I have some issues with my system recently. I keep getting Symantec pop up that says Tidserv Activity Detected and certain IP address is blocked from xxx time to yyy time. When I use internet, my sites keep getting redicted to some advertisement sites.
Besides, I also get window message that says "TCIP/ IP has stopped working".
Quite often, my system will shut off itself with blue screen that says dumping physical memory.
I have came across another discussion says you require 3 files for you to understand the issue. Please see the DDS pasted below and Attach.txt and gmer file attached.
I really appreciate any kind of assistance you can provide. Thank you very much!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Cheewen Ng at 18:40:47 on 2012-01-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1580 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Cheewen Ng\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.searchcompletion.com/?si=10205&home=1
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.sonystyle.ca/vaio
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10205&home=1
uSearch Bar = hxxp://search.searchcompletion.com/?si=10205&home=1
uInternet Settings,ProxyOverride = local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [googletalk] c:\users\cheewen ng\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Google Update] "c:\users\cheewen ng\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Smad] "c:\users\cheewen ng\appdata\local\sanctionedmedia\smad\Smad.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Unattend0000000001{11F5AE89-8467-4F59-B203-FE9F4F0E4511}] %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\speedfan.lnk - c:\program files\speedfan\speedfan.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{CD724545-1010-4E83-A4B6-442088A955DE} : DhcpNameServer = 64.71.255.198
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\cheewen ng\appdata\roaming\mozilla\firefox\profiles\uciu5qj0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10205&q=
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\cheewen ng\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\cheewen ng\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\cheewen ng\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-26 2477304]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-1 2271608]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2010-5-28 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-5-28 17408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-4-28 28464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2008-4-28 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2008-4-28 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-4-28 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-4-28 818688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-28 1153368]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-10-26 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-29 136176]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2010-5-28 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2010-5-28 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2010-5-28 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-4-28 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-4-28 87328]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-07 18:59:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-07 18:58:45 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-07 18:58:43 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 18:58:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-07 18:58:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-07 18:58:37 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-07 18:58:35 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-07 18:57:20 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-01-07 17:10:24 -------- d-----w- c:\users\cheewen ng\appdata\local\{0D5EE393-01C1-47AC-A497-9562C6450903}
2012-01-07 17:09:11 -------- d-----w- c:\users\cheewen ng\appdata\local\{69FE61F8-0D01-4B03-90F4-AF22B725B35A}
2012-01-07 00:10:48 -------- d-----w- c:\users\cheewen ng\appdata\local\{0AF6863F-7980-4648-B213-831173D9EE2F}
2012-01-07 00:10:32 -------- d-----w- c:\users\cheewen ng\appdata\local\{845031FE-F467-480E-9035-1EF5864819D4}
2012-01-06 12:10:12 -------- d-----w- c:\users\cheewen ng\appdata\local\{84CF9663-2AD9-4272-A8F9-C6A95AA7C6B6}
2012-01-05 23:43:16 -------- d-----w- c:\users\cheewen ng\appdata\local\{C48979F8-6F4B-45F8-9E63-21C309CDCF49}
2012-01-05 23:43:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{71575716-115F-42AC-826A-77B3C4262AD9}
2012-01-05 11:42:49 -------- d-----w- c:\users\cheewen ng\appdata\local\{4053C5A1-ED96-4B93-9977-CF03655DE575}
2012-01-05 11:41:47 -------- d-----w- c:\users\cheewen ng\appdata\local\{A2AD6664-B9CF-46F6-907A-39AAC2089BEF}
2012-01-04 17:55:39 -------- d-----w- c:\users\cheewen ng\appdata\local\{54D3D57E-8813-4183-8F24-8614CBE2808B}
2012-01-04 17:54:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{461548B5-BB44-40CE-ACF3-3BCB285F7078}
2012-01-04 05:54:31 -------- d-----w- c:\users\cheewen ng\appdata\local\{E1DA432D-4237-4037-9780-F26B28C18517}
2012-01-04 05:54:18 -------- d-----w- c:\users\cheewen ng\appdata\local\{9B7F547E-F315-4211-8DF1-227EED4E8823}
2012-01-03 17:54:15 -------- d-----w- c:\users\cheewen ng\appdata\local\{08A35BC1-F428-447A-AD38-EFB11E3AFE73}
2012-01-03 05:46:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{B369E690-D5E5-4006-8CDD-977609DEFEAC}
2012-01-03 05:45:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{0DA45A11-E211-4DE5-89A2-1EE4C1FBE84D}
2012-01-02 17:45:31 -------- d-----w- c:\users\cheewen ng\appdata\local\{2BFA53A5-114A-4EA5-A382-F994202BBBAB}
2012-01-02 17:44:55 -------- d-----w- c:\users\cheewen ng\appdata\local\{72033EA5-FCF3-487B-B649-CC82A200C760}
2012-01-01 22:29:10 -------- d-----w- c:\users\cheewen ng\appdata\local\{78FC18D0-DEEB-4A60-94A3-F690C6B61E07}
2012-01-01 22:28:46 -------- d-----w- c:\users\cheewen ng\appdata\local\{693B6FB7-5502-4FF3-9EEA-24E1E7ED728F}
2011-12-31 17:41:38 -------- d-----w- c:\users\cheewen ng\appdata\local\{101DA094-D220-4B54-8078-BB73E5B01028}
2011-12-31 17:41:23 -------- d-----w- c:\users\cheewen ng\appdata\local\{26CDCE8E-DD21-4EC4-BE50-85A79F38EE80}
2011-12-31 05:41:19 -------- d-----w- c:\users\cheewen ng\appdata\local\{436D550C-C863-4973-A9E3-B3449EEEF1BC}
2011-12-31 05:41:05 -------- d-----w- c:\users\cheewen ng\appdata\local\{82EE88EF-59EC-47B0-9B6E-47BFFC1E45A7}
2011-12-30 17:41:01 -------- d-----w- c:\users\cheewen ng\appdata\local\{059AC69D-AA63-4067-BB17-B966A1E78359}
2011-12-30 17:40:21 -------- d-----w- c:\users\cheewen ng\appdata\local\{F2AB1C8F-E1DF-4978-9E38-71E8B2F61378}
2011-12-30 05:08:35 -------- d-----w- c:\users\cheewen ng\appdata\local\{F524A9DD-9BEE-4A2B-B123-7AD4DF698637}
2011-12-30 05:08:21 -------- d-----w- c:\users\cheewen ng\appdata\local\{EA3B67AA-3193-4D6C-ACDA-6E1D31296EDD}
2011-12-29 17:08:15 -------- d-----w- c:\users\cheewen ng\appdata\local\{42B90EBC-E252-44D1-A980-E6B1E6AECCEB}
2011-12-29 17:07:33 -------- d-----w- c:\users\cheewen ng\appdata\local\{DA10987B-8C20-4BDF-898F-90C3ED43D46D}
2011-12-29 01:27:59 -------- d-----w- c:\users\cheewen ng\appdata\local\{083CF3D4-5831-4826-8798-574D7CC165DE}
2011-12-29 01:27:02 -------- d-----w- c:\users\cheewen ng\appdata\local\{BBE2C542-16B7-4679-8473-19438B806C82}
2011-12-28 07:28:49 -------- d-----w- c:\users\cheewen ng\appdata\local\{0FEDABB3-0FCF-42D3-9161-5B0382284A3B}
2011-12-28 07:28:36 -------- d-----w- c:\users\cheewen ng\appdata\local\{867F135B-D865-4E73-9A95-8AEC52ECFC86}
2011-12-27 19:28:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{17C40065-194E-4294-9FAE-AB3AEC4DD869}
2011-12-27 19:27:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{E350EC80-1971-44A5-B712-045D844A9455}
2011-12-27 04:51:34 -------- d-----w- c:\users\cheewen ng\appdata\local\{A81E9042-8E9C-4ADC-B604-6D6DC2BB4A26}
2011-12-27 04:50:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{44F72B70-4006-4FB5-A0F4-774A72ABF984}
2011-12-26 14:50:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{4D6ED0EC-21B8-4DAF-8D08-89693DAF8C46}
2011-12-26 14:49:44 -------- d-----w- c:\users\cheewen ng\appdata\local\{6F8A0799-07A0-48E8-B8FB-07871621D1F8}
2011-12-25 21:37:44 -------- d-----w- c:\users\cheewen ng\appdata\local\{5D7E4959-1708-48FA-9568-42147F4E7572}
2011-12-25 21:37:11 -------- d-----w- c:\users\cheewen ng\appdata\local\{1FE4F372-A6D3-48A6-9FD7-E97D953D7D91}
2011-12-25 09:37:06 -------- d-----w- c:\users\cheewen ng\appdata\local\{188D79E1-099C-4246-A0E5-E0B158244B22}
2011-12-25 09:36:53 -------- d-----w- c:\users\cheewen ng\appdata\local\{15008875-994D-4724-A7A4-2BA74F635DD2}
2011-12-25 03:47:46 -------- d-----w- c:\program files\TimeAdjuster
2011-12-25 03:32:20 -------- d-----w- c:\users\cheewen ng\appdata\local\AMP
2011-12-25 03:27:08 -------- d-----w- c:\program files\Complitly
2011-12-25 03:26:39 -------- d-----w- c:\program files\GustoSoft
2011-12-24 21:36:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{CA4F87C6-7911-4B07-AAB3-691BE56FC7E8}
2011-12-24 21:36:03 -------- d-----w- c:\users\cheewen ng\appdata\local\{B30A299B-B1B9-44C3-BC47-F2FF2E5459C8}
2011-12-24 09:09:38 -------- d-----w- c:\users\cheewen ng\appdata\local\{0417387B-EF4D-4A90-89CD-9106D2209F9F}
2011-12-24 09:08:58 -------- d-----w- c:\users\cheewen ng\appdata\local\{D4FBD612-00FA-45BF-B285-6EB25FC53116}
2011-12-23 09:11:57 -------- d-----w- c:\users\cheewen ng\appdata\local\{C857398A-7975-4A5A-A4E6-06D3CB87D2F9}
2011-12-23 09:11:43 -------- d-----w- c:\users\cheewen ng\appdata\local\{0744B40D-F6EF-4C7B-A388-8EFC230485B4}
2011-12-22 21:11:38 -------- d-----w- c:\users\cheewen ng\appdata\local\{2A3879FC-05ED-4AD7-B7D8-0FEF5CE63EC7}
2011-12-22 21:10:49 -------- d-----w- c:\users\cheewen ng\appdata\local\{FC342886-341F-4243-8C12-286198D24097}
2011-12-22 07:11:37 -------- d-----w- c:\users\cheewen ng\appdata\local\{60C67C2A-F0F3-4DAB-AE70-B9DC16AC8968}
2011-12-22 07:11:23 -------- d-----w- c:\users\cheewen ng\appdata\local\{26437C20-2E8A-47A9-893E-71F6C96F297E}
2011-12-21 19:11:11 -------- d-----w- c:\users\cheewen ng\appdata\local\{2A4CC08B-D16A-443C-BA9E-5D8D27862AE6}
2011-12-21 19:10:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{B87C7790-CAF3-4840-A853-E4955B9BE5FD}
2011-12-21 07:10:46 -------- d-----w- c:\users\cheewen ng\appdata\local\{26E1294A-1A1B-47EC-9937-2D9CC2C753DE}
2011-12-21 07:10:29 -------- d-----w- c:\users\cheewen ng\appdata\local\{2BE36F9C-E131-4A81-836D-1DE397BE0F10}
2011-12-20 19:10:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{E79AE93D-8FCF-47BB-A55E-1454ABEA9880}
2011-12-20 19:09:51 -------- d-----w- c:\users\cheewen ng\appdata\local\{CB021A9D-0ECF-46D4-B271-41A0A2772272}
2011-12-20 07:09:45 -------- d-----w- c:\users\cheewen ng\appdata\local\{BE4D9377-7463-48C4-B53E-9303EC06FFAF}
2011-12-20 07:09:30 -------- d-----w- c:\users\cheewen ng\appdata\local\{C648B3BB-AC7B-4FD7-8154-2E9F60B48200}
2011-12-19 19:09:19 -------- d-----w- c:\users\cheewen ng\appdata\local\{934A221E-8265-4FB2-878F-3FFC50017BDB}
2011-12-19 19:08:25 -------- d-----w- c:\users\cheewen ng\appdata\local\{1F761599-7E07-4F8B-847A-66605C54825C}
2011-12-19 01:54:29 -------- d-----w- c:\users\cheewen ng\appdata\local\{4088260E-7349-4FDF-92A6-3375BBAFDD03}
2011-12-19 01:53:35 -------- d-----w- c:\users\cheewen ng\appdata\local\{E5853D6D-3C51-411F-B4A6-9420A091B2A0}
2011-12-17 21:37:58 -------- d-----w- c:\users\cheewen ng\appdata\local\{DCCEA3FC-7CA1-42BA-AB85-612FED6DA1C6}
2011-12-17 21:36:53 -------- d-----w- c:\users\cheewen ng\appdata\local\{DE7D501B-C7E7-4292-A3F3-B4A4F6847DF0}
2011-12-17 00:02:19 -------- d-----w- c:\users\cheewen ng\appdata\local\{9C6C8A44-AAE7-426A-9775-09779F7F954E}
2011-12-17 00:01:55 -------- d-----w- c:\users\cheewen ng\appdata\local\{29D55B43-1A55-4DB6-B179-B863F9219E71}
2011-12-16 08:46:14 -------- d-----w- c:\users\cheewen ng\appdata\local\{77B60E0D-490C-4902-B047-8535B63DCBB6}
2011-12-15 20:45:36 -------- d-----w- c:\users\cheewen ng\appdata\local\{A532D0C9-6E31-45FB-A7AC-E542C56013DD}
2011-12-15 08:45:01 -------- d-----w- c:\users\cheewen ng\appdata\local\{E24C1B85-EBC1-4D7B-8613-17245D15CD7A}
2011-12-15 02:16:29 -------- d-----w- c:\program files\common files\HP
2011-12-14 20:44:26 -------- d-----w- c:\users\cheewen ng\appdata\local\{B11D483D-478C-47A6-8D8E-BDF923F78B93}
2011-12-14 08:43:50 -------- d-----w- c:\users\cheewen ng\appdata\local\{66F86D8A-2C40-4C15-9D8C-F89A99B49C1D}
2011-12-14 08:43:27 -------- d-----w- c:\users\cheewen ng\appdata\local\{032E14EE-88E4-45E6-85D7-935B10D74A2C}
2011-12-13 20:43:02 -------- d-----w- c:\users\cheewen ng\appdata\local\{402DD186-638C-4A5B-8FE8-2A2FBB233117}
2011-12-13 20:42:40 -------- d-----w- c:\users\cheewen ng\appdata\local\{D1555FB8-7DAD-46E8-A882-4C124BD0D37C}
2011-12-13 08:42:27 -------- d-----w- c:\users\cheewen ng\appdata\local\{DEEBA95D-CBE2-4CCA-B363-EF43FBC07F95}
2011-12-13 08:42:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{40CB293A-688B-4F36-8B41-614058AE95DE}
2011-12-13 03:12:29 -------- d-----w- c:\users\cheewen ng\appdata\local\SanctionedMedia
2011-12-12 20:41:52 -------- d-----w- c:\users\cheewen ng\appdata\local\{E04D59A2-46EE-4C04-9F02-D32558EA6655}
2011-12-12 20:41:30 -------- d-----w- c:\users\cheewen ng\appdata\local\{BD25AFE7-FF8F-4530-B2ED-38706D4335BF}
2011-12-12 08:41:18 -------- d-----w- c:\users\cheewen ng\appdata\local\{598DDCAE-BE81-4C61-9DA4-026D82F54DBE}
2011-12-12 08:40:57 -------- d-----w- c:\users\cheewen ng\appdata\local\{305AC52B-1E98-4129-A84F-0E5EE245CD16}
2011-12-11 20:40:27 -------- d-----w- c:\users\cheewen ng\appdata\local\{03F39722-39C1-48A1-99FA-D09916A1AB36}
2011-12-11 20:39:24 -------- d-----w- c:\users\cheewen ng\appdata\local\{F2AB6ABC-0DE2-4206-9E4D-849130A00C28}
2011-12-10 01:18:55 -------- d-----w- c:\users\cheewen ng\appdata\local\{C318C3AB-40B8-474B-A875-4815FA7C576A}
2011-12-10 01:17:16 -------- d-----w- c:\users\cheewen ng\appdata\local\{280D2030-CD79-445F-8800-3133002B1123}
2011-12-09 13:23:00 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1990b35c-c553-404c-95e0-3d077377a8e7}\mpengine.dll
2011-12-09 13:16:57 -------- d-----w- c:\users\cheewen ng\appdata\local\{C2EF224D-0C96-431A-827A-A773CF9F2FCB}
2011-12-09 13:16:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{67C3F956-625B-4677-8FAC-AC255744FDE5}
2011-12-09 00:32:04 -------- d-----w- c:\users\cheewen ng\appdata\local\{660B116D-1F58-4C5C-862F-8365CAD3F0A1}
2011-12-09 00:31:12 -------- d-----w- c:\users\cheewen ng\appdata\local\{ADA3C69F-09F0-49D1-8DD2-AB9BF5A1730F}
.
==================== Find3M ====================
.
2011-11-18 09:18:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-13 19:10:38 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-10-13 19:10:34 88 --sh--r- c:\windows\system32\05BD190A5F.sys
.
============= FINISH: 18:42:05.40 ===============