Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC is remotely accessed and controlled


  • This topic is locked This topic is locked
22 replies to this topic

#1 jkchoi24

jkchoi24

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 24 November 2009 - 08:54 AM

Hi, I thank you for your time and assistance in advance.
I apologize in advance for my poor grammar and spelling, as English is my second language.
Also, I am not tech savvy so I ask for your patience and ask that you explain everything step by step.
I must warn you that my post is very long- I have been experiencing many stuff related to this virus attack, and not too familiar with tech terminology, my explanation may be long. (I am just trying to explain everything to the best of my ability).

My computer system settings and specs:
I am using SONY VAIO SZ340 notebook and running WINDOWS XP Professional.
My notebook hard drive came with hidden partition for system recovery.
It also has a built in software to self-make recovery diskettes(NOTE: I made the recovery disks AFTER my system was infected).
I do not have any cracked /illegal software in my notebook.
I was using Norton 2006 but it was outdated.
(since then , I have uninstalled Norton and installed AVAST antivirus; Malwarebyte’s antimalware, and spy ware blaster installed.)
Malwarebyte’s did detect 2 infected files and removed it but the problem still occurs.
I ran full scan and none has found anything.


What I am experiencing:

SO, first time I experienced this virus stuff is about 2 months ago. I obtained help from a tech guy about a month ago and he made me run some virus softwares( DDS.scr and Gmer.exe). He couldn’t resolve the problem and I was instructed to reformat my computer by doing recovery disk(AGAIN, I made the recovery diskette after my system was infected and used this disk to reformat my system). Running recovery diskette did not resolve my problems and I am still experiencing the same troubleshoot.

Everything listed below is in chronological order.
1) Whatever program I have open, it'll minimize on its own, firefox will open by itself, close by itself, windows start menu will open at random, command prompt window will pop open by itself, all while I can’t do anything but watch it happen. It’s as if someone is using my computer remotely, while I am still using the computer. This “attack” seem to happen even when there’s no internet connection. However, it happens more frequently when there’s internet connection.

While all this “random access attack(I will refer to this phenomenon as “attack” from here on forward) happens, only thing I can do is bring up the task manager open by using CTL+Alt+Det. There’s no other applications open listed in the task manager(I don’t know how to read the processes running). Sometimes CPU will surge upto 60% but sometimes there’s no surge in CPU usage while the attack occurs. After the attack, any programs that were open is frozen; mouse becomes disabled; keyboards are disabled. I have to manually unplug my notebook to reboot, in order for it to work again. My mouse is often disabled very frequently after the attack(more so than my keyboard). Also during this attack, my anti-malware will open up by itself, control panel will open by itself.

2) if I have firefox or any web browser open, it'll randomly open sites in a new tab(the links are some random links from a site that I was browsing and have currently open.
3) windows start menu pops open on its own and access random menus
4) mouse clicks on different icons and right clicks on random things
5) whatever the program that's running when this happens, all crashes after the fact
6) this attack happens very frequent at times, and sometimes just once a day or so.

Again, this was all happening before I reformatted my hard drive, and IT STILL happens after the recovery format.
I ran recovery by hitting F10 and that didn’t resolve the problem so I made a recovery disk(after the system was infected), and reformatted my system using recovery disk- and yet this problem persist.

FINALLY, two of my bank account has emailed me sating I have exceeded my attempts to log in with failed passwords. Also my eBay account(which I have not used for years) have notified me saying suspicious account activity has been on my account and has suspended my account for now.

I really need your help. I just don’t know what to do! Please help me.
I thank you in advance for your time and assistance.

Sincerely,
J
============

DDS (Ver_09-11-24.02) - NTFSx86
Run by j at 22:18:00.14 on Tue 11/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1235 [GMT 9:00]

AV: avast! antivirus 4.8.1356 [VPS 091123-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint\Apntex.exe
svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Documents and Settings\j\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sony.com/vaiopeople
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_07\bin\jusched.exe
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [WCULauncher] c:\program files\sony\smartwi connection utility\WCULauncher.exe
mRun: [PartSeal] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://kbdownload.initech.com/kbstarActiveX/6.3.0.2/down/INIS60.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://kbdownload.initech.com/kbstarActiveX/softcamp/scsk4.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.2.5/xw_install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli fusstub

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\j\applic~1\mozilla\firefox\profiles\6lvo6d8h.default\
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npINISAFEWeb60.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-7-23 9216]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-9 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-9 20560]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-23 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-23 33024]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-7-23 36352]
R3 scskusbf;USB SCSK Filter Driver Service;c:\windows\system32\drivers\scskusbf.sys [2009-11-10 18184]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-7-23 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-7-23 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-7-23 808448]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2009-11-10 9344]
S3 NPFWFLT;NPFWFLT;c:\windows\system32\npfwflt.sys [2009-11-10 41600]
S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]
S3 scskusbs;USB SCSK Driver Service;c:\windows\system32\drivers\scskusbs.sys [2009-11-10 175872]

=============== Created Last 30 ================

2009-11-23 19:40:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-23 19:37:55 0 d-----r- c:\program files\Skype
2009-11-18 19:42:13 54156 ---ha-w- c:\windows\QTFont.qfn
2009-11-18 19:42:13 1409 ----a-w- c:\windows\QTFont.for
2009-11-16 11:43:03 0 d-sh--w- c:\documents and settings\j\IECompatCache
2009-11-14 16:44:08 0 d-----w- c:\windows\system32\scripting
2009-11-14 16:44:06 0 d-----w- c:\windows\system32\en
2009-11-14 16:44:06 0 d-----w- c:\windows\l2schemas
2009-11-14 16:44:05 0 d-----w- c:\windows\system32\bits
2009-11-14 16:38:05 0 d-----w- c:\windows\network diagnostic
2009-11-14 16:09:07 0 d-sh--w- c:\documents and settings\j\PrivacIE
2009-11-14 06:16:38 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-14 06:11:38 0 d-sh--w- c:\documents and settings\j\IETldCache
2009-11-13 21:20:48 0 d-----w- c:\windows\system32\XPSViewer
2009-11-13 21:20:03 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-13 21:20:03 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-13 21:20:03 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-13 21:20:02 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-13 21:20:02 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-13 21:20:02 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-13 21:20:02 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-13 21:20:02 0 d-----w- C:\6484db2577190fced56142f898
2009-11-13 21:12:39 0 d-----w- c:\windows\ie8updates
2009-11-13 21:11:31 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-13 21:11:31 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-13 21:11:31 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-13 21:11:30 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-13 21:11:30 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-13 21:11:30 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-13 21:08:51 0 dc-h--w- c:\windows\ie8
2009-11-13 08:21:19 86016 ----a-w- c:\windows\unvise32qt.exe
2009-11-13 08:19:59 0 d-----w- c:\windows\system32\QuickTime
2009-11-13 07:24:37 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-13 07:24:37 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-13 07:24:36 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-13 07:09:03 0 ----a-w- c:\windows\OpPrintServer.INI
2009-11-13 06:53:20 0 d-----w- c:\program files\Canon
2009-11-12 05:01:09 0 d-----w- c:\program files\MSXML 6.0
2009-11-10 17:17:14 0 d-----w- c:\docume~1\alluse~1\applic~1\PDF Writer
2009-11-10 17:17:13 0 d-----w- c:\docume~1\j\applic~1\PDF Writer
2009-11-10 17:14:12 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2009-11-10 17:14:12 131072 ----a-w- c:\windows\system32\bzpdfc.dll
2009-11-10 17:14:12 103424 ----a-w- c:\windows\system32\bzDCT.dll
2009-11-10 17:14:12 0 d-----w- c:\program files\common files\Bullzip
2009-11-10 17:14:09 194560 ----a-w- c:\windows\system32\bzpdf.dll
2009-11-10 17:14:05 79872 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-10 17:14:04 0 d-----w- c:\program files\Bullzip
2009-11-10 14:49:43 74752 ----a-w- c:\windows\system32\jst.dll
2009-11-10 14:49:43 40960 ----a-w- c:\windows\system32\d4channel.dll
2009-11-10 14:49:43 36864 ----a-w- c:\windows\system32\hpbmmjno.dll
2009-11-10 14:49:43 32768 ----a-w- c:\windows\system32\compJNI.dll
2009-11-10 14:49:43 102400 ----a-w- c:\windows\system32\PMLJNI.dll
2009-11-10 14:48:53 0 d--h--w- c:\program files\Zero G Registry
2009-11-10 14:45:43 0 d-----w- c:\program files\common files\HP
2009-11-10 14:44:18 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-11-10 14:38:54 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-11-10 14:38:54 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-11-10 14:38:54 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-11-10 14:34:02 0 d-----w- c:\program files\HP
2009-11-10 14:33:28 53947 ----a-w- c:\windows\hppins01.dat
2009-11-10 14:33:28 2364 ------w- c:\windows\hppmdl01.dat
2009-11-10 14:33:09 655 ----a-w- c:\windows\hpbvspst.his
2009-11-10 14:33:09 314 ----a-w- c:\windows\hpbvspst.ini
2009-11-10 14:31:56 98304 ----a-r- c:\windows\system32\hpp2kms.dll
2009-11-10 14:31:54 102400 ----a-r- c:\windows\system32\hpplsbulk.dll
2009-11-10 14:31:52 9344 ----a-r- c:\windows\system32\drivers\hpplsbulk.sys
2009-11-10 14:31:52 17024 ----a-r- c:\windows\system32\drivers\hpplsgen.sys
2009-11-10 14:31:37 282624 ----a-r- c:\windows\system32\HPZc3212.dll
2009-11-10 14:31:37 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-10 14:29:54 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-10 12:14:23 0 d-----w- c:\program files\common files\SWF Studio
2009-11-10 11:12:37 89680 ----a-w- c:\documents and settings\j\MSSSerif120.fon
2009-11-10 10:35:10 0 d--h--w- C:\XecureSSL
2009-11-10 10:35:10 0 d--h--w- c:\windows\yessign
2009-11-10 10:35:09 0 d-----w- c:\program files\SoftForum
2009-11-10 10:34:24 18184 ----a-w- c:\windows\system32\drivers\scskusbf.sys
2009-11-10 10:34:24 175872 ----a-w- c:\windows\system32\drivers\scskusbs.sys
2009-11-10 10:32:42 429 ----a-w- c:\windows\system32\npzupdate.conf
2009-11-10 10:32:42 0 d-----w- c:\program files\common files\INCA Shared
2009-11-10 10:32:17 46640 ----a-w- c:\windows\system32\npPCStatusUninst.exe
2009-11-10 10:32:17 124536 ----a-w- c:\windows\system32\npPCStatus.ocx
2009-11-10 10:32:09 0 d-----w- c:\windows\Application Data
2009-11-10 10:32:09 0 d-----w- c:\program files\NPKI
2009-11-10 10:32:09 0 d-----w- c:\program files\INITECH
2009-11-10 05:02:21 0 d-----w- c:\windows\ServicePackFiles
2009-11-10 05:01:19 0 d-----w- c:\program files\MSXML 4.0
2009-11-10 04:53:01 0 d-----w- c:\program files\common files\Adobe Systems Shared
2009-11-10 04:17:29 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-10 04:17:29 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-10 04:13:06 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-11-10 04:11:59 122 ----a-w- c:\docume~1\j\applic~1\wklnhst.dat
2009-11-10 04:10:59 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-11-10 04:10:53 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-10 04:10:45 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-11-10 04:10:39 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-11-10 04:10:33 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-10 04:10:20 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-10 04:09:36 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-11-10 04:05:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-10 04:05:30 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-11-10 04:04:27 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-10 04:04:27 1203922 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-11-10 04:04:26 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-11-10 04:02:57 0 d-----w- c:\windows\system32\PreInstall
2009-11-09 10:34:15 0 d-----w- c:\program files\WOT
2009-11-09 10:24:17 0 d-----w- c:\program files\SpywareBlaster
2009-11-09 09:57:15 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-09 09:11:09 0 d-----w- c:\docume~1\j\applic~1\Malwarebytes
2009-11-09 09:11:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 09:11:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-09 09:11:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 09:11:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-09 08:39:46 0 d--h--w- C:\TEMP
2009-11-09 07:58:37 25088 ----a-w- c:\windows\system32\spdifcp.dll
2009-11-09 07:20:31 0 d-----w- C:\SonySupport
2009-11-09 07:06:50 0 ----a-r- c:\windows\system32\RCCustomSetup.ini
2009-11-09 07:01:42 0 d-----w- c:\windows\system32\appmgmt
2009-11-09 06:43:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-09 06:43:38 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-09 06:08:57 0 d-sh--w- c:\documents and settings\j\UserData
2009-11-09 04:50:25 0 d-----w- c:\docume~1\j\applic~1\Protector Suite
2009-11-09 04:49:42 0 d-----w- c:\docume~1\j\applic~1\Intel
2009-11-09 04:46:16 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-11-09 04:41:12 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2009-11-09 04:41:11 802104 ----a-w- c:\windows\WINDOWSXP-KB925486-X86-ENU.bak
2009-11-09 04:40:52 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-11-09 04:40:52 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-11-09 04:40:52 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-11-09 04:40:52 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-11-09 04:40:52 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-11-09 04:40:52 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-11-09 04:40:50 0 d-----w- c:\program files\InterVideo
2009-11-09 04:40:12 0 d-----w- C:\Infineon
2009-11-09 04:39:22 4 ----a-w- c:\windows\Pix11.dat
2009-11-09 04:39:10 0 d-----w- c:\program files\Microsoft Digital Image 2006
2009-11-09 04:38:05 3420 ---ha-w- C:\IPH.PH
2009-11-09 04:38:05 0 d-----w- c:\program files\common files\AOL
2009-11-09 04:36:46 0 d-----w- c:\program files\Toshiba
2009-11-09 04:34:09 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2009-11-09 04:32:27 0 d-----w- c:\program files\Symantec
2009-11-09 04:32:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-11-09 04:32:14 0 d-----w- c:\program files\common files\Symantec Shared
2009-11-09 04:31:01 0 d-----w- c:\program files\Cingular
2009-11-09 04:30:59 0 ----a-r- c:\windows\system32\svconfig.ini
2009-11-09 04:29:55 0 d-----w- c:\program files\common files\Protector Suite QL
2009-11-09 04:29:53 0 d-----w- c:\program files\Protector Suite QL
2009-11-09 04:24:54 0 d-----w- c:\windows\system32\Backup
2009-11-09 04:24:36 0 d-----w- c:\windows\SQLHotfix
2009-11-09 04:23:57 466 ----a-w- c:\windows\system32\mapisvc.inf
2009-11-09 04:23:51 33340 ----a-w- c:\windows\system32\dbmsqlgc.dll
2009-11-09 04:23:51 24576 ----a-w- c:\windows\system32\dbmsgnet.dll
2009-11-09 04:23:17 0 d-----w- c:\program files\common files\Crystal Decisions
2009-11-09 04:23:11 0 d-----w- c:\program files\Microsoft SQL Server
2009-11-09 04:23:02 376 ----a-w- c:\windows\ODBC.INI
2009-11-09 04:22:57 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-11-09 04:17:18 2158 ----a-w- c:\windows\system32\tmmute.ini
2009-11-09 04:17:17 0 d-----w- c:\program files\Trend Micro
2009-11-09 04:17:01 0 d-----w- c:\documents and settings\all users\DSD Direct
2009-11-09 04:16:50 91648 ----a-w- c:\windows\system32\SonyAIds.dll
2009-11-09 04:16:50 75776 ----a-w- c:\windows\system32\SonyAIwo.dll
2009-11-09 04:16:50 38400 ----a-w- c:\windows\system32\SonyAIwd.dll
2009-11-09 04:16:35 0 d-----w- c:\documents and settings\all users\SonicStage Mastering Studio
2009-11-09 04:16:25 770048 ----a-w- c:\windows\system32\CDDBUISony.dll
2009-11-09 04:16:25 643072 ----a-w- c:\windows\system32\CDDBControlSony.dll
2009-11-09 04:16:25 585728 ----a-w- c:\windows\system32\CddbMusicIDSony.dll
2009-11-09 04:15:58 221184 ----a-w- c:\windows\system32\wmpns.dll

==================== Find3M ====================

2009-11-09 04:49:15 0 ---ha-r- c:\windows\system32\drivers\Sony_VGN-SZ340P.mrk
2009-10-06 02:05:14 103848 ----a-w- c:\windows\system32\INISAFEAdminCtrl.dll
2009-09-30 08:41:30 74240 ----a-w- c:\windows\system32\nsldap32v11.dll
2009-09-30 08:41:30 1241088 ----a-w- c:\windows\system32\inicrypto45.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 22:18:42.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:03 AM

Posted 29 November 2009 - 11:58 AM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:03 AM

Posted 04 December 2009 - 01:58 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:03 AM

Posted 05 December 2009 - 01:06 PM

Topic reopened at OP request.

unite.jpg


#5 jkchoi24

jkchoi24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 05 December 2009 - 07:31 PM

Thanks for re-opening this thread. I am posting two logs.
I am still experiencing everything described in my first post- things like random remotely controlled softwares/ randomly minimized and forced shut of any open programs, and slow notbook. Also my mouse on my notebook is still not working at random. All these things have survived even after I have done a re-format of my hard drive(C:)Please read my first post for details.

Thank you and I await desperately,
PS. SOrry for my poor grammer- english is my second language.
Thanks
J

Attached Files

  • Attached File  info.txt   35.71KB   1 downloads
  • Attached File  log.txt   58.54KB   5 downloads


#6 jkchoi24

jkchoi24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 05 December 2009 - 07:34 PM

Also, can you please tell me why I am not receiving email notification, when you post a reply to this topic? At current moment, only was for me to tell you have replied to this thread is by randomly checking back at the site. I have subscribed to this thread so why can't I receive an email notification when you post a reply?
Thanks

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:03 AM

Posted 06 December 2009 - 09:09 AM

Im not sure why you are not recieving notifications, you would be best sending one of the admins a PM so that they can have a look at it, as
I can't do anything about this.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#8 jkchoi24

jkchoi24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 06 December 2009 - 07:49 PM

Here is my combofix log.txt file attached to this reply.

Attached Files

  • Attached File  log.txt   23.69KB   9 downloads


#9 jkchoi24

jkchoi24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 06 December 2009 - 10:51 PM

since I ran combofix, it hasn't fixed the problem. I am still getting same problems- like my mousepad on the notebook is not working, softwares randomly opening, and I also got a blue window error message, saying the system has to shut down due to some fetal error.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:03 AM

Posted 08 December 2009 - 10:32 AM

I don't see anything wrong in your logs, these don't really sound like malware issues. if you get the blue screen again please note down
the STOP error code and post it in your reply.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back here with the following logs:
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#11 jkchoi24

jkchoi24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 09 December 2009 - 02:45 PM

If it's not malware issues, what could it be? it's driving me crazy. it can even open some of my files by itself!

NOthing was found on kaspersky:
Thursday, December 10, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 09, 2009 11:12:15
Records in database: 3346997
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
G:\
Scan statistics
Objects scanned 89478
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:50:16

No threats found. Scanned area is clean.
Selected area has been scanned.

Attached Files

  • Attached File  log.txt   45.46KB   1 downloads


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:03 AM

Posted 09 December 2009 - 06:19 PM

They do sound like some strange issues, I do see a couple of little things that we will remove and I would like to have a look with a couple of other scans. It is strange
that reformatting has not solved this, it really should have.

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.




We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please post back here with the following logs:
  • Gmer log
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#13 jkchoi24

jkchoi24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 December 2009 - 05:53 PM

I am sorry for late reply. Please don't close this thread as I am working on your instruction right now. My internet connection was disabled and that's why I couldn't respond sooner. Thanks

#14 jkchoi24

jkchoi24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 December 2009 - 08:40 PM

following are the three posts you requested.
First is from running GMER:
=====================================

GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 10:33:52
Windows 5.1.2600 Service Pack 3
Running: o2t8z891.exe; Driver: C:\DOCUME~1\j\LOCALS~1\Temp\uxxyipoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB6ACC6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB6ACC574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB6ACCA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB6ACC14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB6ACC64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB6ACC08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB6ACC0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB6ACC76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB6ACC72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB6ACC8AE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9D36360, 0x22117D, 0xE8000020]
init C:\WINDOWS\system32\drivers\scskusbf.sys entry point in "init" section [0xBADE2373]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1208] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002
IAT C:\WINDOWS\system32\services.exe[1208] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1

---- EOF - GMER 1.0.15 ----

=========================================================
==========================================================
next is from OTL.txt file:
===========================================================
OTL logfile created on: 12/14/2009 10:34:42 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\j\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.00% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 61.76 Gb Free Space | 70.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: F52F2867C1364CC
Current User Name: j
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/14 07:54:11 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\j\My Documents\Downloads\OTL.exe
PRC - [2009/12/09 22:15:16 | 00,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Sun\SDK\jdk\bin\javaw.exe
PRC - [2009/12/06 21:05:28 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/06 21:05:28 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/25 08:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 08:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 08:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 08:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 08:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/13 17:21:21 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2009/11/10 23:49:00 | 00,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2009/11/09 13:36:27 | 01,120,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/11/03 12:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/08/03 20:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2008/04/14 09:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 09:12:15 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/06/30 06:17:32 | 00,319,488 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2006/06/21 09:45:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/06/14 02:22:20 | 00,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/04/14 05:36:36 | 00,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/08 10:36:00 | 00,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/04/08 09:37:00 | 01,773,568 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/04/05 06:55:18 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/03/01 06:29:54 | 00,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006/03/01 06:25:48 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/03/01 06:25:20 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/03/01 06:22:50 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/03/01 06:18:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/03/01 06:16:08 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/03/01 06:15:30 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/02/23 11:10:16 | 01,354,240 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\menusw.exe
PRC - [2006/02/12 11:30:38 | 00,425,984 | ---- | M] (Sony Electronics Corporation) -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2006/02/08 13:29:04 | 00,094,208 | ---- | M] (Sony Electronics, Inc) -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe
PRC - [2006/02/08 13:28:44 | 00,172,032 | ---- | M] (Sony Electronics Corporation) -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWiTogglet.exe
PRC - [2006/02/08 13:28:44 | 00,073,728 | ---- | M] (Sony Electronics Corporation) -- C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
PRC - [2006/02/07 16:00:00 | 00,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/01/28 11:17:00 | 00,221,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006/01/24 14:47:00 | 00,073,728 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2005/12/28 06:58:10 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/12/06 09:50:00 | 02,134,016 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2005/11/29 05:39:32 | 00,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/29 05:39:30 | 00,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/10/12 13:36:38 | 00,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2005/03/25 05:56:50 | 00,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/12/24 11:11:46 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/11/18 12:47:16 | 00,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/11/04 19:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/11/04 19:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/09/13 15:49:00 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2004/08/20 01:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/21 06:12:34 | 00,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2003/06/01 11:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2009/12/14 07:54:11 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\j\My Documents\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/12/06 21:05:28 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/25 08:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 08:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 08:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 08:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/10 13:53:01 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/11/09 13:36:27 | 01,120,960 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/21 09:45:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/04/28 09:35:16 | 00,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/28 09:27:06 | 00,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/28 09:16:28 | 00,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/14 05:36:36 | 00,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/05 06:55:18 | 00,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006/03/01 06:18:10 | 00,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/03/01 06:16:08 | 00,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/03/01 06:15:30 | 00,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/02/08 13:29:04 | 00,094,208 | ---- | M] (Sony Electronics, Inc) [Auto | Running] -- C:\Program Files\Sony\SmartWi Connection Utility\SmartWiService.exe -- (SmartWiService)
SRV - [2005/11/29 05:39:32 | 00,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/29 05:39:30 | 00,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/26 05:08:54 | 00,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/11/14 17:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/12/24 11:11:46 | 00,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/11 16:46:56 | 00,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/11 13:50:42 | 00,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)
SRV - [2003/06/01 11:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM)
SRV - [2002/12/18 08:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM)


========== Driver Services (SafeList) ==========

DRV - [2009/12/10 11:38:06 | 00,175,872 | ---- | M] (SoftCamp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scskusbs.sys -- (scskusbs)
DRV - [2009/12/10 11:38:06 | 00,018,184 | ---- | M] (SoftCamp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scskusbf.sys -- (scskusbf)
DRV - [2009/11/25 08:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 08:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 08:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/11/09 13:36:27 | 00,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2009/11/04 09:11:48 | 00,041,600 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npfwflt.sys -- (NPFWFLT)
DRV - [2009/09/15 19:56:14 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/09/15 19:55:30 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 19:55:19 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/08/26 00:55:22 | 00,048,384 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npids.sys -- (NPIDS)
DRV - [2008/04/14 01:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 01:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/24 14:46:00 | 00,808,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/07/23 04:45:27 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2006/06/21 09:45:00 | 03,662,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/04/14 13:00:00 | 00,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/17 03:45:00 | 00,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/16 03:52:00 | 00,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/03/07 11:39:00 | 00,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/03/01 07:35:56 | 00,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/28 21:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/28 21:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2006/02/26 20:43:00 | 01,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/02/24 18:37:00 | 00,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/23 11:13:12 | 00,013,440 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/02/23 11:13:04 | 00,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/02/11 04:17:00 | 00,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/09 10:33:00 | 00,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/01/28 10:56:32 | 00,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/12/29 16:28:08 | 00,055,680 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005/12/18 04:08:00 | 01,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/11/22 07:06:02 | 00,009,216 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\shpf.sys -- (shpf)
DRV - [2005/11/17 13:40:00 | 01,076,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/28 19:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/10/22 04:19:34 | 00,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/19 09:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/19 09:52:34 | 00,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/19 09:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/18 01:43:00 | 00,241,408 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/10/06 09:57:08 | 00,012,544 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/08/02 09:45:00 | 00,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/12 11:58:00 | 00,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/02/03 08:29:28 | 00,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2005/01/18 02:21:54 | 00,049,664 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/01/07 06:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/25 03:09:12 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/12/25 03:07:46 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/11/22 12:31:00 | 00,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/19 09:12:50 | 00,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/12/06 08:18:02 | 00,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/10 12:15:08 | 00,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://kr.msn.com/default.aspx?froo=www
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 8A E9 A3 ED 7B CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/13 17:21:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/06 21:05:42 | 00,000,000 | ---D | M]

[2009/11/09 15:22:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\j\Application Data\Mozilla\Extensions
[2009/12/12 20:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\j\Application Data\Mozilla\Firefox\Profiles\6lvo6d8h.default\extensions
[2009/11/09 15:47:59 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\j\Application Data\Mozilla\Firefox\Profiles\6lvo6d8h.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/14 10:33:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/06 11:05:18 | 00,200,914 | ---- | M] (INITECH ©) -- C:\Program Files\Mozilla Firefox\plugins\npINISAFEWeb60.dll

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WCULauncher] C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe (Sony Electronics Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\j\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://kbdownload.initech.com/kbstarActive...down/INIS60.cab (INISAFEWeb6 V6 Class)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} http://kbdownload.initech.com/kbstarActive...tcamp/scsk4.cab (SCSK Control)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://download.kbstar.com/security/Xecure...stall_v7227.cab (XecureWeb 4.0 Client Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} http://download.kbstar.com/security/nprote...v4/ie80/npz.cab (Npz Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 168.126.63.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - fusstub.dll - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/23 03:47:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/14 07:41:00 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\j\My Documents\My Safe
[2009/12/09 22:14:07 | 00,000,000 | ---D | C] -- C:\Sun
[2009/12/09 21:02:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\.SunDownloadManager
[2009/12/08 10:10:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/07 09:28:22 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/07 09:27:26 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/07 09:27:26 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/07 09:27:26 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/07 09:27:26 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/07 09:27:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/07 09:27:15 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/12/07 09:26:32 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/06 21:05:42 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/06 21:05:42 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/06 21:05:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/06 21:05:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/06 21:05:42 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/06 19:08:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/12/06 09:24:53 | 00,000,000 | ---D | C] -- C:\rsit
[2009/12/02 16:48:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\Application Data\vlc
[2009/12/02 16:47:21 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/12/02 14:05:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/12/01 11:42:51 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/12/01 11:42:51 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/11/30 13:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\My Documents\SSI info
[2009/11/28 19:58:11 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009/11/28 19:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/11/28 19:56:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/11/28 19:55:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/11/28 19:53:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/11/28 19:52:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/11/28 19:51:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\Local Settings\Application Data\Microsoft Help
[2009/11/28 19:51:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/28 19:51:21 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/11/28 13:29:44 | 00,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2009/11/28 13:28:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\j\My Documents\My Videos
[2009/11/27 08:17:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\nprotect
[2009/11/24 22:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\Desktop\BC tech help
[2009/11/24 21:24:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\Application Data\Template
[2009/11/24 21:17:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\My Documents\Bluetooth
[2009/11/24 04:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\Application Data\skypePM
[2009/11/24 04:38:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\Application Data\Skype
[2009/11/24 04:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/11/24 04:37:55 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/11/24 04:37:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/11/20 13:17:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\j\Local Settings\Application Data\Identities
[2009/11/16 20:43:03 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\j\IECompatCache
[2009/11/15 01:56:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/15 01:56:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/11/15 01:44:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/11/15 01:44:06 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2009/11/15 01:44:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/11/15 01:44:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/11/15 01:44:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/11/15 01:38:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/11/15 01:34:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/11/15 01:28:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2009/11/15 01:09:07 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\j\PrivacIE
[2009/11/14 15:11:38 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\j\IETldCache
[2006/07/23 03:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/07/23 03:47:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/07/23 03:47:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/14 07:42:51 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\j\tray.pid
[2009/12/14 07:41:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/14 07:40:43 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/12/14 07:40:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/14 07:40:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/14 07:40:26 | 21,454,39744 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/14 07:37:25 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\j\NTUSER.DAT
[2009/12/14 07:37:25 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\j\ntuser.ini
[2009/12/11 14:20:12 | 00,459,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/11 14:20:12 | 00,079,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/11 14:20:11 | 00,548,004 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/11 14:03:48 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/10 11:38:06 | 00,175,872 | ---- | M] (SoftCamp) -- C:\WINDOWS\System32\drivers\scskusbs.sys
[2009/12/10 11:38:06 | 00,018,184 | ---- | M] (SoftCamp) -- C:\WINDOWS\System32\drivers\scskusbf.sys
[2009/12/10 11:37:50 | 00,000,204 | ---- | M] () -- C:\WINDOWS\System32\npconf.md5
[2009/12/10 11:37:47 | 00,000,429 | ---- | M] () -- C:\WINDOWS\System32\npzupdate.conf
[2009/12/10 07:17:43 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\j\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/09 22:19:21 | 00,024,800 | ---- | M] () -- C:\WINDOWS\System32\productregistry
[2009/12/09 22:19:21 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\j\Start Menu\Programs\Startup\SDK Tray Menu.lnk
[2009/12/09 22:18:24 | 00,000,116 | ---- | M] () -- C:\Documents and Settings\j\.asadminpass
[2009/12/09 22:18:13 | 00,000,801 | ---- | M] () -- C:\Documents and Settings\j\.asadmintruststore
[2009/12/07 16:07:42 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/07 09:37:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/07 09:28:33 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/06 21:05:28 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/06 21:05:28 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/06 21:05:28 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/06 21:05:28 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/06 21:05:28 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/06 18:04:20 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\j\Application Data\wklnhst.dat
[2009/12/05 20:42:01 | 00,091,872 | ---- | M] () -- C:\Documents and Settings\j\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/05 20:41:17 | 00,340,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/04 13:40:00 | 00,011,163 | ---- | M] () -- C:\WINDOWS\System32\teexcept.dat
[2009/12/02 16:30:33 | 00,058,589 | ---- | M] () -- C:\Documents and Settings\j\My Documents\resume of Joe Yang.pdf
[2009/12/02 16:14:32 | 00,000,572 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/01 14:42:53 | 00,000,846 | ---- | M] () -- C:\Documents and Settings\j\Desktop\Shortcut to UHC all RX claims sum listed-nov 2009.lnk
[2009/11/29 17:27:28 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\j\Desktop\NJ real estate info.wps
[2009/11/25 15:13:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\tosOBEX.INI
[2009/11/25 08:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/25 08:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/25 08:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/25 08:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/25 08:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/25 08:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/24 21:16:30 | 00,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/11/24 04:40:07 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/23 20:13:04 | 00,034,686 | ---- | M] () -- C:\Documents and Settings\j\Desktop\Ro_News_av.pdf
[2009/11/15 01:57:31 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/11/15 01:37:42 | 00,250,048 | RHS- | M] () -- C:\ntldr
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/09 23:32:50 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\j\tray.pid
[2009/12/09 22:19:21 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\j\Start Menu\Programs\Startup\SDK Tray Menu.lnk
[2009/12/09 22:18:24 | 00,000,116 | ---- | C] () -- C:\Documents and Settings\j\.asadminpass
[2009/12/09 22:18:13 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\j\.asadmintruststore
[2009/12/09 22:16:02 | 00,024,800 | ---- | C] () -- C:\WINDOWS\System32\productregistry
[2009/12/07 09:28:33 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/12/07 09:28:27 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/07 09:27:26 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/07 09:27:26 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/07 09:27:26 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/07 09:27:26 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/07 09:27:26 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/02 16:30:33 | 00,058,589 | ---- | C] () -- C:\Documents and Settings\j\My Documents\resume of Joe Yang.pdf
[2009/12/02 16:21:47 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\j\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/01 14:42:53 | 00,000,846 | ---- | C] () -- C:\Documents and Settings\j\Desktop\Shortcut to UHC all RX claims sum listed-nov 2009.lnk
[2009/11/29 09:32:22 | 00,014,336 | ---- | C] () -- C:\Documents and Settings\j\Desktop\NJ real estate info.wps
[2009/11/25 15:13:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/11/24 04:40:07 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/11/23 20:12:58 | 00,034,686 | ---- | C] () -- C:\Documents and Settings\j\Desktop\Ro_News_av.pdf
[2009/11/13 16:09:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/11/10 23:49:43 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2009/11/10 23:49:43 | 00,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2009/11/10 23:49:43 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2009/11/10 23:33:09 | 00,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/11/10 23:32:37 | 00,001,030 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/11/10 23:32:22 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2009/11/10 21:18:01 | 00,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/10 13:11:59 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\j\Application Data\wklnhst.dat
[2009/11/09 16:06:50 | 00,000,000 | R--- | C] () -- C:\WINDOWS\System32\RCCustomSetup.ini
[2009/11/09 13:49:42 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\j\Local Settings\Application Data\fusioncache.dat
[2009/11/09 13:40:52 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/11/09 13:40:52 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/11/09 13:40:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/11/09 13:40:52 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/11/09 13:40:52 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/11/09 13:40:52 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/11/09 13:30:59 | 00,000,000 | R--- | C] () -- C:\WINDOWS\System32\svconfig.ini
[2009/11/09 13:23:02 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/09 13:17:18 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/07/23 05:51:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/23 05:32:31 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/23 05:26:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/23 03:53:19 | 00,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/23 03:31:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/23 03:31:22 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/02 10:53:38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/03 07:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 14:30:00 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/21 10:04:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/16 07:43:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2001/03/28 12:37:14 | 00,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
< End of report >
===============================================
next is file form OTL Extras.txt file:
=================================================
OTL Extras logfile created on: 12/14/2009 10:34:42 AM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\j\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.00% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 61.76 Gb Free Space | 70.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: F52F2867C1364CC
Current User Name: j
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Disabled:javaw -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\j\Local Settings\Temp\java_ee_sdk-5_08-jdk-6u17-windows-ml.exe2\package\jre\bin\javaw.exe" = C:\Documents and Settings\j\Local Settings\Temp\java_ee_sdk-5_08-jdk-6u17-windows-ml.exe2\package\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2154375F-A35D-4CB5-A996-3466251F6B3B}" = hpp2800usg
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{565F04D0-11FA-487E-8A92-F9D11CC011B3}" = VAIO Power Management
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5B82682E-C555-45DA-8E2C-CE6525427AC9}" = Click to DVD 2.5.30
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{688EC50D-0155-4490-8DBF-686CD3B2893F}" = hppScanTo
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{74E5E862-F1FF-412B-B824-9582ED7DE84A}" = hppSendFax
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{851D5410-0851-46F0-8836-74E0D8D20196}" = hppDustDevil
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}" = hppFaxDrv
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DF4C627-4AF3-4245-9F13-3518FC8584DC}" = Protector Suite QL 5.3
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C3E6DC57-473A-4424-9617-AF60BA8403C3}" = hppCLJ2800
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-in 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}" = VAIO Backup Utility
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EF7BB06C-5D95-4C7C-8B9B-E1B1E37E8692}" = Fingerprint Tutorial
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F6D24DE1-6894-452D-A714-FDA0929714EC}" = TPM Tutorial
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.0.0.928
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"npnv4" = nProtect Netizen(remove only)
"npPCStatus" = npPCStatus
"ProInst" = Intel® PROSet/Wireless Software
"QuickTime" = QuickTime
"SoftcampSCSK" = SoftCamp Secure KeyStroke 4.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"UnINISafeWeb6" = INISafeWeb 6.0
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.3
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XecureWeb Control" = XecureWeb Control

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/10/2009 5:08:51 AM | Computer Name = F52F2867C1364CC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.co.kr/complete/sear...0laye&cp=29
failed, 0000A413.

Error - 11/10/2009 9:29:04 AM | Computer Name = F52F2867C1364CC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://suggestqueries.google.com/complete/...27s+personality
failed, 0000A413.

[ Application Events ]
Error - 11/30/2009 10:30:47 PM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1001
Description = Fault bucket 1545157916.

Error - 12/5/2009 6:41:27 AM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/5/2009 6:45:05 AM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/7/2009 9:38:31 PM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 12.0.6514.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2009 6:32:48 PM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/9/2009 6:32:55 PM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 12/12/2009 7:17:01 AM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/12/2009 7:17:06 AM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1001
Description = Fault bucket 1545157916.

Error - 12/13/2009 8:37:58 AM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2009 8:38:04 AM | Computer Name = F52F2867C1364CC | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 12/2/2009 2:10:58 AM | Computer Name = F52F2867C1364CC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0018DE0F1C10. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/5/2009 6:39:48 AM | Computer Name = F52F2867C1364CC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\D.

Error - 12/5/2009 6:46:35 AM | Computer Name = F52F2867C1364CC | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0018DE0F1C10. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 12/6/2009 6:10:47 AM | Computer Name = F52F2867C1364CC | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00893c39, parameter2 00000002, parameter3
00000000, parameter4 894e9008.

Error - 12/8/2009 9:56:33 PM | Computer Name = F52F2867C1364CC | Source = i8042prt | ID = 327703
Description = Could not set the mouse resolution.

Error - 12/9/2009 8:07:17 AM | Computer Name = F52F2867C1364CC | Source = DCOM | ID = 10010
Description = The server {5A5AA0AA-1DEB-4683-96B0-B43301E83971} did not register
with DCOM within the required timeout.

Error - 12/9/2009 8:07:47 AM | Computer Name = F52F2867C1364CC | Source = DCOM | ID = 10010
Description = The server {5A5AA0AA-1DEB-4683-96B0-B43301E83971} did not register
with DCOM within the required timeout.

Error - 12/9/2009 8:08:17 AM | Computer Name = F52F2867C1364CC | Source = DCOM | ID = 10010
Description = The server {5A5AA0AA-1DEB-4683-96B0-B43301E83971} did not register
with DCOM within the required timeout.

Error - 12/13/2009 6:36:57 PM | Computer Name = F52F2867C1364CC | Source = DCOM | ID = 10010
Description = The server {5A5AA0AA-1DEB-4683-96B0-B43301E83971} did not register
with DCOM within the required timeout.

Error - 12/13/2009 6:37:27 PM | Computer Name = F52F2867C1364CC | Source = DCOM | ID = 10010
Description = The server {5A5AA0AA-1DEB-4683-96B0-B43301E83971} did not register
with DCOM within the required timeout.


< End of report >

#15 jkchoi24

jkchoi24
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 13 December 2009 - 08:42 PM

Please, I don't care how long it takes for you to figure this problem out.
I just really need your help- I can't take my system crashing randomly; someone just opening up random files at it's own will, random programs opening and running all by itself.
I have gone through 3 reformats of my hard drive and yet still nothing has been resolved!
You are my last hope so please help me!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users