Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/heur virus


  • Please log in to reply

#1
mart211

mart211

    New Member

  • Member
  • Pip
  • 1 posts
hey

AVG detected many win32/heur viruses and are detecting them so fast that I had to shut avg down to post this thread.
I know, it a common problem, but I cant figure it out.
I deleted norton, witch was expired, downloaded AVG and problems start. Error and treath notifications. So i run malware anti-malware, 13 things found and all removed. But it didnt fix it.

I dont know what to do and i need to take this laptop with me to australia, but not like this :S

I cant do windows updates anymore nor AVG updates. AVG is unprotected but finds treaths.

My rootrepeal log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/26 17:01
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: ab3ili82.SYS
Image Path: C:\Windows\System32\Drivers\ab3ili82.SYS
Address: 0x8D14A000 Size: 417792 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x88307000 Size: 778240 File Visible: No Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x82B5B000 Size: 204800 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: PCI_NTPNP2697
Image Path: \Driver\PCI_NTPNP2697
Address: 0x80689000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAD59D000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1312 Status: Locked to the Windows API!

==EOF==


Malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1

26.09.2009 15:20:26
mbam-log-2009-09-26 (15-20-26).txt

Scan type: Quick Scan
Objects scanned: 87740
Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security center (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
C:\Windows\System32\videocore.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\uninst.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Windows\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

OTL Logs(both of them)

OTL Extras logfile created on: 26.09.2009 17:21:53 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Heleri\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000425 | Country: Estonia | Language: ETI | Date Format: d.MM.yyyy

1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,92% Memory free
4,00 Gb Paging File | 2,87 Gb Available in Paging File | 71,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,01 Gb Total Space | 45,38 Gb Free Space | 31,95% Space Free | Partition Type: NTFS
Drive D: | 7,04 Gb Total Space | 2,67 Gb Free Space | 37,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 673,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: HELERI-PC
Current User Name: Heleri
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PCGAME\Assassins Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\PCGAME\Assassins Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program Files\PCGAME\Assassins Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\PCGAME\Assassins Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program Files\PCGAME\Assassins Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\PCGAME\Assassins Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C4EAF7-A121-4A8E-8DD0-60B54882199F}" = rport=138 | protocol=17 | dir=out | app=system |
"{0AF7DD34-D160-4C25-B4FB-8F214950D8C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{183C75C9-9AE0-4EB1-B812-14E9ECFD9360}" = rport=445 | protocol=6 | dir=out | app=system |
"{28285C38-C472-48D2-8EE7-ED003E5D0409}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{41D8BF1E-2F05-4243-97E3-B38BD2344698}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{43280EFA-D2AA-4F2E-BBE5-FDD9E4B238B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{518771AA-8238-4F8E-8135-E076A6EE9AFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{638C61FE-E802-4C67-9C37-2322A7B05282}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A9ACE46-C6CB-42BF-92CD-A999C930EA81}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6DF50988-AFFD-4A7A-94C5-B7C6ECA637CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{A8A565B7-6A32-4D05-93BE-C5EF6FE530EA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AD97FDEA-D643-4F0B-AF10-197A50682BE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2022802-7145-4285-86A4-0977707233BF}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{C21C0265-73D3-43C6-BE27-01EB95EDDEC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2D4F477-2F8A-49C6-875A-2FA5ED2689B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA97F42A-EA07-4015-9E3E-E16015F5BBFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CAD1B527-9423-4BF2-87D7-8B60CA07369C}" = rport=139 | protocol=6 | dir=out | app=system |
"{E73C43D7-4863-4B61-9C6A-DDA6FBC490AB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F19FC5E1-F075-4F7D-BE25-8515A20F08F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F35B6FD0-E9BD-4B91-B2A6-EBBBC4E5A712}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD10ED72-69BB-4381-B5B0-7D2723CE271E}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC71BF4-1101-41D1-B429-7D712D1363E9}" = protocol=58 | dir=out | [email protected],-28546 |
"{0CA23824-8210-4627-9DA6-98306C07B2A6}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{139154BF-E324-4A4E-80AB-E38823F80314}" = protocol=6 | dir=in | app=c:\users\heleri\appdata\local\temp\7zsb950.tmp\symnrt.exe |
"{1814B5F0-8AF6-4A3F-BAA2-870B0D8B9BAA}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{205C44AC-7232-463F-98F9-36F302353762}" = protocol=17 | dir=in | app=c:\users\heleri\appdata\local\temp\7zsb950.tmp\symnrt.exe |
"{2B62BEE9-F8AF-40EF-AAA1-2CADF093961E}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_ds.exe |
"{2C66E424-2EC1-4BCE-A756-25DA7894090A}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{2F5C273B-C6E1-489C-9445-779356DB28C7}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{34AEE972-DEF2-4B09-B831-EA021A4F280A}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_online.exe |
"{3C7F643C-0046-4077-8F66-6C559AEC954D}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{3E11C2F6-F752-40A5-AF7C-DC57521180AA}" = protocol=17 | dir=in | app=c:\windows\temp\vrt91d5.tmp |
"{6400C31E-51C2-4AB0-A44B-7476FD830789}" = protocol=1 | dir=out | [email protected],-28544 |
"{6CCB1DE2-630E-478B-8B89-43978839257A}" = protocol=17 | dir=in | app=c:\windows\temp\vrtaeae.tmp |
"{7E367866-B606-4700-BFCE-276398280E3A}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{826810DC-909C-423E-97F1-4FD5655EFE76}" = protocol=1 | dir=in | [email protected],-28543 |
"{93B0CFE3-8B20-47F1-BE45-BEE5146CF6F0}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_ds.exe |
"{A67D3D66-59DB-49E5-BD30-C044016AC4E7}" = protocol=17 | dir=in | app=c:\users\heleri\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{A8ED586E-2984-4D98-ADFB-6823B63222D3}" = protocol=6 | dir=in | app=c:\windows\temp\vrt91d5.tmp |
"{AC9A2CEA-1D42-4736-A03C-9353B3566E25}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{B00F6E70-B84F-4584-8DB6-C98AA67ED24A}" = protocol=6 | dir=in | app=c:\windows\temp\vrtaeae.tmp |
"{B3EF18F6-045D-42F2-A0BB-259F11F523EF}" = protocol=6 | dir=in | app=c:\users\heleri\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{B6633DA2-F633-4D2D-BC14-28508C1174E0}" = protocol=58 | dir=in | [email protected],-28545 |
"{BFEED3AD-EC13-40F9-957E-EC08EE7588F9}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{C441B938-0797-4EAB-AE9C-8548E66850E9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{DBAFD140-0345-4162-AE2F-B2A7231DE98B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DE3D465A-99DF-49A0-B462-ACFD64F7F1C0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E11A10CC-7E34-46CA-B02B-7025E360047E}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E3503F22-84AD-4EA5-957C-A0B17C230D4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA4E754E-DDEC-40ED-A54B-07D8428AA311}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{ED7955C2-3BC1-44D4-8AE6-CFD1CA47D8E8}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |
"{F4F80C78-81C8-4975-9EA3-90AB92B5DD80}" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic.exe |
"{FFC5A4F2-317A-40CB-9C98-91E782B23D58}" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\world in conflict\wic_online.exe |
"TCP Query User{7C0B519D-FE8A-4D1F-B2D5-5476439801BC}C:\program files\gametop.com\extreme racers\extreme racers.exe" = protocol=6 | dir=in | app=c:\program files\gametop.com\extreme racers\extreme racers.exe |
"TCP Query User{CDF8B9FD-A1FC-42D2-BCB2-FF30B499BE41}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{1AABC1F3-037C-45D1-B9BB-2500DEF50D3C}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{F4A52489-E6B3-4EC7-9303-C8F9EE1EE684}C:\program files\gametop.com\extreme racers\extreme racers.exe" = protocol=17 | dir=in | app=c:\program files\gametop.com\extreme racers\extreme racers.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E7128A-EF45-4AAA-81DE-73299FEAC64E}" = Assassins Creed
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90910425-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7AD551F-D848-4639-80C9-D3507D1C66A5}_is1" = ID-kaardi tarkvara Firefoxile v0.8.6
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EF3164C1-4AE9-43CB-AD7A-F1A9AD2DC065}" = HP User Guides 0060
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AVG8Uninstall" = AVG Free 8.5
"BitComet" = BitComet 1.05
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ERUNT_is1" = ERUNT 1.1j
"GamesBar" = GamesBar 2.0.1.12
"GreatSecrets-DaVinci_is1" = Great Secrets DaVinci
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"ImTOO Video Editor" = ImTOO Video Editor
"Insaniquarium Deluxe 1.0" = Insaniquarium Deluxe 1.0
"Insaniquarium_Patch_Installer_1.2" = Insaniquarium Patch Installer 1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monster Truck Challenge_is1" = Monster Truck Challenge
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"RegCure" = RegCure 1.6.0.0
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Starcraft" = Starcraft
"UT2004" = Unreal Tournament 2004
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 0.9.9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.06.2009 12:51:19 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

Error - 25.06.2009 9:32:10 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

Error - 25.06.2009 11:31:29 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

Error - 26.06.2009 9:22:13 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

Error - 27.06.2009 5:20:44 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

Error - 28.06.2009 10:01:11 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

Error - 29.06.2009 13:23:24 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

Error - 30.06.2009 2:30:36 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

Error - 30.06.2009 4:12:44 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

Error - 30.06.2009 11:57:50 | Computer Name = Heleri-PC | Source = LoadPerf | ID = 3002
Description =

[ System Events ]
Error - 26.09.2009 9:13:01 | Computer Name = Heleri-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 26.09.2009 9:13:01 | Computer Name = Heleri-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 26.09.2009 9:13:01 | Computer Name = Heleri-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 26.09.2009 9:13:01 | Computer Name = Heleri-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 26.09.2009 9:13:02 | Computer Name = Heleri-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 26.09.2009 9:17:39 | Computer Name = Heleri-PC | Source = HTTP | ID = 15016
Description =

Error - 26.09.2009 9:18:36 | Computer Name = Heleri-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26.09.2009 9:47:43 | Computer Name = Heleri-PC | Source = HTTP | ID = 15016
Description =

Error - 26.09.2009 9:48:13 | Computer Name = Heleri-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26.09.2009 9:51:28 | Computer Name = Heleri-PC | Source = volsnap | ID = 393236
Description = The shadow copies of volume C: were aborted because of a failed free
space computation.

[ VeriSoft Events ]
Error - 24.09.2007 5:04:47 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 2.10.2007 3:56:59 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 28.01.2008 10:20:12 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 23.07.2008 4:49:11 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 19.12.2008 4:29:19 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 21.12.2008 12:02:50 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 26.12.2008 10:23:11 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 1.01.2009 12:55:43 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 23.01.2009 6:32:00 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 12.02.2009 2:09:34 | Computer Name = Heleri-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.


< End of report >


OTL logfile created on: 26.09.2009 17:21:53 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\Heleri\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000425 | Country: Estonia | Language: ETI | Date Format: d.MM.yyyy

1,99 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,92% Memory free
4,00 Gb Paging File | 2,87 Gb Available in Paging File | 71,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,01 Gb Total Space | 45,38 Gb Free Space | 31,95% Space Free | Partition Type: NTFS
Drive D: | 7,04 Gb Total Space | 2,67 Gb Free Space | 37,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 673,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: HELERI-PC
Current User Name: Heleri
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2007.04.24 04:11:42 | 00,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007.02.12 17:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2006.12.15 03:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007.02.07 17:30:00 | 00,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
PRC - [2006.11.28 19:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2006.05.03 00:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2009.06.11 01:28:26 | 12,973,336 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2007.04.24 04:11:44 | 00,126,976 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2008.10.29 09:29:41 | 02,947,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008.01.19 10:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.03.11 14:21:50 | 00,180,224 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2007.04.04 18:26:14 | 00,154,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007.04.04 18:26:24 | 00,133,912 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007.02.12 17:37:58 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.04.04 18:26:28 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007.01.29 22:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2007.04.24 04:11:20 | 00,196,608 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007.02.13 21:38:36 | 00,180,224 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2007.03.01 23:18:36 | 00,472,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007.01.11 02:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2006.12.10 21:52:38 | 00,069,632 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007.07.09 17:10:06 | 00,098,304 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2006.09.08 18:06:08 | 00,061,440 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe
PRC - [2009.03.03 05:16:04 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008.01.19 10:33:09 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2007.04.04 01:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006.12.20 12:27:40 | 00,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.19 10:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007.01.02 21:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006.12.10 21:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007.03.14 22:07:30 | 00,062,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2009.09.26 16:51:37 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009.09.26 16:51:38 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009.09.26 16:51:38 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009.09.26 16:51:39 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2008.01.19 10:38:32 | 00,319,544 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe
PRC - [2009.08.06 15:13:23 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004.01.15 18:19:16 | 10,623,688 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
PRC - [2009.09.26 16:51:39 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009.09.26 17:18:36 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Heleri\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007.02.07 17:30:00 | 00,074,240 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker [Auto | Running])
SRV - [2006.06.22 10:14:00 | 00,131,584 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll -- (ASChannel [Auto | Running])
SRV - [2007.04.24 04:11:42 | 00,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
SRV - [2008.07.27 21:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007.04.24 04:11:44 | 00,126,976 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
SRV - [2007.01.10 00:55:34 | 00,131,072 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb [On_Demand | Stopped])
SRV - [2008.01.19 10:33:09 | 00,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006.11.02 15:35:29 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006.11.02 15:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008.01.19 10:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009.08.30 17:09:58 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008.06.20 04:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007.03.14 22:07:30 | 00,062,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2007.01.19 23:44:40 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007.01.19 23:44:40 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2006.05.03 00:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
SRV - [2007.02.12 17:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Auto | Running])
SRV - [2004.10.22 13:24:18 | 00,094,208 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008.06.20 04:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006.12.15 03:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006.11.08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008.06.20 04:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003.07.28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006.11.08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007.02.12 19:36:58 | 00,901,120 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007.02.17 17:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008.01.19 10:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - File not found -- -- (wmiApSrv [Unknown | Stopped])
SRV - [2008.01.19 10:33:39 | 00,916,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006.11.28 19:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
SRV - [2009.09.26 16:51:37 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.neti.ee"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.04
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.06.25 16:30:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.09.26 16:51:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.09 18:26:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.09.09 18:26:43 | 00,000,000 | ---D | M]

[2008.12.05 13:10:33 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\mozilla\Extensions
[2008.12.05 13:10:33 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.09.26 16:35:49 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\mozilla\Firefox\Profiles\jsl31uon.default\extensions
[2009.06.25 17:18:33 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\mozilla\Firefox\Profiles\jsl31uon.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.12 22:23:59 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\mozilla\Firefox\Profiles\jsl31uon.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008.12.05 13:09:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.08.06 15:13:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.08.06 15:13:23 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.08.06 15:13:23 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008.01.23 09:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009.09.09 18:26:43 | 00,077,824 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npidcard.dll
[2009.08.06 15:13:24 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009.07.29 17:31:24 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009.07.29 17:31:24 | 00,001,159 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eki-ee.xml
[2009.07.29 17:31:24 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.07.29 17:31:24 | 00,001,960 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\neti-ee.xml
[2009.07.29 17:31:24 | 00,000,904 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\osta-ee.xml
[2009.07.29 17:31:24 | 00,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-et.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&kspordi Microsoft Excelisse - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 00:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 18:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2005.11.04 08:52:23 | 00,729,088 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.11.04 08:52:23 | 00,729,088 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.10.14 11:02:16 | 00,585,728 | R--- | M] (Electronic Arts Inc.) - H:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2005.11.04 09:22:30 | 00,000,160 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{15cc919c-9876-11dd-b7af-0013e80e5f95}\Shell\AutoRun\command - "" = I:\SEARCHPROTOCOLHOST.EXE -- File not found
O33 - MountPoints2\{15cc91a1-9876-11dd-b7af-0013e80e5f95}\Shell - "" = AutoRun
O33 - MountPoints2\{15cc91a1-9876-11dd-b7af-0013e80e5f95}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3c13d078-e0d7-11dd-93ee-0016d3a344ce}\Shell - "" = AutoRun
O33 - MountPoints2\{3c13d078-e0d7-11dd-93ee-0016d3a344ce}\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2005.11.04 08:52:23 | 00,729,088 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{ecf5ddc7-1046-11dd-8d11-001a6b861d8f}\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009.09.26 17:17:27 | 00,000,162 | -H-- | C] () -- C:\Users\Heleri\Desktop\~$ this your first time here.doc
[2009.09.26 17:15:23 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.09.26 17:15:20 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.09.26 17:15:19 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.09.26 17:15:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.09.26 17:00:56 | 00,000,000 | ---- | C] () -- C:\Users\Heleri\Desktop\settings.dat
[2009.09.26 16:52:28 | 37,117,043 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009.09.26 16:52:28 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009.09.26 16:52:28 | 00,434,673 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009.09.26 16:52:28 | 00,077,437 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009.09.26 16:52:27 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009.09.26 16:52:00 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009.09.26 16:51:55 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009.09.26 16:51:51 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009.09.26 16:51:48 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009.09.26 16:51:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009.09.26 16:12:13 | 00,223,744 | ---- | C] () -- C:\Users\Heleri\Desktop\I have been having problems with my browsers for about 2 months now they redirect me to different sites and only now has the virus been giving me big problems.doc
[2009.09.26 15:07:36 | 00,000,000 | ---D | C] -- C:\Users\Heleri\AppData\Roaming\Malwarebytes
[2009.09.26 15:07:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.09.26 15:05:24 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009.09.26 15:04:48 | 00,000,733 | ---- | C] () -- C:\Users\Heleri\Desktop\NTREGOPT.lnk
[2009.09.26 15:04:47 | 00,000,714 | ---- | C] () -- C:\Users\Heleri\Desktop\ERUNT.lnk
[2009.09.26 15:04:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009.09.26 14:34:37 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Heleri\Desktop\mbam-setup.exe
[2009.09.26 14:33:09 | 00,083,968 | ---- | C] () -- C:\Users\Heleri\Desktop\Is this your first time here.doc
[2009.09.26 14:28:42 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Heleri\Desktop\erunt_setup.exe
[2009.09.26 14:28:15 | 00,293,888 | ---- | C] (OldTimer Tools) -- C:\Users\Heleri\Desktop\TFC.exe
[2009.09.26 14:25:44 | 00,494,080 | ---- | C] ( ) -- C:\Users\Heleri\Desktop\RootRepeal.exe
[2009.09.26 11:48:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009.09.26 11:47:01 | 00,000,000 | -H-D | C] -- C:\Users\Heleri\AppData\Local\Downloaded Installations
[2009.09.25 20:25:37 | 00,000,680 | -H-- | C] () -- C:\Users\Heleri\AppData\Local\d3d9caps.dat
[2009.09.24 14:47:15 | 00,000,440 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2009.09.24 14:47:15 | 00,000,380 | ---- | C] () -- C:\Windows\tasks\RegCure Startup.job
[2009.09.24 14:47:09 | 00,000,374 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2009.09.24 14:47:06 | 00,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2009.09.24 14:47:05 | 00,000,523 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009.09.24 14:47:05 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009.09.24 14:16:09 | 00,000,000 | ---- | C] () -- C:\Windows\SC.INS
[2009.09.24 12:25:00 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009.09.24 12:11:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009.09.22 19:18:33 | 00,757,760 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009.09.22 19:04:27 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009.09.22 18:37:45 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009.09.22 18:37:44 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009.09.22 17:59:34 | 00,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Insaniquarium Deluxe.lnk
[2009.09.22 17:59:29 | 00,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2009.09.22 17:59:29 | 00,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.09.19 19:30:02 | 00,001,035 | ---- | C] () -- C:\Users\Heleri\Desktop\Monster Truck Challenge.lnk
[2009.09.19 18:28:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Great Secrets
[2009.09.19 18:13:29 | 00,001,038 | ---- | C] () -- C:\Users\Heleri\Desktop\GreatSecrets-DaVinci.lnk
[2009.09.19 18:13:10 | 00,000,000 | ---D | C] -- C:\Program Files\GameTop.com
[2009.09.19 18:01:53 | 00,000,000 | ---D | C] -- C:\Program Files\TryMedia
[2009.09.19 17:47:28 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2009.09.19 17:43:10 | 00,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2009.09.19 17:42:11 | 00,000,000 | ---D | C] -- C:\Users\Heleri\AppData\Roaming\Goodsol
[2009.09.19 15:44:59 | 00,000,000 | ---D | C] -- C:\Users\Heleri\Documents\Poker Superstars III - Gold Chip Challenge Documents
[2009.09.19 15:44:59 | 00,000,000 | ---D | C] -- C:\Users\Heleri\AppData\Roaming\funkitron
[2009.09.16 12:27:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009.09.16 12:27:44 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009.09.16 12:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009.09.16 12:27:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009.09.16 12:26:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009.09.12 18:28:00 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.12 18:27:59 | 00,000,000 | ---D | C] -- C:\Users\Heleri\AppData\Roaming\skypePM

========== Files - Modified Within 14 Days ==========

[2009.09.26 17:17:27 | 00,000,162 | -H-- | M] () -- C:\Users\Heleri\Desktop\~$ this your first time here.doc
[2009.09.26 17:15:23 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.09.26 17:00:56 | 00,000,000 | ---- | M] () -- C:\Users\Heleri\Desktop\settings.dat
[2009.09.26 17:00:41 | 00,000,440 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009.09.26 16:52:28 | 37,117,043 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009.09.26 16:52:28 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009.09.26 16:52:28 | 00,434,673 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009.09.26 16:52:28 | 00,077,437 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009.09.26 16:52:27 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009.09.26 16:52:00 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009.09.26 16:51:55 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009.09.26 16:51:51 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009.09.26 16:51:48 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009.09.26 16:48:15 | 00,000,151 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2009.09.26 16:47:52 | 00,000,380 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2009.09.26 16:47:46 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.09.26 16:47:46 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.09.26 16:47:43 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.09.26 16:47:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.09.26 16:46:16 | 00,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009.09.26 16:46:04 | 03,103,225 | -H-- | M] () -- C:\Users\Heleri\AppData\Local\IconCache.db
[2009.09.26 16:12:13 | 00,223,744 | ---- | M] () -- C:\Users\Heleri\Desktop\I have been having problems with my browsers for about 2 months now they redirect me to different sites and only now has the virus been giving me big problems.doc
[2009.09.26 15:04:48 | 00,000,733 | ---- | M] () -- C:\Users\Heleri\Desktop\NTREGOPT.lnk
[2009.09.26 15:04:47 | 00,000,714 | ---- | M] () -- C:\Users\Heleri\Desktop\ERUNT.lnk
[2009.09.26 14:36:37 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Heleri\Desktop\mbam-setup.exe
[2009.09.26 14:33:10 | 00,083,968 | ---- | M] () -- C:\Users\Heleri\Desktop\Is this your first time here.doc
[2009.09.26 14:29:03 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Heleri\Desktop\erunt_setup.exe
[2009.09.26 14:28:36 | 00,293,888 | ---- | M] (OldTimer Tools) -- C:\Users\Heleri\Desktop\TFC.exe
[2009.09.26 14:26:35 | 00,494,080 | ---- | M] ( ) -- C:\Users\Heleri\Desktop\RootRepeal.exe
[2009.09.25 20:25:37 | 00,000,680 | -H-- | M] () -- C:\Users\Heleri\AppData\Local\d3d9caps.dat
[2009.09.24 23:27:56 | 00,000,374 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009.09.24 20:24:11 | 00,052,224 | -H-- | M] () -- C:\Users\Heleri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.24 14:47:05 | 00,000,523 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009.09.24 14:16:09 | 00,000,000 | ---- | M] () -- C:\Windows\SC.INS
[2009.09.24 12:07:41 | 00,000,275 | ---- | M] () -- C:\Windows\win.ini
[2009.09.22 19:18:21 | 00,757,760 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009.09.22 17:59:34 | 00,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Insaniquarium Deluxe.lnk
[2009.09.22 17:59:29 | 00,000,000 | ---- | M] () -- C:\Windows\popcinfo.dat
[2009.09.19 19:30:02 | 00,001,035 | ---- | M] () -- C:\Users\Heleri\Desktop\Monster Truck Challenge.lnk
[2009.09.19 18:13:29 | 00,001,038 | ---- | M] () -- C:\Users\Heleri\Desktop\GreatSecrets-DaVinci.lnk
[2009.09.16 12:28:28 | 00,000,760 | ---- | M] () -- C:\Users\Heleri\Documents\My Sharing Folders.lnk
[2009.09.12 18:28:00 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2009.09.26 15:07:36 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming
[2007.09.16 10:57:43 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\CyberLink
[2009.07.07 13:20:22 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\dvdcss
[2009.09.19 15:44:59 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\funkitron
[2009.09.19 17:42:11 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\Goodsol
[2008.12.05 13:59:54 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\Image Zone Express
[2009.08.20 22:13:37 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\Leadertech
[2006.11.02 15:37:34 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\Media Center Programs
[2007.09.23 17:41:15 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\Printer Info Cache
[2009.01.11 21:40:32 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\Roxio
[2009.08.30 14:47:35 | 00,000,000 | RH-D | M] -- C:\Users\Heleri\AppData\Roaming\SecuROM
[2007.09.24 14:12:52 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\Template
[2009.05.04 18:56:47 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\U3
[2009.09.04 16:42:57 | 00,000,000 | ---D | M] -- C:\Users\Heleri\AppData\Roaming\Ubisoft
[2009.09.26 17:00:41 | 00,000,440 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2009.09.26 16:47:52 | 00,000,380 | ---- | M] () -- C:\Windows\Tasks\RegCure Startup.job
[2009.09.24 23:27:56 | 00,000,374 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2009.09.26 16:47:43 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.09.26 16:46:19 | 00,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008.01.19 10:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006.11.02 12:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A794DD9B
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:268F887D
< End of report >



This is my girlfriend computer and she does not have vista CD. I myself had done format a long time ago, it's my solution to problem :) But not this time.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP