Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tidserv Activity Detected [Closed]


  • This topic is locked This topic is locked

#1
purple_cloud

purple_cloud

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I have some issues with my system recently. I keep getting Symantec pop up that says Tidserv Activity Detected and certain IP address is blocked from xxx time to yyy time. When I use internet, my sites keep getting redicted to some advertisement sites.
Besides, I also get window message that says "TCIP/ IP has stopped working".
Quite often, my system will shut off itself with blue screen that says dumping physical memory.
I have came across another discussion says you require 3 files for you to understand the issue. Please see the DDS pasted below and Attach.txt and gmer file attached.
I really appreciate any kind of assistance you can provide. Thank you very much!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Cheewen Ng at 18:40:47 on 2012-01-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1580 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Cheewen Ng\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.searchcompletion.com/?si=10205&home=1
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.sonystyle.ca/vaio
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10205&home=1
uSearch Bar = hxxp://search.searchcompletion.com/?si=10205&home=1
uInternet Settings,ProxyOverride = local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [googletalk] c:\users\cheewen ng\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\users\cheewen ng\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Smad] "c:\users\cheewen ng\appdata\local\sanctionedmedia\smad\Smad.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Unattend0000000001{11F5AE89-8467-4F59-B203-FE9F4F0E4511}] %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{CD724545-1010-4E83-A4B6-442088A955DE} : DhcpNameServer = 64.71.255.198
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cheewen ng\appdata\roaming\mozilla\firefox\profiles\uciu5qj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10205&q=
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\cheewen ng\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\cheewen ng\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\cheewen ng\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-26 2477304]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-1 2271608]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2010-5-28 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-5-28 17408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-4-28 28464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2008-4-28 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2008-4-28 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-4-28 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-4-28 818688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-28 1153368]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-26 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2010-5-28 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2010-5-28 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2010-5-28 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-4-28 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-4-28 87328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-07 18:59:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-07 18:58:45 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-07 18:58:43 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 18:58:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-07 18:58:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-07 18:58:37 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-07 18:58:35 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-07 18:57:20 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-01-07 17:10:24 -------- d-----w- c:\users\cheewen ng\appdata\local\{0D5EE393-01C1-47AC-A497-9562C6450903}
2012-01-07 17:09:11 -------- d-----w- c:\users\cheewen ng\appdata\local\{69FE61F8-0D01-4B03-90F4-AF22B725B35A}
2012-01-07 00:10:48 -------- d-----w- c:\users\cheewen ng\appdata\local\{0AF6863F-7980-4648-B213-831173D9EE2F}
2012-01-07 00:10:32 -------- d-----w- c:\users\cheewen ng\appdata\local\{845031FE-F467-480E-9035-1EF5864819D4}
2012-01-06 12:10:12 -------- d-----w- c:\users\cheewen ng\appdata\local\{84CF9663-2AD9-4272-A8F9-C6A95AA7C6B6}
2012-01-05 23:43:16 -------- d-----w- c:\users\cheewen ng\appdata\local\{C48979F8-6F4B-45F8-9E63-21C309CDCF49}
2012-01-05 23:43:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{71575716-115F-42AC-826A-77B3C4262AD9}
2012-01-05 11:42:49 -------- d-----w- c:\users\cheewen ng\appdata\local\{4053C5A1-ED96-4B93-9977-CF03655DE575}
2012-01-05 11:41:47 -------- d-----w- c:\users\cheewen ng\appdata\local\{A2AD6664-B9CF-46F6-907A-39AAC2089BEF}
2012-01-04 17:55:39 -------- d-----w- c:\users\cheewen ng\appdata\local\{54D3D57E-8813-4183-8F24-8614CBE2808B}
2012-01-04 17:54:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{461548B5-BB44-40CE-ACF3-3BCB285F7078}
2012-01-04 05:54:31 -------- d-----w- c:\users\cheewen ng\appdata\local\{E1DA432D-4237-4037-9780-F26B28C18517}
2012-01-04 05:54:18 -------- d-----w- c:\users\cheewen ng\appdata\local\{9B7F547E-F315-4211-8DF1-227EED4E8823}
2012-01-03 17:54:15 -------- d-----w- c:\users\cheewen ng\appdata\local\{08A35BC1-F428-447A-AD38-EFB11E3AFE73}
2012-01-03 05:46:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{B369E690-D5E5-4006-8CDD-977609DEFEAC}
2012-01-03 05:45:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{0DA45A11-E211-4DE5-89A2-1EE4C1FBE84D}
2012-01-02 17:45:31 -------- d-----w- c:\users\cheewen ng\appdata\local\{2BFA53A5-114A-4EA5-A382-F994202BBBAB}
2012-01-02 17:44:55 -------- d-----w- c:\users\cheewen ng\appdata\local\{72033EA5-FCF3-487B-B649-CC82A200C760}
2012-01-01 22:29:10 -------- d-----w- c:\users\cheewen ng\appdata\local\{78FC18D0-DEEB-4A60-94A3-F690C6B61E07}
2012-01-01 22:28:46 -------- d-----w- c:\users\cheewen ng\appdata\local\{693B6FB7-5502-4FF3-9EEA-24E1E7ED728F}
2011-12-31 17:41:38 -------- d-----w- c:\users\cheewen ng\appdata\local\{101DA094-D220-4B54-8078-BB73E5B01028}
2011-12-31 17:41:23 -------- d-----w- c:\users\cheewen ng\appdata\local\{26CDCE8E-DD21-4EC4-BE50-85A79F38EE80}
2011-12-31 05:41:19 -------- d-----w- c:\users\cheewen ng\appdata\local\{436D550C-C863-4973-A9E3-B3449EEEF1BC}
2011-12-31 05:41:05 -------- d-----w- c:\users\cheewen ng\appdata\local\{82EE88EF-59EC-47B0-9B6E-47BFFC1E45A7}
2011-12-30 17:41:01 -------- d-----w- c:\users\cheewen ng\appdata\local\{059AC69D-AA63-4067-BB17-B966A1E78359}
2011-12-30 17:40:21 -------- d-----w- c:\users\cheewen ng\appdata\local\{F2AB1C8F-E1DF-4978-9E38-71E8B2F61378}
2011-12-30 05:08:35 -------- d-----w- c:\users\cheewen ng\appdata\local\{F524A9DD-9BEE-4A2B-B123-7AD4DF698637}
2011-12-30 05:08:21 -------- d-----w- c:\users\cheewen ng\appdata\local\{EA3B67AA-3193-4D6C-ACDA-6E1D31296EDD}
2011-12-29 17:08:15 -------- d-----w- c:\users\cheewen ng\appdata\local\{42B90EBC-E252-44D1-A980-E6B1E6AECCEB}
2011-12-29 17:07:33 -------- d-----w- c:\users\cheewen ng\appdata\local\{DA10987B-8C20-4BDF-898F-90C3ED43D46D}
2011-12-29 01:27:59 -------- d-----w- c:\users\cheewen ng\appdata\local\{083CF3D4-5831-4826-8798-574D7CC165DE}
2011-12-29 01:27:02 -------- d-----w- c:\users\cheewen ng\appdata\local\{BBE2C542-16B7-4679-8473-19438B806C82}
2011-12-28 07:28:49 -------- d-----w- c:\users\cheewen ng\appdata\local\{0FEDABB3-0FCF-42D3-9161-5B0382284A3B}
2011-12-28 07:28:36 -------- d-----w- c:\users\cheewen ng\appdata\local\{867F135B-D865-4E73-9A95-8AEC52ECFC86}
2011-12-27 19:28:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{17C40065-194E-4294-9FAE-AB3AEC4DD869}
2011-12-27 19:27:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{E350EC80-1971-44A5-B712-045D844A9455}
2011-12-27 04:51:34 -------- d-----w- c:\users\cheewen ng\appdata\local\{A81E9042-8E9C-4ADC-B604-6D6DC2BB4A26}
2011-12-27 04:50:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{44F72B70-4006-4FB5-A0F4-774A72ABF984}
2011-12-26 14:50:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{4D6ED0EC-21B8-4DAF-8D08-89693DAF8C46}
2011-12-26 14:49:44 -------- d-----w- c:\users\cheewen ng\appdata\local\{6F8A0799-07A0-48E8-B8FB-07871621D1F8}
2011-12-25 21:37:44 -------- d-----w- c:\users\cheewen ng\appdata\local\{5D7E4959-1708-48FA-9568-42147F4E7572}
2011-12-25 21:37:11 -------- d-----w- c:\users\cheewen ng\appdata\local\{1FE4F372-A6D3-48A6-9FD7-E97D953D7D91}
2011-12-25 09:37:06 -------- d-----w- c:\users\cheewen ng\appdata\local\{188D79E1-099C-4246-A0E5-E0B158244B22}
2011-12-25 09:36:53 -------- d-----w- c:\users\cheewen ng\appdata\local\{15008875-994D-4724-A7A4-2BA74F635DD2}
2011-12-25 03:47:46 -------- d-----w- c:\program files\TimeAdjuster
2011-12-25 03:32:20 -------- d-----w- c:\users\cheewen ng\appdata\local\AMP
2011-12-25 03:27:08 -------- d-----w- c:\program files\Complitly
2011-12-25 03:26:39 -------- d-----w- c:\program files\GustoSoft
2011-12-24 21:36:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{CA4F87C6-7911-4B07-AAB3-691BE56FC7E8}
2011-12-24 21:36:03 -------- d-----w- c:\users\cheewen ng\appdata\local\{B30A299B-B1B9-44C3-BC47-F2FF2E5459C8}
2011-12-24 09:09:38 -------- d-----w- c:\users\cheewen ng\appdata\local\{0417387B-EF4D-4A90-89CD-9106D2209F9F}
2011-12-24 09:08:58 -------- d-----w- c:\users\cheewen ng\appdata\local\{D4FBD612-00FA-45BF-B285-6EB25FC53116}
2011-12-23 09:11:57 -------- d-----w- c:\users\cheewen ng\appdata\local\{C857398A-7975-4A5A-A4E6-06D3CB87D2F9}
2011-12-23 09:11:43 -------- d-----w- c:\users\cheewen ng\appdata\local\{0744B40D-F6EF-4C7B-A388-8EFC230485B4}
2011-12-22 21:11:38 -------- d-----w- c:\users\cheewen ng\appdata\local\{2A3879FC-05ED-4AD7-B7D8-0FEF5CE63EC7}
2011-12-22 21:10:49 -------- d-----w- c:\users\cheewen ng\appdata\local\{FC342886-341F-4243-8C12-286198D24097}
2011-12-22 07:11:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{60C67C2A-F0F3-4DAB-AE70-B9DC16AC8968}
2011-12-22 07:11:23 -------- d-----w- c:\users\cheewen ng\appdata\local\{26437C20-2E8A-47A9-893E-71F6C96F297E}
2011-12-21 19:11:11 -------- d-----w- c:\users\cheewen ng\appdata\local\{2A4CC08B-D16A-443C-BA9E-5D8D27862AE6}
2011-12-21 19:10:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{B87C7790-CAF3-4840-A853-E4955B9BE5FD}
2011-12-21 07:10:46 -------- d-----w- c:\users\cheewen ng\appdata\local\{26E1294A-1A1B-47EC-9937-2D9CC2C753DE}
2011-12-21 07:10:29 -------- d-----w- c:\users\cheewen ng\appdata\local\{2BE36F9C-E131-4A81-836D-1DE397BE0F10}
2011-12-20 19:10:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{E79AE93D-8FCF-47BB-A55E-1454ABEA9880}
2011-12-20 19:09:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{CB021A9D-0ECF-46D4-B271-41A0A2772272}
2011-12-20 07:09:45 -------- d-----w- c:\users\cheewen ng\appdata\local\{BE4D9377-7463-48C4-B53E-9303EC06FFAF}
2011-12-20 07:09:30 -------- d-----w- c:\users\cheewen ng\appdata\local\{C648B3BB-AC7B-4FD7-8154-2E9F60B48200}
2011-12-19 19:09:19 -------- d-----w- c:\users\cheewen ng\appdata\local\{934A221E-8265-4FB2-878F-3FFC50017BDB}
2011-12-19 19:08:25 -------- d-----w- c:\users\cheewen ng\appdata\local\{1F761599-7E07-4F8B-847A-66605C54825C}
2011-12-19 01:54:29 -------- d-----w- c:\users\cheewen ng\appdata\local\{4088260E-7349-4FDF-92A6-3375BBAFDD03}
2011-12-19 01:53:35 -------- d-----w- c:\users\cheewen ng\appdata\local\{E5853D6D-3C51-411F-B4A6-9420A091B2A0}
2011-12-17 21:37:58 -------- d-----w- c:\users\cheewen ng\appdata\local\{DCCEA3FC-7CA1-42BA-AB85-612FED6DA1C6}
2011-12-17 21:36:53 -------- d-----w- c:\users\cheewen ng\appdata\local\{DE7D501B-C7E7-4292-A3F3-B4A4F6847DF0}
2011-12-17 00:02:19 -------- d-----w- c:\users\cheewen ng\appdata\local\{9C6C8A44-AAE7-426A-9775-09779F7F954E}
2011-12-17 00:01:55 -------- d-----w- c:\users\cheewen ng\appdata\local\{29D55B43-1A55-4DB6-B179-B863F9219E71}
2011-12-16 08:46:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{77B60E0D-490C-4902-B047-8535B63DCBB6}
2011-12-15 20:45:36 -------- d-----w- c:\users\cheewen ng\appdata\local\{A532D0C9-6E31-45FB-A7AC-E542C56013DD}
2011-12-15 08:45:01 -------- d-----w- c:\users\cheewen ng\appdata\local\{E24C1B85-EBC1-4D7B-8613-17245D15CD7A}
2011-12-15 02:16:29 -------- d-----w- c:\program files\common files\HP
2011-12-14 20:44:26 -------- d-----w- c:\users\cheewen ng\appdata\local\{B11D483D-478C-47A6-8D8E-BDF923F78B93}
2011-12-14 08:43:50 -------- d-----w- c:\users\cheewen ng\appdata\local\{66F86D8A-2C40-4C15-9D8C-F89A99B49C1D}
2011-12-14 08:43:27 -------- d-----w- c:\users\cheewen ng\appdata\local\{032E14EE-88E4-45E6-85D7-935B10D74A2C}
2011-12-13 20:43:02 -------- d-----w- c:\users\cheewen ng\appdata\local\{402DD186-638C-4A5B-8FE8-2A2FBB233117}
2011-12-13 20:42:40 -------- d-----w- c:\users\cheewen ng\appdata\local\{D1555FB8-7DAD-46E8-A882-4C124BD0D37C}
2011-12-13 08:42:27 -------- d-----w- c:\users\cheewen ng\appdata\local\{DEEBA95D-CBE2-4CCA-B363-EF43FBC07F95}
2011-12-13 08:42:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{40CB293A-688B-4F36-8B41-614058AE95DE}
2011-12-13 03:12:29 -------- d-----w- c:\users\cheewen ng\appdata\local\SanctionedMedia
2011-12-12 20:41:52 -------- d-----w- c:\users\cheewen ng\appdata\local\{E04D59A2-46EE-4C04-9F02-D32558EA6655}
2011-12-12 20:41:30 -------- d-----w- c:\users\cheewen ng\appdata\local\{BD25AFE7-FF8F-4530-B2ED-38706D4335BF}
2011-12-12 08:41:18 -------- d-----w- c:\users\cheewen ng\appdata\local\{598DDCAE-BE81-4C61-9DA4-026D82F54DBE}
2011-12-12 08:40:57 -------- d-----w- c:\users\cheewen ng\appdata\local\{305AC52B-1E98-4129-A84F-0E5EE245CD16}
2011-12-11 20:40:27 -------- d-----w- c:\users\cheewen ng\appdata\local\{03F39722-39C1-48A1-99FA-D09916A1AB36}
2011-12-11 20:39:24 -------- d-----w- c:\users\cheewen ng\appdata\local\{F2AB6ABC-0DE2-4206-9E4D-849130A00C28}
2011-12-10 01:18:55 -------- d-----w- c:\users\cheewen ng\appdata\local\{C318C3AB-40B8-474B-A875-4815FA7C576A}
2011-12-10 01:17:16 -------- d-----w- c:\users\cheewen ng\appdata\local\{280D2030-CD79-445F-8800-3133002B1123}
2011-12-09 13:23:00 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1990b35c-c553-404c-95e0-3d077377a8e7}\mpengine.dll
2011-12-09 13:16:57 -------- d-----w- c:\users\cheewen ng\appdata\local\{C2EF224D-0C96-431A-827A-A773CF9F2FCB}
2011-12-09 13:16:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{67C3F956-625B-4677-8FAC-AC255744FDE5}
2011-12-09 00:32:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{660B116D-1F58-4C5C-862F-8365CAD3F0A1}
2011-12-09 00:31:12 -------- d-----w- c:\users\cheewen ng\appdata\local\{ADA3C69F-09F0-49D1-8DD2-AB9BF5A1730F}
.
==================== Find3M ====================
.
2011-11-18 09:18:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-13 19:10:38 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-10-13 19:10:34 88 --sh--r- c:\windows\system32\05BD190A5F.sys
.
============= FINISH: 18:42:05.40 ===============

Attached Files


  • 0

Advertisements


#2
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP