TechSpot

Need help to remove Netbt.Sys virus, following the 8 steps

Solved
By bonmotwang
Nov 4, 2010
Topic Status:
Not open for further replies.
  1. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    " freeime" = freeime 6.0
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0088A01B-5A67-58C9-A3ED-E1663F2C8F66}" = ccc-core-static
    "{00C7F97B-6FAA-1102-7074-4C6ADF13A8E7}" = CCC Help Chinese Traditional
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900
    "{045575AC-3C80-4246-9042-49801C4CB53A}" = QBP
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
    "{06A9C3A8-3903-9C8E-2150-1F9B4818FDF3}" = Catalyst Control Center Localization Japanese
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
    "{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = ThinkVantage Fingerprint Software 5.6
    "{103C30FD-007D-450A-558D-1F0802244DEC}" = CCC Help Spanish
    "{119D26EA-1C5C-E800-061B-0B7BA6709EEA}" = CCC Help French
    "{1279B60B-B1EF-697C-9028-0BD1DA0F7B69}" = Catalyst Control Center Localization Spanish
    "{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4
    "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
    "{13D30649-000E-853F-82A7-4BA72A15C484}" = Catalyst Control Center Localization Chinese Traditional
    "{13EE9273-0EFF-5B4E-211E-B7DFB0B3878D}" = CCC Help Portuguese
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AAD09B2-EC6C-9D58-4D45-86393F68F490}" = Catalyst Control Center Localization Italian
    "{1BBB8C6A-72C7-EBB1-2A35-DDF04D9EA871}" = Catalyst Control Center Localization Swedish
    "{1C11611C-8978-E062-778C-D58443150662}" = Catalyst Control Center Localization Arabic
    "{1D9E789E-7F26-2CB7-EDBB-30C0F11DAADA}" = CCC Help Chinese Traditional
    "{1EA207A3-DDB6-40D7-AB85-EC9C63691959}" = Sun Java Wireless Toolkit 2.3 Beta
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{22365774-A8A2-4016-99DA-4C486DA137ED}" = MPLAB Tools v8.00
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{27552735-8EC2-1805-6EFE-194B0FC29902}" = Catalyst Control Center Localization Dutch
    "{2AEFECCB-DEBD-D657-C7CB-DDC008E44C46}" = Catalyst Control Center Localization Korean
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
    "{2E633C33-3CD4-8E9D-7DFD-7B22AE719C07}" = CCC Help Dutch
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{31228E31-2BFF-11D2-8866-00805F0D9D40}" = QPST
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{32A3A4F4-B792-11D6-A78A-00B0D0160010}" = Java(TM) SE Development Kit 6 Update 1
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{335A83F9-C51D-E8CA-9374-4A233EFB2A18}" = Catalyst Control Center Core Implementation
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3917199F-99DF-DB9F-8002-34C15710D6A5}" = Catalyst Control Center Localization Korean
    "{399E2C9F-EA8D-46D1-9A5C-56AE127D3D59}" = RealProducer Plus 11
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3B60245E-A1A6-356A-7548-E09180CD1AA1}" = Catalyst Control Center Localization Arabic
    "{3E941C3B-9ADF-AEF7-4BE6-B669F9B2E0DF}" = Catalyst Control Center Localization Chinese Standard
    "{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.2.2.1
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4137D9A1-8AEC-0600-86B6-3DD36369DFAE}" = CCC Help Korean
    "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
    "{41AD3376-0267-99F5-7682-DB9328BFDF46}" = CCC Help Korean
    "{4343B415-8BCB-2889-106D-B6A4242E0EE5}" = Catalyst Control Center Localization Chinese Traditional
    "{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
    "{4672D885-62B0-D0A1-5BD3-FFD0C1ADBE3F}" = Catalyst Control Center Localization Japanese
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{47E5510D-0D88-209E-AC05-0108A42B835E}" = Catalyst Control Center Localization Spanish
    "{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
    "{4C74828C-0D2A-416A-959B-C19CC441F167}" = CLICK Programming Software Version 1.12
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4F8DA6C4-C26E-44CE-A921-A19E22D66E45}" = QBP Documents
    "{4F9ABF66-6F45-FE04-7F26-2A26E827CA09}" = Catalyst Control Center Localization Portuguese
    "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
    "{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{643FC706-A862-7531-CDFE-65D814964DEF}" = CCC Help Italian
    "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
    "{65744D5B-1EBF-4B97-8130-001F319D693E}" = ICBC install (goldpac personal version)
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
    "{7379FDD1-D0ED-4FF2-B168-E246772E731E}" = ccc-Branding
    "{73E62AE7-6636-4E57-9ACA-5A3E352BF2AB}" = GemSafe OEM Edition 5.0 for China
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{7706477D-00CC-436C-931F-2A8CFEAA5C0D}" = SafeSign 2.3 for ICBC
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7889B044-3328-10C0-7B49-F346258981B6}" = CCC Help German
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{842B602E-32D4-7138-5417-0841C0114D7E}" = Catalyst Control Center Localization Chinese Standard
    "{86F68523-4C8D-30EA-DD26-E6B57F62EE57}" = Catalyst Control Center Graphics Full Existing
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F057C9F-3E31-BACA-4CEC-7440D843DD1A}" = Skins
    "{8F87DCA0-FBE6-40F8-9676-A2329DEA880A}" = MINICUBE Utilities
    "{90120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
    "{90120000-0015-0000-0000-0000000FF1CE}_Access_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0000-0000-0000000FF1CE}_Access_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
    "{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
    "{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
    "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{912A2E7A-FA0C-42F7-C67D-EADE88BFED16}" = Catalyst Control Center Localization Italian
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93156467-FD99-4A30-9CA5-8563F4BB8DB3}" = icbc_netbank_client_controls
    "{937AFC65-78B9-B0D3-9C3F-01251EFE3E2A}" = Catalyst Control Center Localization French
    "{93A5E75B-4E28-4F0F-9006-D19522776993}" = FreeSnap
    "{9450B2E9-4D58-4BF7-8845-E18B781B3FC5}" = MQB2ALL
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
    "{975C5963-4542-879E-1C25-AC1AA534D641}" = Catalyst Control Center Localization German
    "{97B65A2A-C9C8-A305-CEC7-57DC7DBAE77A}" = Catalyst Control Center Graphics Previews Vista
    "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
    "{9988885A-39A8-4DD8-83D8-D9B18E5DCF38}" = MINICUBE Utilities Documents
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0937202-F12D-D616-D3B5-E2436B70368B}" = CCC Help Chinese Standard
    "{A0D936F0-A4D9-EF50-40EA-648E417B3A85}" = CCC Help Italian
    "{A12B245D-7FBF-DD14-B927-2331C490E872}" = Catalyst Control Center Graphics Previews Vista
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A4121C0A-438D-426D-986F-4E14BBBAB2A3}" = MGC Visual Studio 7 Runtime
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5D4113D-0978-5F93-E123-136EF6311773}" = Catalyst Control Center Localization German
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
    "{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
    "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
    "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}" = VIMICRO USB PC Camera (ZC0301PLH)
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP0
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
    "{AFF3E3F2-1F74-3D30-3F2B-87C48FE0E34C}" = ATI Catalyst Install Manager
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4F3F148-C48E-43BE-DC5C-874AAF585744}" = Catalyst Control Center Graphics Light
    "{B5F8AB87-35E9-7B40-CB9E-A40D256862C4}" = CCC Help Japanese
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware
    "{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
    "{C3F6A86F-3454-23C1-B9FB-066485612FF3}" = Catalyst Control Center Graphics Full New
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{C7648D0B-538A-DC78-BDDC-7380883B6BC8}" = CCC Help Spanish
    "{C7BFC050-9F86-42B3-2D7E-182AC914F246}" = CCC Help French
    "{C7C7B5F4-51F5-4002-B881-DD70A01E8495}" = ViewMate 10.2
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = Vimicro USB PC Camera (ZC0301PLH)
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1477E16-95F7-41A6-AED2-7EAC3B833BCA}" = Altium Designer Winter 09
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D24AF44C-8727-4B4C-859A-5095CD9DE051}" = Backup4all Professional 4
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "{D4ADA052-31EB-42DB-9EB7-5A8C04CE9582}" = MPLAB Tools v8.46
    "{D5377FD0-38BA-55E5-F903-3C43202A95F4}" = CCC Help Japanese
    "{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
    "{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
    "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
    "{DDB7D82E-166F-3C55-6F25-507710572D83}" = Catalyst Control Center Localization Arabic
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE5CE2A6-9602-48B6-81BF-8A799511464C}" = StarKey
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0EF321A-1949-451B-9484-7886F4F4719E}" = ThinkPad Mobility Center Customization
    "{E547104A-144C-E939-EC3B-66B9D1100627}" = CCC Help English
    "{E62A33D4-86F8-6C23-7AA3-9C4019835F83}" = CCC Help Portuguese
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
    "{E85FE9AC-FB13-B35E-858D-F5259F52BF72}" = CCC Help Dutch
    "{EAA813C5-B828-FC62-48C0-C4B99A45EC54}" = CCC Help Swedish
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2
    "{EF06F14B-DB99-9D0B-FE4E-532F5AA23802}" = CCC Help Swedish
    "{EF6B56E4-40C0-C979-BC15-5D1482175918}" = CCC Help German
    "{EF9F3BAC-0AF6-6BD0-3683-F5EBA774FAD6}" = CCC Help Chinese Standard
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F1D269E4-9CE2-F4C0-946E-97B0EE659A41}" = CCC Help English
    "{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
    "{FDC0EDDF-EC90-A70A-5FC4-48760A3746FF}" = Catalyst Control Center Localization French
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE9024D5-8E15-C9B9-A724-BA06D7C58F66}" = ccc-utility
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "3CD6E6EC537F34026EA60F5BE964BCA8B58F5703" = Windows Driver Package - Lenovo (IBMPMDRV) System (11/01/2006 1.41)
    "73501D040246FD1119FF9BD02EAA9CA1541A9E01" = Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008)
    "791A34704A3AAC62E238B140D8FC6E49D41AD375" = Windows Driver Package - Intel (e1express) Net (11/16/2006 9.6.31.0)
    "8B51271D05166ED3E2A0A7FD52BCB8628E296043" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1020)
    "9DE44D33DF9291DE11A1A790CFBF8541856C70DC" = Windows Driver Package - Intel hdc (09/15/2006 8.2.0.1008)
    "Access" = Microsoft Office Access 2007
    "Adobe AIR" = Adobe AIR
    "Adobe Audition 3.0" = Adobe Audition 3.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
    "Alipay security control_is1" = Alipay security control 2,4,0,1
    "ATI Display Driver" = ATI Display Driver
    "ATI Uninstaller" = ATI Uninstaller
    "AutoCAD 2009 - English" = AutoCAD 2009 - English
    "AwayTask" = Maintenance Manager
    "C07FE7FC75ACBDD151782F792980433C19F635D4" = Windows Driver Package - Intel hdc (09/15/2006 8.2.0.1008)
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DADE94E03F9586B655AEA5F99234D390348E108C" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1008)
    "Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
    "easyMule" = easyMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EXCEL" = Microsoft Office Excel 2007
    "FlashGet" = FlashGet 1.9.6.1073
    "FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
    "FTDICOMM" = FTDI USB Serial Converter Drivers
    "Holtek EverPro K1000 V2.03_is1" = Holtek EverPro K1000 V2.03
    "Holtek HT-IDE3000 V6.9_is1" = Holtek HT-IDE3000 V6.9
    "Holtek Programming Environment (HOPE3000)_is1" = Holtek Programming Environment (HOPE3000) V2.00 Build20100517
    "Holtek starterkit & ISP cable_is1" = Holtek starterkit & ISP cable v1.04
    "ICBC Token CSP - Goldpac 2007_is1" = ICBC Token CSP - Goldpac 2007
    "InstallShield_{045575AC-3C80-4246-9042-49801C4CB53A}" = NEC EL QBP V2.22
    "InstallShield_{22365774-A8A2-4016-99DA-4C486DA137ED}" = MPLAB Tools v8.00
    "InstallShield_{4F8DA6C4-C26E-44CE-A921-A19E22D66E45}" = NEC EL QBP V2.22 Documents
    "InstallShield_{8F87DCA0-FBE6-40F8-9676-A2329DEA880A}" = NEC EL MINICUBE Utilities V1.37
    "InstallShield_{9450B2E9-4D58-4BF7-8845-E18B781B3FC5}" = NEC EL MINICUBE2 USB Driver V1.10 (Installer Package V1.10.1.2)
    "InstallShield_{9988885A-39A8-4DD8-83D8-D9B18E5DCF38}" = NEC EL MINICUBE Utilities V1.37 Documents
    "InstallShield_{D4ADA052-31EB-42DB-9EB7-5A8C04CE9582}" = MPLAB Tools v8.46
    "Keil µVision4" = Keil µVision4
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "N360" = Norton 360
    "OnScreenDisplay" = On Screen Display
    "pdfFactory Pro" = pdfFactory Pro
    "PICC 9.60PL1" = HI-TECH PICC STD V9.60PL1
    "PocketRAR" = Pocket RAR documentation
    "Power Management Driver" = ThinkPad Power Management Driver
    "POWERPOINT" = Microsoft Office PowerPoint 2007
    "PPLive" = PPTV V2.6.0.0033
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 6.0" = RealPlayer
    "RegCure" = RegCure 1.5.2.7
    "SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
    "SourceBoost IDE_is1" = SourceBoost IDE 6.81
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "THPS2" = THPS2
    "USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
    "Viewpoint Manager" = Viewpoint Manager (Remove Only)
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VISPRO" = Microsoft Office Visio Professional 2007
    "VoipStunt_is1" = VoipStunt
    "WinAVR-20100110" = WinAVR 20100110 (remove only)
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WORD" = Microsoft Office Word 2007
    "阿里旺旺2009 Beta1" = 阿里旺旺2009 Beta1

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 04/11/2010 1:51:25 PM | Computer Name = T60P-Paul | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 15663

    Error - 04/11/2010 1:51:41 PM | Computer Name = T60P-Paul | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 04/11/2010 1:51:41 PM | Computer Name = T60P-Paul | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 31341

    Error - 04/11/2010 1:51:41 PM | Computer Name = T60P-Paul | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 31341

    Error - 04/11/2010 4:38:41 PM | Computer Name = T60P-PAUL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 04/11/2010 4:38:41 PM | Computer Name = T60P-PAUL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 16427

    Error - 04/11/2010 4:38:41 PM | Computer Name = T60P-PAUL | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 16427

    Error - 05/11/2010 10:40:51 AM | Computer Name = T60P-Paul | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 05/11/2010 10:40:51 AM | Computer Name = T60P-Paul | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1478468

    Error - 05/11/2010 10:40:51 AM | Computer Name = T60P-Paul | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1478468

    [ OSession Events ]
    Error - 18/09/2010 3:30:17 PM | Computer Name = T60P-Paul | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
    ??????????, Microsoft Office Version: 12.0.6425.1000. This session lasted 1221
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 18/09/2010 4:36:36 PM | Computer Name = T60P-Paul | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
    ?? , Microsoft Office Version: 12.0.6425.1000. This session lasted 3128 seconds
    with 2040 seconds of active time. This session ended with a crash.

    Error - 18/09/2010 5:00:14 PM | Computer Name = T60P-Paul | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
    ? ??? ??????, Microsoft Office Version: 12.0.6425.1000. This session lasted 83 seconds
    with 0 seconds of active time. This session ended with a crash.

    Error - 18/09/2010 5:01:10 PM | Computer Name = T60P-Paul | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
    ?C??? ??????, Microsoft Office Version: 12.0.6425.1000. This session lasted 37 seconds
    with 0 seconds of active time. This session ended with a crash.

    Error - 19/09/2010 2:41:27 PM | Computer Name = T60P-Paul | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
    ?%??????????, Microsoft Office Version: 12.0.6215.1000. This session lasted 741
    seconds with 360 seconds of active time. This session ended with a crash.

    Error - 19/09/2010 3:29:06 PM | Computer Name = T60P-Paul | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
    ? ??????????, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds
    with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 05/11/2010 9:55:50 AM | Computer Name = T60P-Paul | Source = Service Control Manager | ID = 7000
    Description =

    Error - 05/11/2010 9:55:50 AM | Computer Name = T60P-Paul | Source = Service Control Manager | ID = 7000
    Description =

    Error - 05/11/2010 9:55:50 AM | Computer Name = T60P-Paul | Source = Service Control Manager | ID = 7000
    Description =

    Error - 05/11/2010 9:55:50 AM | Computer Name = T60P-Paul | Source = Service Control Manager | ID = 7000
    Description =

    Error - 05/11/2010 9:55:50 AM | Computer Name = T60P-Paul | Source = Service Control Manager | ID = 7000
    Description =

    Error - 05/11/2010 9:57:13 AM | Computer Name = T60P-Paul | Source = Service Control Manager | ID = 7011
    Description =

    Error - 05/11/2010 10:40:54 AM | Computer Name = T60P-Paul | Source = Microsoft-Windows-TBS | ID = 516
    Description =

    Error - 05/11/2010 10:40:54 AM | Computer Name = T60P-Paul | Source = TPM | ID = 393229
    Description = The device driver for the Trusted Platform Module (TPM) encountered
    a non-recoverable error in the TPM hardware, which prevents TPM services (such
    as data encryption) from being used. For further help, please contact the computer
    manufacturer.

    Error - 05/11/2010 10:41:00 AM | Computer Name = T60P-Paul | Source = Tcpip | ID = 4199
    Description = The system detected an address conflict for IP address 192.168.1.100
    with the system having network hardware address 00-22-64-D7-E0-93. Network operations
    on this system may be disrupted as a result.

    Error - 05/11/2010 10:41:03 AM | Computer Name = T60P-Paul | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.100 for the Network Card with network
    address 00197E48EEAE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
    sent a DHCPNACK message).


    < End of report >
  2. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    They are too big, I chopped them into 4 posts.
  3. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ======================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: RedEyeQuote https://www.redeyeondemand.com/RedEyeQuote.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTS...m/vp/375fc.asp (MetaStreamCtl Class)
      SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
      PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
      PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Viewpoint
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  4. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    When I tried to unstall viewpoint manager, it says have to log in as administrator to do so. I tried run as administrator on ViewMgrInstaller.exe file, didn't work.
    Is there such a thing in Vista to log in as administrator?
  5. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    And my account info shows I am the "Administrator".
  6. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Hold on there for a second...
  7. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    We'll remove Viewpoint manually.
    I'll update my OTL script in a moment.
    Stay put for a second.
  8. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    It's ready.
  9. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    I have updated JAVA, and doing the JavaRa thing now. But the java installer didn't give me a chance to uncheck anything :)
  10. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Go ahead. Those things change with every Java update. Don't worry about it.
  11. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control RedEyeQuote
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\RedEyeQuote\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\RedEyeQuote\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\RedEyeQuote\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Starting removal of ActiveX control {03F998B2-0E00-11D3-A498-00104B6EB52E}
    C:\Windows\Downloaded Program Files\MetaStream3.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}\ not found.
    Service Viewpoint Manager Service stopped successfully!
    Service Viewpoint Manager Service deleted successfully!
    C:\Program Files\Viewpoint\Common\ViewpointService.exe moved successfully.
    No active process named ViewMgr.exe was found!
    No active process named ViewpointService.exe was found!
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\Cursors_Win folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player\Components folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Media Player folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData folder moved successfully.
    C:\Program Files\Viewpoint\Viewpoint Manager folder moved successfully.
    C:\Program Files\Viewpoint\Common folder moved successfully.
    C:\Program Files\Viewpoint folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: CURRENT_USER
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Paul
    ->Temp folder emptied: 14239061 bytes
    ->Temporary Internet Files folder emptied: 4154854 bytes
    ->Java cache emptied: 1957 bytes
    ->Flash cache emptied: 864 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 8470922 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 280984 bytes

    Total Files Cleaned = 26.00 mb


    [EMPTYFLASH]

    User: All Users

    User: CURRENT_USER

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Paul
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.2 log created on 11052010_131227

    Files\Folders moved on Reboot...
    C:\Users\Paul\AppData\Local\Temp\VGXA076.tmp moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HBNCR2JZ\sh26[1].html moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MX1I7S9\topic156059-2[1].html moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  12. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Sun Java Wireless Toolkit 2.3 Beta
    Java(TM) 6 Update 22
    Java(TM) SE Development Kit 6 Update 1
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 8.2.5
    Chinese Simplified Fonts Support For Adobe Reader 8
    Chinese Traditional Fonts Support For Adobe Reader 8
    Japanese Fonts Support For Adobe Reader 8
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
  13. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Please uninstall the following:
    Java(TM) SE Development Kit 6 Update 1
    Sun Java Wireless Toolkit 2.3 Beta

    Unless, you're Java developer...
  14. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    Doing the ESET Online Scan now. It is going through all my files. Like you have said, need to be patient.
  15. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    Yes, I also develop cell phone games.
  16. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    That's fine then :)
  17. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    After 4 hours of scanning, it is finished. No threats found.
  18. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
  19. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: CURRENT_USER
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Paul
    ->Temp folder emptied: 17413893 bytes
    ->Temporary Internet Files folder emptied: 5080057 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 8470922 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 30.00 mb


    [EMPTYFLASH]

    User: All Users

    User: CURRENT_USER

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Paul
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.17.2 log created on 11052010_203118

    Files\Folders moved on Reboot...
    C:\Users\Paul\AppData\Local\Temp\VGXE040.tmp moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CV146RKJ\topic156059-3[1].html moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVFJDG27\sh26[1].html moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  20. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Whenever you're done with all steps.
  21. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    I am doing step 2) OTL clean up :-D
  22. bonmotwang

    bonmotwang TS Rookie Topic Starter Posts: 28

    Hi Broni
    Thanks for your help. My computer is running like a charm. I really really appreciate your time and effort. Secunia PSI is doing the first scan .. and I am laughing...
  23. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Yes!! [​IMG]
    Good luck and stay safe :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.