AV Security Suite Clean-Up Check:

View previous topic View next topic Go down

AV Security Suite Clean-Up Check:

Post by XFactor416 on Sun Jun 13, 2010 6:27 am

Hi guys. I just recently got infected with AV Security Suite, and I want to show you my OTL logs as a precaution to make sure that my computer is at 100% and safe and sound again. I followed your "how-to" guide, and it no longer gives me any warning messages or any of that, but I would like to double-check and make sure that nothing else is wrong. Thanks in advance!

OTL.txt:

OTL logfile created on: 6/12/2010 11:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Stanley Young\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252.95 Gb Total Space | 171.72 Gb Free Space | 67.89% Space Free | Partition Type: NTFS
Drive D: | 30.38 Gb Total Space | 28.47 Gb Free Space | 93.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STANLEY-PC
Current User Name: Stanley Young
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/12 23:14:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Stanley Young\Desktop\OTL.exe
PRC - [2010/04/02 01:33:33 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/21 21:35:46 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2009/11/21 21:35:12 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/09/11 16:17:08 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
PRC - [2009/08/24 09:15:58 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2009/08/24 09:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/07/09 13:07:14 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aim6.exe
PRC - [2009/07/09 10:27:58 | 003,116,096 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2009/05/12 12:54:18 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/12/26 14:12:22 | 000,328,704 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Lenovo Desktop Navigator\DesktopNavigator.exe
PRC - [2008/12/22 16:01:50 | 008,847,360 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aolsoftware.exe
PRC - [2008/11/03 18:52:50 | 000,296,080 | ---- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/09/27 10:58:36 | 000,434,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008/07/24 10:49:46 | 000,425,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\ReadyComm\ReadyComm.exe
PRC - [2008/02/14 13:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2008/02/09 10:06:00 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IgrsSvcs.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/06/12 23:14:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Stanley Young\Desktop\OTL.exe
MOD - [2009/04/10 23:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 18:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/09/27 10:58:36 | 000,434,176 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/11/21 21:35:12 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/09/11 16:17:08 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2009/08/24 09:15:58 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/05/12 12:54:20 | 003,092,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/05/12 12:54:20 | 000,387,400 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/05/12 12:54:18 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/03/29 21:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/09/05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/14 13:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2008/02/09 10:06:00 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/01/29 10:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWow64\IgrsSvcs.exe -- (IncSvc)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 06:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 23:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 23:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/01/12 18:01:06 | 000,220,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2009/09/13 15:12:20 | 000,172,080 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/09 10:27:52 | 000,069,136 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\funfrm.sys -- (funfrm)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 12:54:24 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wpsdrvnt.sys -- (WPS)
DRV:64bit: - [2009/05/12 12:54:22 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS -- (SRTSPL)
DRV:64bit: - [2009/05/12 12:54:22 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2009/05/12 12:54:22 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2009/05/12 12:54:20 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/03/24 00:11:06 | 000,265,776 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/02/11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/23 10:09:44 | 000,183,424 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009/01/15 18:00:32 | 010,275,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/11/19 02:33:36 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/11/16 16:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008/10/15 10:43:20 | 000,018,432 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2008/10/14 21:19:50 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/21 14:49:58 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/08/28 18:39:16 | 000,055,360 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tvtumon.sys -- (tvtumon)
DRV:64bit: - [2008/07/30 17:55:06 | 000,025,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\COH_Mon.sys -- (COH_Mon)
DRV:64bit: - [2008/06/19 18:46:50 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008/06/17 18:28:48 | 000,118,768 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSVD.sys -- (WSVD)
DRV:64bit: - [2008/06/10 13:04:27 | 000,036,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2008/04/28 10:56:00 | 000,014,336 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhid.sys -- (enecirhid)
DRV:64bit: - [2008/04/24 18:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys -- (enecirhidma)
DRV:64bit: - [2008/01/20 19:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/01/20 19:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 19:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2006/11/01 22:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV - [2010/02/03 02:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100418.022\EX64.SYS -- (NAVEX15)
DRV - [2010/02/03 02:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100418.022\ENG64.SYS -- (NAVENG)
DRV - [2009/08/26 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/08/26 01:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/05 16:06:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 16:06:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/05 16:06:28 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/12 12:54:22 | 000,480,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/05/12 12:54:22 | 000,441,904 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/05/12 12:54:22 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2008/07/30 17:28:04 | 000,000,841 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\COH_Mon.inf -- (COH_Mon)
DRV - [2008/05/07 11:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/09/18 14:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 14:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49189

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49189

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/08 12:56:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/08 12:56:07 | 000,000,000 | ---D | M]

[2009/08/01 15:17:06 | 000,000,000 | ---D | M] -- C:\Users\Stanley Young\AppData\Roaming\Mozilla\Extensions
[2010/06/12 14:58:47 | 000,000,000 | ---D | M] -- C:\Users\Stanley Young\AppData\Roaming\Mozilla\Firefox\Profiles\02x1w3jo.default\extensions
[2010/05/11 16:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stanley Young\AppData\Roaming\Mozilla\Firefox\Profiles\02x1w3jo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/30 23:19:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Stanley Young\AppData\Roaming\Mozilla\Firefox\Profiles\02x1w3jo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/12 01:17:58 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Stanley Young\AppData\Roaming\Mozilla\Firefox\Profiles\02x1w3jo.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/11/14 14:34:33 | 000,000,000 | ---D | M] -- C:\Users\Stanley Young\AppData\Roaming\Mozilla\Firefox\Profiles\02x1w3jo.default\extensions\firefox@tvunetworks.com
[2009/12/01 23:31:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Unattend0000000001{2F0CCE2D-26B0-45A0-90A2-BEE09B5FC562}] C:\Windows\test.bat File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Lenovo\MediaShow\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OnekeyDM] C:\Program Files (x86)\Lenovo\OnekeyDM\OnekeyDM.exe ()
O4 - HKLM..\Run: [Readycomm] C:\Program Files (x86)\Lenovo\ReadyComm\ReadyComm.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [Aim6] C:\Program Files (x86)\AIM6\aim6.exe (AOL LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Stanley Young\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stanley Young\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stanley Young\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Stanley Young\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} [You must be registered and logged in to see this link.] (CCAWebLogin Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{09a06270-a204-11de-8558-00235ad26eb6}\Shell\AutoRun\command - "" = F:\laucher.exe -- File not found
O33 - MountPoints2\{8668a90d-a7cf-11de-9df8-00235ad26eb6}\Shell\AutoRun\command - "" = F:\laucher.exe -- File not found
O33 - MountPoints2\{b9451e5d-bb47-11de-a187-00235ad26eb6}\Shell - "" = AutoRun
O33 - MountPoints2\{b9451e5d-bb47-11de-a187-00235ad26eb6}\Shell\AutoRun\command - "" = G:\avvia.exe wow.htm -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/12 23:14:15 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Stanley Young\Desktop\OTL.exe
[2010/06/12 21:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/12 20:50:12 | 000,000,000 | ---D | C] -- C:\Users\Stanley Young\AppData\Local\twffprys
[2010/06/10 14:07:53 | 000,000,000 | ---D | C] -- C:\Users\Stanley Young\Documents\My Digital Editions
[2010/06/09 22:21:45 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/09 22:21:45 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/09 22:21:45 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/09 22:21:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/09 22:21:29 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/06/09 22:21:29 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/06/09 22:21:28 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/06/09 22:21:28 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/06/09 22:21:28 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/06/09 22:21:28 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/06/09 22:21:28 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/06/09 22:21:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/06/09 22:21:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/06/09 22:21:28 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/06/09 22:21:28 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/06/09 22:21:28 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/06/09 22:21:28 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/06/09 22:21:27 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/06/09 22:21:26 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/06/09 22:21:26 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/06/09 22:21:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/06/09 22:21:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/06/09 22:21:26 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/06/09 22:21:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/06/09 22:21:26 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/06/09 22:21:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/06/09 22:21:26 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/06/09 22:21:26 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/06/09 22:21:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/06/09 22:21:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/06/09 22:21:26 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/06/09 22:21:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/06/09 22:21:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/06/09 22:21:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/06/09 22:21:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/06/09 22:21:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/06/09 22:21:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/06/09 22:20:06 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010/06/09 22:20:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010/06/07 14:54:22 | 000,000,000 | ---D | C] -- C:\Users\Stanley Young\AppData\Roaming\Digsby
[2010/06/07 14:54:22 | 000,000,000 | ---D | C] -- C:\Users\Stanley Young\AppData\Local\Digsby
[2010/06/07 14:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Digsby
[2010/06/07 12:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babylon
[2010/06/05 15:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/06/05 15:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/06/05 15:23:08 | 000,000,000 | ---D | C] -- C:\Users\Stanley Young\AppData\Roaming\Real
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/12 23:14:53 | 004,194,304 | -HS- | M] () -- C:\Users\Stanley Young\NTUSER.DAT
[2010/06/12 23:14:19 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Stanley Young\Desktop\OTL.exe
[2010/06/12 23:10:29 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47CBEB1D-940D-40C1-A5EA-518FE4C805B1}.job
[2010/06/12 22:57:16 | 000,065,536 | -HS- | M] () -- C:\Users\Stanley Young\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/06/12 22:57:15 | 000,524,288 | -HS- | M] () -- C:\Users\Stanley Young\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/06/12 22:57:12 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2010/06/12 22:57:02 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 22:57:02 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/12 22:56:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/12 22:56:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/12 22:56:47 | 4253,650,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/12 22:55:23 | 002,722,385 | -H-- | M] () -- C:\Users\Stanley Young\AppData\Local\IconCache.db
[2010/06/12 22:20:02 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2010/06/12 21:28:56 | 000,756,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/12 21:28:56 | 000,642,392 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/12 21:28:56 | 000,118,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/12 21:23:52 | 000,001,928 | ---- | M] () -- C:\Users\Stanley Young\Desktop\HijackThis.lnk
[2010/06/10 11:55:45 | 000,399,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/26 10:23:46 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/05/26 10:06:41 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/05/26 08:10:41 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/05/26 07:47:41 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/12 21:23:52 | 000,001,928 | ---- | C] () -- C:\Users\Stanley Young\Desktop\HijackThis.lnk
[2009/12/03 11:44:37 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 11:43:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/24 17:55:39 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2009/08/24 17:53:14 | 000,000,044 | ---- | C] () -- C:\Windows\EPNX100.ini
[2009/07/09 10:28:20 | 002,101,248 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll
[2009/07/09 10:27:54 | 000,057,344 | ---- | C] () -- C:\Windows\AsfHelper.dll
[2009/07/09 10:27:46 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll
[2009/07/09 10:18:30 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\SBarHook.DLL
[2009/05/08 23:29:22 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/08/27 18:29:00 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\OnekeyDM.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >


Last edited by XFactor416 on Sun Jun 13, 2010 6:28 am; edited 1 time in total

XFactor416
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-06-13
OS OS : Vista
Points Points : 23758
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Clean-Up Check:

Post by XFactor416 on Sun Jun 13, 2010 6:27 am

Extras.txt:


OTL Extras logfile created on: 6/12/2010 11:15:00 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Stanley Young\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 252.95 Gb Total Space | 171.72 Gb Free Space | 67.89% Space Free | Partition Type: NTFS
Drive D: | 30.38 Gb Total Space | 28.47 Gb Free Space | 93.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STANLEY-PC
Current User Name: Stanley Young
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = C6 C8 0B 17 02 76 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13449F36-B803-4BB0-8C5B-FBA0DAE5AAFA}" = rport=139 | protocol=6 | dir=out | app=system |
"{164F314B-E0F9-4917-AF7D-2811D238731D}" = lport=139 | protocol=6 | dir=in | app=system |
"{2BA1A0EA-D367-4B27-9BF7-55D35FF8F521}" = rport=138 | protocol=17 | dir=out | app=system |
"{2C9C5E24-C5BC-4B5B-8842-CF6014CFF8D7}" = lport=445 | protocol=6 | dir=in | app=system |
"{2F2775B6-DB10-4E5C-B515-FED16C835600}" = rport=445 | protocol=6 | dir=out | app=system |
"{4C8281BA-CE64-4DA1-8279-C51767036246}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{5EEFA287-67F5-4146-AABE-052EB5D92CD9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C414DA4-6627-4331-BECA-385EAA25548D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9AAFE676-E1CA-49C3-B27D-6D68C7508D89}" = lport=138 | protocol=17 | dir=in | app=system |
"{A7BC6C36-EE71-4AD5-AF34-DE3FFB4D24D4}" = rport=137 | protocol=17 | dir=out | app=system |
"{A7C9BB11-0329-42F6-8BF1-F328FEF88080}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD46E00-C6A3-4908-8AA8-9A74A3BE20A6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18994875-9309-4548-AFB9-908F1BCB1557}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{19C71761-A203-4F88-97BC-82656EAF8197}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1AD7D14D-533D-443C-B16A-23D5EEBE39C1}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{20203593-27CB-4AC7-BDF6-073877992E89}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{218643B6-E2E7-4442-876A-23BF992C3E24}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{26446204-2B0F-495F-BBC2-F4001B18AE99}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{344C1CDF-5C1E-40CA-AEE2-FC08E3985A7E}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\filereceiver.exe |
"{353A85D7-A2FD-4A57-80EB-0BB3C98604C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{35F68FE0-0942-44E4-B55E-D78148AD0EFF}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{39A27C04-EF0D-4FB0-B960-03D964BD77E3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{4371555A-C122-462F-A8F0-65E405FDAC8E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{471BC8D0-5E1E-4FDD-BA49-CB80A19733C0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{49C742F2-6880-4D2E-953D-8F904774346D}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\readycomm.exe |
"{526A31D7-7BF1-4439-9177-939D23C857BA}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{615B28A2-0B11-4F0E-8CCA-9CBBF24CB137}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6A18FB3B-C53D-48BA-9C7A-C66E8FB5083B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{70FC1B09-C9A6-4FE1-81EB-D5B17B50E091}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{72DAA1CE-B366-4765-8F30-AB525FB3B253}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{745A95B7-DD6B-4219-A526-CF037ED5D92D}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{866734F1-2222-4CA4-9750-66921BC6BA46}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{884F57DB-0A4A-4DDB-9850-FFA611FFE44C}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{8FDEBFA4-D1D6-4A11-AA70-40445CDE5FA6}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{AF116384-BD7A-4013-B406-2F825AF071E8}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\readycomm.exe |
"{B1117605-4428-45BB-84F2-B1880C494324}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{B5947299-33C1-438A-8B4E-111516B7141C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B874D46D-E7B1-4BD0-996F-1934E539B9F9}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\filereceiver.exe |
"{C7B39C03-A4FC-402F-BCEC-4E42F896B8D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CACF91B6-047F-4CBD-88EE-FE4317C21D01}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D2A8549A-7D23-482F-844A-7D4F79528318}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{DA8BA60C-1DE0-425B-86D0-5514D1F323FA}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{E12F0028-A22C-4A9D-841A-1A0DD7AFA06F}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FDA7924D-CB17-49A7-A849-6ECB942B7C68}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"TCP Query User{14D4506B-A62D-4DCA-BB47-9AECBA0C74D4}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{2B925056-4F96-4541-87F1-54275BDA99C8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{AF9E3207-4EBC-40E0-AC1B-5B81C55F0CC3}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{2EF405F8-052C-43D3-9764-FB3E6BBCB60E}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{869A3345-2F02-4ED3-BDB9-603A9272E102}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{E173C24E-F026-498E-8971-F64B359981C4}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BAE9BE-50E5-4620-9A01-0A80C9B5EC19}" = Symantec Endpoint Protection
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"7D4044978059DC8916896568EDDF0E875D1FA4EC" = Windows Driver Package - Lenovo (ACPIVPC) System (10/15/2008 3.1.0.1)
"87B8039CA0CD7A68D9536013C2495013C4B4B168" = Windows Driver Package - ENE (enecir) HIDClass (11/19/2008 2.7.0.2)
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{24A55F97-AA44-4EDB-BEA1-CD51441B2AD4}" = Mojo
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{6345DBAE-79E8-443A-9A21-926DA3998A70}" = Lenovo First Boot
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{720264BB-47DB-4728-9B00-AEA049576F48}" = Lenovo Idea Notes
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 4.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9B304612-421E-4CC3-84A1-5BAAC1CBE409}" = Onekey Theater
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AEEAE03F-DEB4-461B-ACC2-FFA7BFAA7178}" = SlideBar Driver
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C7FB1A71-D808-4CD2-997D-837B39EA7EB0}" = DIBS
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2CC2113-CC7C-4055-AAE9-A235C56D0136}" = Cisco NAC Agent
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Digital Editions" = Adobe Digital Editions
"EasyCapture3.5" = EasyCapture
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Free Studio_is1" = Free Studio version 4.6
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ICCup Launcher_is1" = ICCup Launcher
"InstallShield_{08D1EEC8-D5D2-41FD-9A15-6499231ADF5F}" = Lenovo Desktop Navigator
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = MediaShow
"InstallShield_{9B304612-421E-4CC3-84A1-5BAAC1CBE409}" = Onekey Theater
"InstallShield_{AEEAE03F-DEB4-461B-ACC2-FFA7BFAA7178}" = SlideBar Driver
"Lenovo Idea Central" = Lenovo Idea Central
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Novarm DipTrace" = Novarm DipTrace
"PROHYBRIDR" = 2007 Microsoft Office system
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"rn_ca" = ResNet Root Certificate Wizard
"SopCast" = SopCast 3.2.4
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Starcraft" = Starcraft
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.16
"VeriFace" = VeriFace
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"WildTangent wildgames Master Uninstall" = WildGames
"Winamp" = Winamp
"Windows Live Toolbar" = Windows Live Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/26/2010 3:02:47 AM | Computer Name = Stanley-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Bloodhound.PDF!gen in File: C:\Users\Stanley Young\AppData\Local\Mozilla\Firefox\Profiles\02x1w3jo.default\Cache\0FE22250d01
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 4/26/2010 3:15:02 AM | Computer Name = Stanley-PC | Source = Application Error | ID = 1000
Description = Faulting application Rtvscan.exe, version 11.0.4010.14, time stamp
0x498691e3, faulting module ccScanw.dll, version 107.0.6.4, time stamp 0x48f52635,
exception code 0xc0000005, fault offset 0x0002caad, process id 0xaf0, application
start time 0x01cae4a5bca7bc84.

Error - 4/26/2010 2:35:32 PM | Computer Name = Stanley-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 3:24:12 PM | Computer Name = Stanley-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/28/2010 2:34:35 PM | Computer Name = Stanley-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/28/2010 3:00:56 PM | Computer Name = Stanley-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/28/2010 4:10:49 PM | Computer Name = Stanley-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2010 3:12:59 PM | Computer Name = Stanley-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2010 3:00:00 AM | Computer Name = Stanley-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2010 3:10:05 PM | Computer Name = Stanley-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/13/2010 12:22:20 AM | Computer Name = Stanley-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 6/13/2010 12:22:21 AM | Computer Name = Stanley-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 6/13/2010 12:22:51 AM | Computer Name = Stanley-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/13/2010 12:25:29 AM | Computer Name = Stanley-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/13/2010 12:34:49 AM | Computer Name = Stanley-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 6/13/2010 12:34:49 AM | Computer Name = Stanley-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 6/13/2010 12:35:15 AM | Computer Name = Stanley-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/13/2010 1:56:42 AM | Computer Name = Stanley-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 6/13/2010 1:56:42 AM | Computer Name = Stanley-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 6/13/2010 1:57:14 AM | Computer Name = Stanley-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

XFactor416
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-06-13
OS OS : Vista
Points Points : 23758
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Clean-Up Check:

Post by Belahzur on Sun Jun 13, 2010 2:47 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O33 - MountPoints2\{b9451e5d-bb47-11de-a187-00235ad26eb6}\Shell\AutoRun\command - "" = G:\avvia.exe wow.htm -- File not found
    [2010/06/12 20:50:12 | 000,000,000 | ---D | C] -- C:\Users\Stanley Young\AppData\Local\twffprys



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Security Suite Clean-Up Check:

Post by XFactor416 on Sun Jun 13, 2010 7:03 pm

Hi Belahzur. Thank you for your assistance!

Here's the fix log:


========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9451e5d-bb47-11de-a187-00235ad26eb6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9451e5d-bb47-11de-a187-00235ad26eb6}\ not found.
File G:\avvia.exe wow.htm not found.
C:\Users\Stanley Young\AppData\Local\twffprys folder moved successfully.

OTL by OldTimer - Version 3.2.6.0 log created on 06132010_120425

XFactor416
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-06-13
OS OS : Vista
Points Points : 23758
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Clean-Up Check:

Post by Belahzur on Mon Jun 14, 2010 12:39 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Security Suite Clean-Up Check:

Post by XFactor416 on Mon Jun 14, 2010 12:53 am

Here's the MBAM log:


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4195

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/13/2010 5:54:29 PM
mbam-log-2010-06-13 (17-54-29).txt

Scan type: Quick scan
Objects scanned: 134397
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Says nothing is wrong, so am I safe to assume that we're good to go?

XFactor416
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-06-13
OS OS : Vista
Points Points : 23758
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Clean-Up Check:

Post by Belahzur on Tue Jun 15, 2010 12:20 am

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Security Suite Clean-Up Check:

Post by XFactor416 on Tue Jun 15, 2010 1:52 am

I didn't get any infected files after running the scan.

Here's what the log says:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

XFactor416
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-06-13
OS OS : Vista
Points Points : 23758
# Likes # Likes : 0

View user profile

Back to top Go down

Re: AV Security Suite Clean-Up Check:

Post by Belahzur on Tue Jun 15, 2010 9:02 pm

Hello.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: AV Security Suite Clean-Up Check:

Post by XFactor416 on Tue Jun 15, 2010 9:03 pm

[You must be registered and logged in to see this link.] wrote:Hello.

How is the machine running now?

Running quite well. I think everything is a-OK now.

Thanks for the help!

XFactor416
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-06-13
OS OS : Vista
Points Points : 23758
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum