Solved Tidserv Activity Detected

aswMBR

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-11 22:42:41
-----------------------------
22:42:41.454 OS Version: Windows 6.0.6002 Service Pack 2
22:42:41.454 Number of processors: 2 586 0xF0D
22:42:41.456 ComputerName: CHEEWEN-PC UserName: Cheewen Ng
22:43:03.252 Initialize success
22:43:56.103 AVAST engine defs: 12011101
22:44:03.065 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:44:03.068 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC3BP Size: 238475MB BusType: 3
22:44:03.070 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000073
22:44:03.073 Disk 1 Vendor: ( Size: 238475MB BusType: 0
22:44:03.076 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000074
22:44:03.079 Disk 2 Vendor: ( Size: 238475MB BusType: 0
22:44:03.114 Disk 0 MBR read successfully
22:44:03.117 Disk 0 MBR scan
22:44:03.124 Disk 0 Windows 7 default MBR code
22:44:03.142 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9211 MB offset 2048
22:44:03.159 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145581 MB offset 18866176
22:44:03.194 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 83679 MB offset 317018112
22:44:03.216 Disk 0 scanning sectors +488392704
22:44:03.390 Disk 0 scanning C:\Windows\system32\drivers
22:44:28.978 Service scanning
22:44:30.523 Service .smb \* **LOCKED** 123
22:44:30.696 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:44:30.712 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
22:44:30.725 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
22:44:30.790 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
22:44:30.797 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
22:44:31.310 Modules scanning
22:44:48.351 Disk 0 trace - called modules:
22:44:48.387 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x857161f8]<<
22:44:48.393 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8616aac8]
22:44:48.398 3 CLASSPNP.SYS[8aba68b3] -> nt!IofCallDriver -> [0x857668d8]
22:44:48.403 5 acpi.sys[807b86bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x849844e0]
22:44:48.408 \Driver\atapi[0x857c1d40] -> IRP_MJ_CREATE -> 0x857161f8
22:44:49.826 AVAST engine scan C:\Windows
22:44:54.088 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
22:44:57.182 AVAST engine scan C:\Windows\system32
22:48:46.807 AVAST engine scan C:\Windows\system32\drivers
22:49:03.474 AVAST engine scan C:\Users\Cheewen Ng
23:03:15.616 AVAST engine scan C:\ProgramData
23:07:54.645 Scan finished successfully
23:08:04.731 Disk 0 MBR has been saved successfully to "C:\Users\Cheewen Ng\Desktop\MBR.dat"
23:08:04.738 The log file has been saved successfully to "C:\Users\Cheewen Ng\Desktop\aswMBR.txt"
23:08:59.706 Disk 0 MBR has been saved successfully to "C:\Users\Cheewen Ng\Desktop\MBR.dat"
23:08:59.879 The log file has been saved successfully to "C:\Users\Cheewen Ng\Desktop\aswMBR.txt"
23:09:32.947 Disk 0 MBR has been saved successfully to "C:\Users\Cheewen Ng\Desktop\MBR.dat"
23:09:32.961 The log file has been saved successfully to "C:\Users\Cheewen Ng\Desktop\aswMBR1.txt"
 
Good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL p1

Yes, it is better! No more pop ups! Really appreciate your help!

OTL logfile created on: 1/12/2012 8:54:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cheewen Ng\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.10% Memory free
7.38 Gb Paging File | 6.20 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): c:\pagefile.sys 4591 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.17 Gb Total Space | 36.29 Gb Free Space | 25.52% Space Free | Partition Type: NTFS
Drive N: | 81.72 Gb Total Space | 66.74 Gb Free Space | 81.67% Space Free | Partition Type: NTFS

Computer Name: CHEEWEN-PC | User Name: Cheewen Ng | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/12 20:36:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cheewen Ng\Desktop\OTL.exe
PRC - [2011/04/01 03:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/05/28 08:01:45 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/11/25 08:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2009/10/26 08:54:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/26 08:54:38 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/26 08:54:34 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/10/26 08:54:34 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/10/26 08:54:32 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/11 21:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/02 13:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/04/02 13:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/02 13:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/03/07 13:48:38 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/02/21 12:26:20 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/02/21 12:26:20 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/11/21 14:38:28 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/11/09 19:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/10/30 13:04:08 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/10/30 13:04:08 | 000,748,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/06/05 15:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Cheewen Ng\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/12 18:44:51 | 000,192,512 | ---- | M] () -- C:\Users\Cheewen Ng\AppData\Local\temp\sfamcc00001.dll
MOD - [2012/01/12 18:44:51 | 000,172,032 | ---- | M] () -- C:\Users\Cheewen Ng\AppData\Local\temp\sfareca00001.dll
MOD - [2010/03/03 15:33:12 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/02/04 19:08:45 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/10/30 12:57:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/10/30 12:44:52 | 000,393,216 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/23 13:32:51 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/01 03:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2009/10/26 08:54:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/26 08:54:38 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/26 08:54:36 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/10/26 08:54:34 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/26 08:54:32 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/02 13:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/04/02 13:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/04/02 13:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/04/02 13:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/03/04 22:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/04 22:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/04 22:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/03 16:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/03 15:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/02/21 12:26:20 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/11/28 04:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 04:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 03:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/11/09 19:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/06/05 15:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/11/08 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/08 04:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/04 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120111.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/08 16:44:14 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/28 23:42:39 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/28 16:53:21 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/10/26 08:54:42 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/10/26 08:54:40 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/26 08:54:40 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/26 08:54:38 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/26 08:54:38 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/10/26 08:54:38 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/10/26 08:54:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/26 08:54:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/26 08:54:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/10/26 08:54:28 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/02/12 19:01:28 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/02/12 19:01:28 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/02/06 19:03:27 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/30 19:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/12/16 20:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/12/13 19:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/11/15 19:29:22 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/09/18 22:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/05/26 03:03:06 | 000,128,104 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10205&home=1
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10205&home=1
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10205&home=1
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10205&home=1
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.defaultenginename: "Complitly"
FF - prefs.js..browser.search.order.1: "Complitly"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.searchcompletion.com/?bs=1&si=10205&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Cheewen Ng\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Cheewen Ng\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cheewen Ng\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cheewen Ng\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/15 10:14:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/24 22:00:02 | 000,000,000 | ---D | M]

[2010/05/27 23:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheewen Ng\AppData\Roaming\Mozilla\Extensions
[2012/01/07 12:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheewen Ng\AppData\Roaming\Mozilla\Firefox\Profiles\uciu5qj0.default\extensions
[2010/05/30 01:09:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cheewen Ng\AppData\Roaming\Mozilla\Firefox\Profiles\uciu5qj0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/28 09:17:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cheewen Ng\AppData\Roaming\Mozilla\Firefox\Profiles\uciu5qj0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/09 20:20:02 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Users\Cheewen Ng\AppData\Roaming\Mozilla\Firefox\Profiles\uciu5qj0.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
[2011/12/10 00:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 20:24:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/23 17:18:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/13 13:11:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/06/11 13:05:14 | 000,253,952 | ---- | M] () -- C:\Program Files\mozilla firefox\components\CheckTudouVa.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/24 22:27:13 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml

O1 HOSTS File: ([2012/01/11 22:24:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-1789908265-441396232-4072253329-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1789908265-441396232-4072253329-1000..\Run: [googletalk] C:\Users\Cheewen Ng\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD724545-1010-4E83-A4B6-442088A955DE}: DhcpNameServer = 64.71.255.198
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Cheewen Ng\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cheewen Ng\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 20:36:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Cheewen Ng\Desktop\OTL.exe
[2012/01/12 20:33:11 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{C2685970-9D98-4EEC-8DC3-5892BA6FDAD8}
[2012/01/12 20:32:37 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{44EF32F8-515B-48D0-966E-85F36C122CEB}
[2012/01/11 22:30:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/11 22:30:11 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\temp
[2012/01/11 22:24:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/11 22:04:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/11 19:04:19 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{64298741-F1CB-4B48-9412-C48911066F8D}
[2012/01/11 19:03:25 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{4B32D155-FE26-4715-9233-80F8F8DF956B}
[2012/01/10 21:13:41 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{8592363A-2E73-4464-9B5F-16AF690F7276}
[2012/01/10 21:13:28 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{083AD1DF-D139-474F-B005-817ECFD854EA}
[2012/01/10 19:29:41 | 000,046,640 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2012/01/09 22:43:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/09 22:43:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/09 22:43:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/09 22:42:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/09 22:40:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/09 20:33:47 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Roaming\Malwarebytes
[2012/01/09 20:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/09 20:33:40 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/09 20:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/09 19:14:40 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{A03A1812-11C3-4F51-BE93-7DC7F9BC4434}
[2012/01/09 19:14:26 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{AD900ECA-2375-4771-8413-07CB86333587}
[2012/01/09 07:14:07 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{F8C11F14-3B67-4701-B36A-9198D3C54184}
[2012/01/09 07:13:26 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{F70A7C40-6F69-4707-A971-88AA1E6A9DF4}
[2012/01/08 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{6852BF4E-389E-42FB-B046-46CFDAB74569}
[2012/01/08 12:11:02 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{74D0923E-1DA8-4309-84E9-C584BE5D86DA}
[2012/01/08 00:10:58 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{727FE0F7-446E-41DE-B847-FDE2695C0826}
[2012/01/08 00:10:44 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{8731B9D9-4753-49F6-9F3E-0AABCD1761CD}
[2012/01/07 12:10:24 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{0D5EE393-01C1-47AC-A497-9562C6450903}
[2012/01/07 12:09:11 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{69FE61F8-0D01-4B03-90F4-AF22B725B35A}
[2012/01/06 19:10:48 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{0AF6863F-7980-4648-B213-831173D9EE2F}
[2012/01/06 19:10:32 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{845031FE-F467-480E-9035-1EF5864819D4}
[2012/01/06 07:10:12 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{84CF9663-2AD9-4272-A8F9-C6A95AA7C6B6}
[2012/01/05 18:43:16 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{C48979F8-6F4B-45F8-9E63-21C309CDCF49}
[2012/01/05 18:43:14 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{71575716-115F-42AC-826A-77B3C4262AD9}
[2012/01/05 06:42:49 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{4053C5A1-ED96-4B93-9977-CF03655DE575}
[2012/01/05 06:41:47 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{A2AD6664-B9CF-46F6-907A-39AAC2089BEF}
[2012/01/04 12:55:39 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{54D3D57E-8813-4183-8F24-8614CBE2808B}
[2012/01/04 12:54:37 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{461548B5-BB44-40CE-ACF3-3BCB285F7078}
[2012/01/04 00:54:31 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{E1DA432D-4237-4037-9780-F26B28C18517}
[2012/01/04 00:54:18 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{9B7F547E-F315-4211-8DF1-227EED4E8823}
[2012/01/03 12:54:15 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{08A35BC1-F428-447A-AD38-EFB11E3AFE73}
[2012/01/03 00:46:04 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{B369E690-D5E5-4006-8CDD-977609DEFEAC}
[2012/01/03 00:45:51 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{0DA45A11-E211-4DE5-89A2-1EE4C1FBE84D}
[2012/01/02 12:45:31 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{2BFA53A5-114A-4EA5-A382-F994202BBBAB}
[2012/01/02 12:44:55 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{72033EA5-FCF3-487B-B649-CC82A200C760}
[2012/01/01 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{78FC18D0-DEEB-4A60-94A3-F690C6B61E07}
[2012/01/01 17:28:46 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{693B6FB7-5502-4FF3-9EEA-24E1E7ED728F}
[2011/12/31 12:41:38 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{101DA094-D220-4B54-8078-BB73E5B01028}
[2011/12/31 12:41:23 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{26CDCE8E-DD21-4EC4-BE50-85A79F38EE80}
[2011/12/31 00:41:19 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{436D550C-C863-4973-A9E3-B3449EEEF1BC}
[2011/12/31 00:41:05 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{82EE88EF-59EC-47B0-9B6E-47BFFC1E45A7}
[2011/12/30 12:41:01 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{059AC69D-AA63-4067-BB17-B966A1E78359}
[2011/12/30 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{F2AB1C8F-E1DF-4978-9E38-71E8B2F61378}
[2011/12/30 00:08:35 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{F524A9DD-9BEE-4A2B-B123-7AD4DF698637}
[2011/12/30 00:08:21 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{EA3B67AA-3193-4D6C-ACDA-6E1D31296EDD}
[2011/12/29 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{42B90EBC-E252-44D1-A980-E6B1E6AECCEB}
[2011/12/29 12:07:33 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{DA10987B-8C20-4BDF-898F-90C3ED43D46D}
[2011/12/28 20:27:59 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{083CF3D4-5831-4826-8798-574D7CC165DE}
[2011/12/28 20:27:02 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{BBE2C542-16B7-4679-8473-19438B806C82}
[2011/12/28 02:28:49 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{0FEDABB3-0FCF-42D3-9161-5B0382284A3B}
[2011/12/28 02:28:36 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{867F135B-D865-4E73-9A95-8AEC52ECFC86}
[2011/12/27 14:28:14 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{17C40065-194E-4294-9FAE-AB3AEC4DD869}
[2011/12/27 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{E350EC80-1971-44A5-B712-045D844A9455}
[2011/12/26 23:51:34 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{A81E9042-8E9C-4ADC-B604-6D6DC2BB4A26}
[2011/12/26 23:50:51 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{44F72B70-4006-4FB5-A0F4-774A72ABF984}
[2011/12/26 09:50:14 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{4D6ED0EC-21B8-4DAF-8D08-89693DAF8C46}
[2011/12/26 09:49:44 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{6F8A0799-07A0-48E8-B8FB-07871621D1F8}
[2011/12/25 16:37:44 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{5D7E4959-1708-48FA-9568-42147F4E7572}
[2011/12/25 16:37:11 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{1FE4F372-A6D3-48A6-9FD7-E97D953D7D91}
[2011/12/25 04:37:06 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{188D79E1-099C-4246-A0E5-E0B158244B22}
[2011/12/25 04:36:53 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{15008875-994D-4724-A7A4-2BA74F635DD2}
[2011/12/24 22:47:47 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TimeAdjuster
[2011/12/24 22:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TimeAdjuster
[2011/12/24 22:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\TimeAdjuster
[2011/12/24 22:32:20 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData
 
OTL p1

\Local\AMP
[2011/12/24 22:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Media Player
[2011/12/24 22:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2011/12/24 22:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace DivX Player
[2011/12/24 22:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\GustoSoft
[2011/12/24 16:36:37 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{CA4F87C6-7911-4B07-AAB3-691BE56FC7E8}
[2011/12/24 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{B30A299B-B1B9-44C3-BC47-F2FF2E5459C8}
[2011/12/24 04:09:38 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{0417387B-EF4D-4A90-89CD-9106D2209F9F}
[2011/12/24 04:08:58 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{D4FBD612-00FA-45BF-B285-6EB25FC53116}
[2011/12/23 04:11:57 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{C857398A-7975-4A5A-A4E6-06D3CB87D2F9}
[2011/12/23 04:11:43 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{0744B40D-F6EF-4C7B-A388-8EFC230485B4}
[2011/12/22 16:11:38 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{2A3879FC-05ED-4AD7-B7D8-0FEF5CE63EC7}
[2011/12/22 16:10:49 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{FC342886-341F-4243-8C12-286198D24097}
[2011/12/22 02:11:37 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{60C67C2A-F0F3-4DAB-AE70-B9DC16AC8968}
[2011/12/22 02:11:23 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{26437C20-2E8A-47A9-893E-71F6C96F297E}
[2011/12/21 14:11:11 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{2A4CC08B-D16A-443C-BA9E-5D8D27862AE6}
[2011/12/21 14:10:51 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{B87C7790-CAF3-4840-A853-E4955B9BE5FD}
[2011/12/21 02:10:46 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{26E1294A-1A1B-47EC-9937-2D9CC2C753DE}
[2011/12/21 02:10:29 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{2BE36F9C-E131-4A81-836D-1DE397BE0F10}
[2011/12/20 14:10:14 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{E79AE93D-8FCF-47BB-A55E-1454ABEA9880}
[2011/12/20 14:09:51 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{CB021A9D-0ECF-46D4-B271-41A0A2772272}
[2011/12/20 02:09:45 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{BE4D9377-7463-48C4-B53E-9303EC06FFAF}
[2011/12/20 02:09:30 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{C648B3BB-AC7B-4FD7-8154-2E9F60B48200}
[2011/12/19 14:09:19 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{934A221E-8265-4FB2-878F-3FFC50017BDB}
[2011/12/19 14:08:25 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{1F761599-7E07-4F8B-847A-66605C54825C}
[2011/12/18 20:54:29 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{4088260E-7349-4FDF-92A6-3375BBAFDD03}
[2011/12/18 20:53:35 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{E5853D6D-3C51-411F-B4A6-9420A091B2A0}
[2011/12/17 16:37:58 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{DCCEA3FC-7CA1-42BA-AB85-612FED6DA1C6}
[2011/12/17 16:36:53 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{DE7D501B-C7E7-4292-A3F3-B4A4F6847DF0}
[2011/12/16 19:02:19 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{9C6C8A44-AAE7-426A-9775-09779F7F954E}
[2011/12/16 19:01:55 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{29D55B43-1A55-4DB6-B179-B863F9219E71}
[2011/12/16 03:46:14 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{77B60E0D-490C-4902-B047-8535B63DCBB6}
[2011/12/15 15:45:36 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{A532D0C9-6E31-45FB-A7AC-E542C56013DD}
[2011/12/15 03:45:01 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{E24C1B85-EBC1-4D7B-8613-17245D15CD7A}
[2011/12/14 21:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/12/14 21:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/12/14 21:18:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/12/14 21:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/12/14 15:44:26 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{B11D483D-478C-47A6-8D8E-BDF923F78B93}
[2011/12/14 03:43:50 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{66F86D8A-2C40-4C15-9D8C-F89A99B49C1D}
[2011/12/14 03:43:27 | 000,000,000 | ---D | C] -- C:\Users\Cheewen Ng\AppData\Local\{032E14EE-88E4-45E6-85D7-935B10D74A2C}

========== Files - Modified Within 30 Days ==========

[2012/01/12 20:53:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 20:42:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 20:42:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 20:42:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1789908265-441396232-4072253329-1000UA.job
[2012/01/12 20:36:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cheewen Ng\Desktop\OTL.exe
[2012/01/12 18:48:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/12 18:48:58 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/12 18:42:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 18:42:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 23:11:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/11 23:09:32 | 000,000,512 | ---- | M] () -- C:\Users\Cheewen Ng\Desktop\MBR.dat
[2012/01/11 22:24:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/11 22:07:10 | 000,046,640 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\msln.exe
[2012/01/11 07:14:37 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1789908265-441396232-4072253329-1000Core.job
[2012/01/09 21:27:06 | 000,042,996 | ---- | M] () -- C:\Users\Cheewen Ng\Desktop\Statement_Dec 2011.pdf
[2012/01/08 21:54:56 | 000,092,672 | ---- | M] () -- C:\Users\Cheewen Ng\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/07 18:35:35 | 478,759,254 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/07 15:47:11 | 000,002,305 | ---- | M] () -- C:\Users\Cheewen Ng\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/01/07 14:17:34 | 000,412,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/14 21:28:24 | 000,157,514 | ---- | M] () -- C:\Windows\hpoins28.dat

========== Files Created - No Company Name ==========

[2012/01/09 22:43:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/09 22:43:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/09 22:43:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/09 22:43:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/09 22:43:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/09 22:31:58 | 000,000,512 | ---- | C] () -- C:\Users\Cheewen Ng\Desktop\MBR.dat
[2012/01/09 21:16:52 | 000,042,996 | ---- | C] () -- C:\Users\Cheewen Ng\Desktop\Statement_Dec 2011.pdf
[2012/01/07 15:30:25 | 478,759,254 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/12/14 21:10:12 | 000,157,514 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011/06/24 22:10:06 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/06/24 22:10:06 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\05BD190A5F.sys
[2010/08/20 03:11:49 | 000,000,680 | ---- | C] () -- C:\Users\Cheewen Ng\AppData\Local\d3d9caps.dat
[2010/06/10 06:12:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/06/01 23:27:09 | 000,092,672 | ---- | C] () -- C:\Users\Cheewen Ng\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/29 09:33:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/29 09:33:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/28 08:21:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/28 00:43:27 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/05/27 23:38:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/04/28 15:56:24 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/04/28 15:05:34 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2008/04/28 14:38:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/28 13:47:12 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/04/28 13:47:12 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/04/28 13:47:12 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2008/04/28 13:44:19 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/12 19:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2007/10/30 12:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/06/05 15:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/16 05:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,412,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/10/05 22:01:56 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\ARGELA
[2011/12/24 22:13:51 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\BitTorrent
[2010/08/04 17:50:37 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\Canon
[2010/05/28 22:55:47 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\DAEMON Tools Lite
[2010/06/03 22:21:12 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\DiskAid
[2010/11/07 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\GameRanger
[2010/06/24 16:03:58 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\InterTrust
[2011/07/13 22:07:58 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\InterVideo
[2011/07/15 05:12:29 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\IrfanView
[2010/05/31 20:11:28 | 000,000,000 | R--D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\Octoshape
[2010/09/08 19:02:36 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\ooVoo Details
[2012/01/05 18:39:00 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\PPStream
[2011/04/04 23:08:34 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\TeamViewer
[2010/11/06 23:59:48 | 000,000,000 | ---D | M] -- C:\Users\Cheewen Ng\AppData\Roaming\VoipStunt
[2012/01/11 23:11:13 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/04/28 14:39:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/01/11 22:30:04 | 000,014,691 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2005/01/03 08:37:18 | 000,000,017 | -H-- | M] () -- C:\initrd.pam
[2007/01/15 20:13:14 | 000,000,068 | -H-- | M] () -- C:\kernel.pam
[2012/01/12 18:41:32 | 519,045,119 | -HS- | M] () -- C:\pagefile.sys
[2012/01/10 21:13:02 | 000,082,586 | ---- | M] () -- C:\TDSSKiller.2.7.0.0_10.01.2012_20.44.51_log.txt
[2010/05/28 01:06:56 | 000,386,360 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/29 09:59:14 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 17:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/27 19:40:47 | 000,000,363 | -HS- | M] () -- C:\Users\Cheewen Ng\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/06/19 21:27:12 | 000,274,432 | ---- | M] () -- C:\Users\Cheewen Ng\Desktop\GoodReaderUSB.exe
[2012/01/12 20:36:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cheewen Ng\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/14 21:28:25 | 000,002,286 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/06/10 06:12:19 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 624 bytes -> C:\Windows\System32\msln.exe:219b59bc257af53bb74b5c4bd0367e66
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
 
Extras

OTL Extras logfile created on: 1/12/2012 8:54:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cheewen Ng\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.10% Memory free
7.38 Gb Paging File | 6.20 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): c:\pagefile.sys 4591 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.17 Gb Total Space | 36.29 Gb Free Space | 25.52% Space Free | Partition Type: NTFS
Drive N: | 81.72 Gb Total Space | 66.74 Gb Free Space | 81.67% Space Free | Partition Type: NTFS

Computer Name: CHEEWEN-PC | User Name: Cheewen Ng | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0195E9F8-B237-4094-BAF7-3BA1E6F8E72A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{032673ED-99B8-4F1D-96E8-ABA8A8ABBBEE}" = rport=137 | protocol=17 | dir=out | app=system |
"{1ED545F1-FBE8-4351-9988-28CF92533840}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2C323FF0-16B8-4E78-B98D-DB8C1F515953}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B3BC6C1-CEA1-4C53-8E87-1A9EC9B628D2}" = lport=445 | protocol=6 | dir=in | app=system |
"{4BC17EB9-63A8-438F-AF95-5E3F384FBA42}" = lport=138 | protocol=17 | dir=in | app=system |
"{4E6448C4-3B1D-40D2-A170-0652B3423523}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{68B280D7-C20E-46B7-987E-F8601F73B609}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72D16582-4078-47B4-A91D-5D2DA6E71879}" = rport=445 | protocol=6 | dir=out | app=system |
"{7C3306B2-086C-40AB-B0D5-E258EE48E09D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E8CA8FE-9AF9-425F-8CEA-E2FC60E88502}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9741FE89-86ED-43BC-AECF-27194F57A352}" = rport=138 | protocol=17 | dir=out | app=system |
"{9FDBC641-4436-455F-A106-F3743D4F3BD4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A58B89E2-3F93-4E23-A644-CACCBFB2B669}" = lport=139 | protocol=6 | dir=in | app=system |
"{A593127D-FB12-457E-A1F9-BF11B07B033A}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{A595AA48-D37B-41E5-BC35-23DA827F203E}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{B774F20D-E1DE-4CD7-A26E-77641206B063}" = rport=139 | protocol=6 | dir=out | app=system |
"{BEA2C462-35B9-45DE-A1AF-71D22C554B50}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{C10D1B78-40D2-4A66-8DF6-1C5FDA0660F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2D1715A-9899-4CE5-AA1B-B552CB69CD80}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{D0F3BC2A-FDBB-48F4-B019-EDE3C9DE3881}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DA86D360-971B-4215-8461-978AA50AEA46}" = lport=137 | protocol=17 | dir=in | app=system |
"{DC43C7A6-25C4-49F2-9978-8BBD48075EFD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E1022105-6948-4B79-B208-0EABC941FCE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E2C7ECB8-F296-4FD6-995D-E773F5DC7FDB}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{EAB79892-61A9-4D3A-A9F5-D672196D6A70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F1BCAF6F-CBB5-4628-BACA-89F1AAB1B182}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3511D54-797A-4AF7-8B5E-1D31FF72A731}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0189C59B-CCA2-4F74-9796-D7F19E24B2FF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0A6D12BC-EC4F-462C-96A9-5B21444D9778}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0AA85633-8241-4990-837B-226D3A46644B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{1742BE6E-C468-4226-844A-160009CB8DFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1A3A177B-062B-44A7-8618-B6E7FE3B01EB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{1E5726CC-DE64-4107-9CA4-C0F981E95A6F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{21C0AD73-771F-40E6-A137-23660BF7F534}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{45B4A559-9D2C-4FEA-A7B1-B2DDAC2A9E8B}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{480BBC66-A57E-4827-BDF4-647DAD177155}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4CA7D99B-93B5-4D84-8129-2EA7647C470C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4EF2180C-AAB6-43B2-A99E-ABB3CF5AA243}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{52C0B9AD-B5CD-48D5-BDCA-6E336278E9C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{54132F20-C14A-4A32-B5DE-C4BD321C75F6}" = protocol=17 | dir=in | app=n:\pps.tv\ppstream\ppstream.exe |
"{56F338DA-7275-4B17-AA75-81AA03BCA2B4}" = protocol=6 | dir=in | app=n:\pps.tv\ppstream\ppstream.exe |
"{5B243C8F-5072-4BFD-B4A4-0A30475E3A10}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6539A0FB-8B43-49CB-B314-49BD6127BC32}" = protocol=17 | dir=in | app=n:\pps.tv\ppstream\ppsap.exe |
"{67190213-033B-410E-B50A-47CAB8E7E01B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{7F908AFD-DD87-4B5A-8BC9-8FA391D150E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{841DFDA1-28CE-49B7-9CC8-12488E6B626F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{843ECA23-0F4A-4C60-8C27-C60B3FE4A955}" = protocol=17 | dir=in | app=c:\users\cheewen ng\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{84A30D99-DC7A-463A-971B-55280F50BC26}" = protocol=6 | dir=in | app=c:\users\cheewen ng\appdata\local\temp\~osedf9.tmp\rlvknlg.exe |
"{8AA76903-3199-4B83-A53C-89CA62A42087}" = protocol=6 | dir=in | app=c:\users\cheewen ng\appdata\local\temp\~osde3e.tmp\rlvknlg.exe |
"{8AC20FC6-171D-40B8-8B3B-2F1032C0E0D2}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{8DBFF652-E281-47BB-B8B4-A4443C2CD320}" = protocol=6 | dir=in | app=n:\pps.tv\ppstream\ppsap.exe |
"{8F921B1F-A0DE-476D-9F1B-67AFD39D3D1B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9199BB97-EBB3-42F8-8338-D2C71142B57F}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{A95BA044-E1ED-4125-B4DD-F04E53038B4D}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{B0AF6CD2-FA68-4CBC-B4A7-55870DFE72D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B1F436B2-E3D3-42F8-9CDC-18B59CDF4B7C}" = protocol=6 | dir=in | app=c:\users\cheewen ng\appdata\local\temp\~os563d.tmp\rlvknlg.exe |
"{B399117A-86C2-4DDD-B94A-B95CBE28AB1C}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{BBE08F28-94B7-4F84-AC93-AEDF427D0617}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D701EEBC-B91C-44B6-9363-F82C69B28BCF}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{E3792500-7C4D-4BC0-A863-E4411750FB0A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E8CF1C90-BABD-4C17-AB77-D271F1BF0B49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED1B8552-B6FD-43F3-9F23-2E11AD1F14F1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F47F2332-D922-4BC7-A05B-99AB7C2581E2}" = protocol=6 | dir=in | app=c:\users\cheewen ng\appdata\local\temp\~osdead.tmp\rlvknlg.exe |
"{FCC3C1BE-B94B-45C2-AE19-0F1D00A55298}" = protocol=6 | dir=in | app=c:\users\cheewen ng\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{1C3A5A76-24FE-4793-80B4-0A8CB2AE655F}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{69C7A765-75B6-4195-AD8C-B9D6E765E678}C:\games\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\games\age of empires 2\age2_x1\age2_x1.exe |
"TCP Query User{74AE19FD-949A-47AD-8562-5DC44796D317}C:\games\age of empires 2\age2_x1.exe" = protocol=6 | dir=in | app=c:\games\age of empires 2\age2_x1.exe |
"TCP Query User{97E49ECC-5289-4A7D-BF08-167C04B24226}C:\users\cheewen ng\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\cheewen ng\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{C398FE23-2726-4DC8-9B3A-D647B6157375}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C853FB3F-8892-4B78-8948-FA2A2E8D20EF}C:\program files\tudou\·éëùtudou\tudouva.exe" = protocol=6 | dir=in | app=c:\program files\tudou\·éëùtudou\tudouva.exe |
"TCP Query User{CBAFC574-9D16-4D01-BA89-D3B2D50B45DC}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{F8E21563-20E6-4748-BDE1-381FEA2BB2F5}C:\users\cheewen ng\downloads\bittorrent-7.2.1.exe" = protocol=6 | dir=in | app=c:\users\cheewen ng\downloads\bittorrent-7.2.1.exe |
"TCP Query User{FEDEB71E-2154-49A2-99CF-013EEB5BACC0}C:\games\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\games\age of empires 2\age2_x1\age2_x1.exe |
"UDP Query User{01DC380D-7D40-4328-B8C2-66E6DF192C36}C:\users\cheewen ng\downloads\bittorrent-7.2.1.exe" = protocol=17 | dir=in | app=c:\users\cheewen ng\downloads\bittorrent-7.2.1.exe |
"UDP Query User{02158CED-798B-4401-AE32-C24FC2B4C052}C:\games\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\games\age of empires 2\age2_x1\age2_x1.exe |
"UDP Query User{12D1C952-2C82-49ED-A380-506C30C5B3D3}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{2BCD7A27-8F46-4460-9173-029BD7FBF1ED}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{4D01EDC6-E68A-4377-BB64-4B48C58B269F}C:\games\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\games\age of empires 2\age2_x1\age2_x1.exe |
"UDP Query User{B6328CA7-6E1D-4FFD-B230-B51F64A008AD}C:\games\age of empires 2\age2_x1.exe" = protocol=17 | dir=in | app=c:\games\age of empires 2\age2_x1.exe |
"UDP Query User{D0613D02-467D-4CA4-8F91-BE19DA4BE3DD}C:\program files\tudou\·éëùtudou\tudouva.exe" = protocol=17 | dir=in | app=c:\program files\tudou\·éëùtudou\tudouva.exe |
"UDP Query User{D308CC90-3F84-47BA-9B74-C3169221A56F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{FAD75A0A-7027-4EC8-B881-5CBECEB5C01F}C:\users\cheewen ng\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\cheewen ng\appdata\roaming\gameranger\gameranger\gameranger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{2F839384-6AB0-449B-8772-25E607036357}" = VAIO Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Easy Media Creator 10 LJ
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Ace DivX Player_is1" = Ace DivX Player v2.1
"Ace Media Player_is1" = Ace Media Player v2.8.221
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of EMpires 2" = Age of Empires 2
"Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1" = Age of Empires II - The Conquerors - 1.0e Patch FINAL
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DiskAid_is1" = DiskAid 4.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.22)" = Mozilla Firefox (3.6.22)
"R for Windows 2.11.1_is1" = R for Windows 2.11.1
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"The KMPlayer" = The KMPlayer (remove only)
"Voobly_is1" = Voobly
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1789908265-441396232-4072253329-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"GameRanger" = GameRanger
"TimeAdjuster" = Time Adjuster STANDARD 3.1
"tuitalker" = tuitalker 0.6.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2012 2:44:49 PM | Computer Name = Cheewen-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/7/2012 2:44:49 PM | Computer Name = Cheewen-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/7/2012 2:44:49 PM | Computer Name = Cheewen-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/7/2012 2:44:49 PM | Computer Name = Cheewen-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/7/2012 2:44:49 PM | Computer Name = Cheewen-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/7/2012 2:44:50 PM | Computer Name = Cheewen-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/7/2012 3:18:03 PM | Computer Name = Cheewen-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 1/7/2012 3:18:58 PM | Computer Name = Cheewen-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/7/2012 3:31:48 PM | Computer Name = Cheewen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

Error - 1/7/2012 3:31:48 PM | Computer Name = Cheewen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131077
Description =

[ System Events ]
Error - 1/11/2012 11:24:03 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/11/2012 11:26:34 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 1/11/2012 11:26:34 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 1/11/2012 11:26:34 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/11/2012 11:35:38 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/11/2012 11:35:38 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/11/2012 11:37:03 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/12/2012 7:42:43 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 1/12/2012 7:42:43 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/12/2012 7:44:09 PM | Computer Name = Cheewen-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
 
Very good :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-1789908265-441396232-4072253329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
@Alternate Data Stream - 624 bytes -> C:\Windows\System32\msln.exe:219b59bc257af53bb74b5c4bd0367e66
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:63238B95

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL

All processes killed
========== OTL ==========
HKU\S-1-5-21-1789908265-441396232-4072253329-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
ADS C:\Windows\System32\msln.exe:219b59bc257af53bb74b5c4bd0367e66 deleted successfully.
ADS C:\ProgramData\TEMP:63238B95 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cheewen Ng
->Temp folder emptied: 52473739 bytes
->Temporary Internet Files folder emptied: 112239392 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94908323 bytes
->Apple Safari cache emptied: 53030912 bytes
->Flash cache emptied: 250853 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10436 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 298.00 mb


[EMPTYJAVA]

User: All Users

User: Cheewen Ng
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Cheewen Ng
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01142012_121428

Files\Folders moved on Reboot...
C:\Users\Cheewen Ng\AppData\Local\Temp\Low\debug.log moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Cheewen Ng\AppData\Local\Google\Google Talk Plugin\gtbplugin.log moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Z4IHA94K\mail[1].htm moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GG7A7BE0\mail[2].htm moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9QEN96QQ\bind[1].htm moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8IN4FL93\mail[1].htm moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7KBC9HSX\mail[1].htm moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...
 
Security Check

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Symantec Endpoint Protection
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 30
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (3.6.22) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````
 
FSS

Farbar Service Scanner
Ran by Cheewen Ng (administrator) on 14-01-2012 at 13:02:45
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2010-05-29 09:32] - [2009-04-11 01:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2010-05-29 09:34] - [2009-04-11 01:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2010-05-29 09:33] - [2009-04-11 01:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2010-05-29 09:33] - [2009-04-11 01:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
EsetScan

C:\Qoobox\Quarantine\C\Windows\System32\drivers\netbt.sys.vir a variant of Win32/Rootkit.Kryptik.GG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\drivers\smb.sys.vir a variant of Win32/Rootkit.Kryptik.GG trojan cleaned by deleting - quarantined
C:\Users\Cheewen Ng\Downloads\MsgPlusLive-484.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
C:\Users\Cheewen Ng\Downloads\SoftonicDownloader38594.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Cheewen Ng\Downloads\SoftonicDownloader47650.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Windows\winsxs\x86_microsoft-windows-nbsmb_31bf3856ad364e35_6.0.6002.18005_none_61560a3ff5180c84\smb.sys a variant of Win32/Rootkit.Kryptik.GG trojan cleaned by deleting - quarantined
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys a variant of Win32/Rootkit.Kryptik.GG trojan cleaned by deleting - quarantined
 
Uninstall Java(TM) SE Runtime Environment 6 .

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
OTL

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cheewen Ng
->Temp folder emptied: 634280 bytes
->Temporary Internet Files folder emptied: 50497842 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 962 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2965 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb


[EMPTYFLASH]

User: All Users

User: Cheewen Ng
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Cheewen Ng
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01142012_205453

Files\Folders moved on Reboot...
C:\Users\Cheewen Ng\AppData\Local\Temp\Low\debug.log moved successfully.
File\Folder C:\Users\Cheewen Ng\AppData\Local\Temp\Low\~ROMFN_00000E98 not found!
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IEW7OB28\ONEFMAAC[1] moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5QS0KZKE\liveplayer[1].htm moved successfully.
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla4D22.tmp not found!
C:\Users\Cheewen Ng\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
 
I do not see any pop up from symantec anymore. And I I haven't encountered any websites redirection issue.
Thank you thank you thank you so much for your help!
 
Way to go!!
p4193510.gif

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back