-4311-BE6B-EB2B59B78A3A}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{ACBF0BFD-1415-4253-8569-AA0FF364BBB2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B3B3BEA8-3D73-42CD-8E2C-FE6B2CAC859E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE5106D3-74B2-4E4F-980F-2F5B62AF8152}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CACC01D3-2D48-43E0-A25F-4825F6C51907}" = protocol=6 | dir=in | app=c:\program files\airlink101\airlink101 cardbus & pci wireless lan utility\rtwlan.exe |
"{CEAEEF02-4F7E-426D-810F-E2DA0A3C2EA3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DA902AE0-EBA6-4D21-9DC5-74FC1263F89C}" = protocol=17 | dir=in | app=c:\users\aznorigami (leon)\desktop\74\maplestory.exe |
"{DB70A15B-E1D7-43AC-BD4E-16869551A0D4}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{E0080C4E-C379-400E-8D3C-418F47891FE4}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{E204614C-FBFA-4336-BC63-2CB74955639A}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{EB34A9CD-DE3D-447E-BEC7-BDBDC93180CE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EBC41332-830C-43E9-91D5-4E3608F4CD77}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{EEC81E53-6C2F-480B-98F1-8D0DFBF6DC1D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FB599996-346E-4936-9253-9AD96F7B170A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{00DDA3FF-0ECD-4983-9039-316C2D94B8A9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{1D07AA43-BAC9-4C14-B2D1-5F1C442EE8C2}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{54606E21-AEA4-4766-A544-7A5989D2C69D}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{56374B52-37A4-48D5-98D5-7D1FC8984066}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"TCP Query User{87C8024A-3B58-41FB-B000-EC9121A9C354}C:\users\aznorigami (leon)\appdata\roaming\taskeng.exe" = protocol=6 | dir=in | app=c:\users\aznorigami (leon)\appdata\roaming\taskeng.exe |
"UDP Query User{1F130728-8580-4B46-86CD-A36BF3CAB94C}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{6B7F649F-E7B0-42BD-B94A-5F6628228348}C:\users\aznorigami (leon)\appdata\roaming\taskeng.exe" = protocol=17 | dir=in | app=c:\users\aznorigami (leon)\appdata\roaming\taskeng.exe |
"UDP Query User{7ED7AD89-E130-4D3F-9967-2DEB295A564D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A4363011-E48C-4C83-8DB6-7A5D30321D68}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{BAE3C635-9949-4A09-B0A3-5840CE9900D4}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47759129-8649-47D1-9EA5-4BB84D86DB97}" = WLAN Monitor
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62C81505-65E8-BBFF-5A9B-23958770F694}" = BannedStory 3.0
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CD6575D-6397-4662-BD7A-C5DE187E71ED}" = MapleStory
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B838E8FF-C48A-4B54-9291-A9A4CF5548BF}" = MySQL Server 5.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{EF72E0A5-57E8-471F-837E-82BB19771363}" = Airlink101 Cardbus & PCI Wireless Driver and Utility
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AIM_6" = AIM 6
"avast!" = avast! Antivirus
"bs.BannedStory.B138736892407FF2891DACB3EC40AB4373DCB810.1" = BannedStory 3.0
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free FLV Converter_is1" = Free FLV Converter V 6.6.4
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"GenArts Sapphire Plug-ins Version 1.07 for After Effects" = GenArts Sapphire Plug-ins Version 1.07 for After Effects
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Magic Bullet Editors 2.0 Vegas" = Magic Bullet Editors 2.0 Vegas
"Magic Bullet Suite 2.0" = Magic Bullet Suite 2.0
"Magic Bullet Suite 2.1" = Magic Bullet Suite 2.1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Blends 2.0 for Vegas" = NewBlue Art Blends 2.0 for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Motion Blends 2.0 for Vegas" = NewBlue Motion Blends 2.0 for Vegas
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"Panopticum NewYearToys 1.1 for Adobe After Effects_is1" = Panopticum NewYearToys 1.1 for Adobe After Effects
"PluginPac" = DebugMode PluginPac (remove only)
"SpiceMASTER 2.5 PRO for Vegas" = SpiceMASTER 2.5 PRO for Vegas
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"vixy converter BETA_is1" = vixy converter uninstall
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/11/2009 3:46:43 PM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 8/12/2009 12:36:35 PM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 8/12/2009 12:38:40 PM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 8/12/2009 10:23:33 PM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 8/13/2009 12:33:08 AM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 8/14/2009 3:21:53 PM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 8/14/2009 7:16:20 PM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

Error - 8/14/2009 7:54:29 PM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\AznOrigami (Leon)\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
failed, 00000005.

Error - 9/3/2009 10:21:16 PM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = Error 0x000000C1 has occurred while loading ashSSqlt.dll library.

Error - 9/3/2009 10:21:17 PM | Computer Name = AznOrigamiLe-PC | Source = avast! | ID = 33554522
Description = Error 0x000000C1 has occurred while loading ashSSqlt.dll library.

[ Application Events ]
Error - 9/15/2009 11:37:05 PM | Computer Name = AznOrigamiLe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 9/15/2009 11:37:05 PM | Computer Name = AznOrigamiLe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131328
Description =

Error - 9/15/2009 11:37:10 PM | Computer Name = AznOrigamiLe-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 9/15/2009 11:39:05 PM | Computer Name = AznOrigamiLe-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 9/15/2009 11:39:05 PM | Computer Name = AznOrigamiLe-PC | Source = profsvc | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 9/15/2009 11:39:06 PM | Computer Name = AznOrigamiLe-PC | Source = ESENT | ID = 489
Description = Catalog Database (1480) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\edb.log" for read only access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail with
error -1032 (0xfffffbf8).

Error - 9/15/2009 11:39:06 PM | Computer Name = AznOrigamiLe-PC | Source = ESENT | ID = 455
Description = Catalog Database (1480) Catalog Database: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error - 9/15/2009 11:39:16 PM | Computer Name = AznOrigamiLe-PC | Source = ESENT | ID = 489
Description = Catalog Database (1480) Catalog Database: An attempt to open the file
"C:\Windows\system32\CatRoot2\edb.log" for read only access failed with system
error 5 (0x00000005): "Access is denied. ". The open file operation will fail with
error -1032 (0xfffffbf8).

Error - 9/15/2009 11:39:16 PM | Computer Name = AznOrigamiLe-PC | Source = ESENT | ID = 455
Description = Catalog Database (1480) Catalog Database: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\Windows\system32\CatRoot2\edb.log.

Error - 9/15/2009 11:39:16 PM | Computer Name = AznOrigamiLe-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

[ System Events ]
Error - 9/15/2009 10:38:39 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/15/2009 10:38:39 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/15/2009 10:39:57 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.

Error - 9/15/2009 11:14:25 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.

Error - 9/15/2009 11:14:25 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.

Error - 9/15/2009 11:17:29 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.

Error - 9/15/2009 11:36:38 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/15/2009 11:36:38 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 9/15/2009 11:37:52 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.

Error - 9/15/2009 11:38:51 PM | Computer Name = AznOrigamiLe-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume HP.

< End of report >

broni · 2009/09/15

Very well
You double posted, so I removed one post.
Let me go through those logs.
It may take a while...

asdfghjkl · 2009/09/15

I'm sorry broni XD
haha i fail at looking
Also, did I have to turn off avast?

broni · 2009/09/15

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O1 - Hosts: 127.0.0.1 activate.adobe.com
O3 - HKLM\..\Toolbar: (no name) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - No CLSID value found.
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-7053377985-3338457542-858984716-1705\rundll32.exe) - C:\RECYCLER\S-1-5-21-7053377985-3338457542-858984716-1705\.exe File not found
[2009/09/10 19:24:45 | 00,229,888 | ---- | C] () -- C:\Windows\PEV.exe
[2009/09/10 19:24:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/09/10 19:24:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/09/10 19:24:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/09/10 19:24:45 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/09/10 19:24:45 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/09/10 19:24:45 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/09/15 20:13:44 | 00,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/15 20:13:44 | 00,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/15 20:00:01 | 00,000,282 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

broni · 2009/09/15

I didn't see your reply, but no, with OTL, you don't have to turn Avast off.

Log in or Sign up

Active Google Redirecting Problem

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Google Redirecting Problem

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

asdfghjkl Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches