Jump to content
Sign in to follow this  
Seferon

XP Home Security 2011 (BVC.exe)

Recommended Posts

I'm a new user, DLed superantispyware and i didn't get rid of my virus, and i can't start Malwarebytes at all, i ran a full scan using your program and it found and removed quite a few files but XP home security 2011 won't go away, (seems to be BVC.exe in taskmanagers processes) and im not too good with computers, mind telling me what to do to fix this? or to help you guys help me?

Share this post


Link to post
Share on other sites

I'm a new user, DLed superantispyware and i didn't get rid of my virus, and i can't start Malwarebytes at all, i ran a full scan using your program and it found and removed quite a few files but XP home security 2011 won't go away, (seems to be BVC.exe in taskmanagers processes) and im not too good with computers, mind telling me what to do to fix this? or to help you guys help me?

Download OTL from here: http://oldtimer.geekstogo.com/OTL.exe to your Dekstop.

Double click on the icon to run it check All users

Now click Quick scan.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

Post both logs in your reply.

Then

-Download aswMBR.exe from here: http://public.avast.com/~gmerek/aswMBR.exe and save it to your Dekstop

-Double click the aswMBR.exe to run it

-Click the "Scan" button to start scan

-On completion of the scan click save log, save it to your desktop and post in your next reply

Share this post


Link to post
Share on other sites

Impossible to attach these as TXT files.. wont let me upload

OTL logfile created on: 5/23/2011 12:42:18 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kyle\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 82.89% Memory free

5.34 Gb Paging File | 4.89 Gb Available in Paging File | 91.69% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 67.70 Gb Free Space | 29.07% Space Free | Partition Type: NTFS

Computer Name: KYLE-CPU | User Name: Kyle | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 12:37:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe

PRC - [2011/05/23 10:31:55 | 000,344,064 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe

PRC - [2011/05/04 12:42:04 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2008/09/08 14:10:20 | 000,450,560 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

PRC - [2008/09/08 14:09:40 | 000,184,320 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/07/24 14:57:38 | 018,579,456 | ---- | M] () -- C:\Program Files\MSI\DualCoreCenter\DualCoreCenter.exe

PRC - [2004/09/29 13:28:36 | 001,158,144 | ---- | M] () -- C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe

========== Modules (SafeList) ==========

MOD - [2011/05/23 12:37:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008/04/13 19:12:08 | 000,370,688 | ---- | M] () -- C:\WINDOWS\uvekorilowadil.dll

MOD - [2008/04/13 19:12:02 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\oledlg.dll

========== Win32 Services (SafeList) ==========

SRV - [2008/09/08 14:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2008/09/08 14:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

========== Driver Services (SafeList) ==========

DRV - [2010/11/11 18:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2010/09/19 15:10:36 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)

DRV - [2010/09/19 15:10:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010/07/23 07:01:19 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/04/28 08:45:14 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MP4ConverterAudio.sys -- (MP4ConverterAudio)

DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2008/08/24 14:22:40 | 000,014,208 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2008/08/06 04:12:10 | 004,755,968 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/07/31 22:36:26 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008/07/31 22:36:20 | 000,054,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007/04/17 17:42:00 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)

DRV - [2006/07/02 01:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/09/29 13:28:38 | 000,666,624 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MA111nd5.sys -- (WlanUIB)

DRV - [2004/08/12 05:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2001/04/19 22:27:44 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\NETGEAR\MA111 Configuration Utility\PCANDIS5.SYS -- (PCANDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-1417001333-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank

IE - HKU\S-1-5-21-1417001333-861567501-839522115-1003\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found

IE - HKU\S-1-5-21-1417001333-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1417001333-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7

FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0

FF - prefs.js..extensions.enabledItems: {5BD8809A-20A5-4DC4-B872-01A56410F8A3}:1.9.1

FF - prefs.js..keyword.URL: "http://kickass.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-109-0-1A1Ut&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{5BD8809A-20A5-4DC4-B872-01A56410F8A3}: C:\Documents and Settings\Kyle\Local Settings\Application Data\{5BD8809A-20A5-4DC4-B872-01A56410F8A3} [2011/05/22 18:36:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/29 22:36:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/29 22:36:42 | 000,000,000 | ---D | M]

[2009/03/27 07:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Extensions

[2011/05/23 09:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\9dt0b3ta.default\extensions

[2011/03/27 08:34:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\9dt0b3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/04/28 11:02:43 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\9dt0b3ta.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

[2011/05/14 07:35:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\9dt0b3ta.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/05/14 07:35:51 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\9dt0b3ta.default\extensions\adblockpopups@jessehakanen.net

[2009/09/20 22:53:54 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\9dt0b3ta.default\extensions\searchrecs@veoh.com

[2010/07/22 23:00:24 | 000,001,925 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\9dt0b3ta.default\searchplugins\bing-zugo.xml

[2010/07/23 07:01:21 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\9dt0b3ta.default\searchplugins\daemon-search.xml

[2011/05/23 09:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/08/08 14:23:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2011/05/22 18:36:43 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KYLE\LOCAL SETTINGS\APPLICATION DATA\{5BD8809A-20A5-4DC4-B872-01A56410F8A3}

[2009/11/06 03:30:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2011/05/23 09:37:24 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

[2008/12/01 11:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

Hosts file not found

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found

O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

O3 - HKU\S-1-5-21-1417001333-861567501-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found

O3 - HKU\S-1-5-21-1417001333-861567501-839522115-1003\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - File not found

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Fcamidinigo] C:\WINDOWS\uvekorilowadil.dll ()

O4 - HKLM..\Run: [framework] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] File not found

O4 - HKU\S-1-5-21-1417001333-861567501-839522115-1003..\Run: [CurseClient] File not found

O4 - HKU\S-1-5-21-1417001333-861567501-839522115-1003..\Run: [EA Core] File not found

O4 - HKU\S-1-5-21-1417001333-861567501-839522115-1003..\Run: [Pando Media Booster] File not found

O4 - HKU\S-1-5-21-1417001333-861567501-839522115-1003..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)

O4 - HKU\S-1-5-21-1417001333-861567501-839522115-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1417001333-861567501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kyle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/01/23 21:20:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{7b857f78-d845-11df-b55e-00095b672347}\Shell - "" = AutoRun

O33 - MountPoints2\{7b857f78-d845-11df-b55e-00095b672347}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{7b857f78-d845-11df-b55e-00095b672347}\Shell\AutoRun\command - "" = F:\LaunchU3.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-1417001333-861567501-839522115-1003..exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe" -a "%1" %* ()

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe" -a "%1" %* ()

O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe" -a "%1" %* ()

O37 - HKU\S-1-5-21-1417001333-861567501-839522115-1003\...exe [@ = exefile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/05/23 12:40:41 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Kyle\Desktop\aswMBR.exe

[2011/05/23 12:37:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe

[2011/05/23 11:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\SUPERAntiSpyware.com

[2011/05/23 11:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2011/05/23 11:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2011/05/23 11:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/05/23 10:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/05/22 18:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/05/22 18:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/05/22 18:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Local Settings\Application Data\{5BD8809A-20A5-4DC4-B872-01A56410F8A3}

[2011/05/21 18:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\My Documents\My Cheat Tables

[2011/05/21 18:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cheat Engine 6.0

[2011/05/21 18:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6

[2011/05/20 22:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\CD Projekt RED

[2011/05/20 06:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\World Maps

[2011/05/20 06:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Wallpapers

[2011/05/20 06:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Walkthrough

[2011/05/20 06:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Pamphlet

[2011/05/20 06:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Manual

[2011/05/20 06:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Avatars

[2011/05/19 10:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Lionhead Studios

[2011/05/19 10:28:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\DSS

[2011/05/19 10:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\Lionhead Studios

[2011/05/19 10:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive

[2011/05/19 10:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows Marketplace

[2011/05/19 10:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE

[2011/05/19 10:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Game Studios

[2011/05/19 10:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\UPDATE

[2011/05/19 10:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\SKIDROW F3

[2011/05/19 10:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games

[2011/05/18 20:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\My Documents\The Witcher

[2011/05/17 20:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\My Documents\Data

[2011/05/17 17:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\My Documents\Witcher 2

[2011/05/17 17:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Local Settings\Application Data\The Witcher 2

[2011/05/17 16:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Witcher 2

[2011/05/17 16:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\SKIDROW TW2

[2011/05/17 16:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\The Witcher 2

[2011/05/12 16:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\.minecraft

[2011/05/12 16:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Local Settings\Application Data\MCEdit

[2011/05/09 10:19:00 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Documents and Settings\Kyle\Desktop\MinecraftSP.exe

[2011/04/25 14:25:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Super nude patch 3

[2011/04/25 14:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\My Documents\Electronic Arts

[2011/04/25 13:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Electronic Arts

[2011/04/25 13:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts

[2011/04/25 08:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\My Documents\Drakensang_TRoT

[2011/04/24 11:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Drakensang - The River of Time

[2011/04/24 11:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\Drakensang - The River of Time

[2009/01/24 10:59:03 | 000,666,624 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\MA111nd5.sys

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/23 12:40:59 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Kyle\Desktop\aswMBR.exe

[2011/05/23 12:37:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle\Desktop\OTL.exe

[2011/05/23 12:33:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-861567501-839522115-1003UA.job

[2011/05/23 12:02:16 | 000,175,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/05/23 12:02:16 | 000,150,934 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/05/23 12:00:14 | 000,003,302 | -HS- | M] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\t27p2s502nj4yp085y80r3nwi8f872

[2011/05/23 12:00:14 | 000,003,302 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\t27p2s502nj4yp085y80r3nwi8f872

[2011/05/23 11:57:59 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1417001333-861567501-839522115-1003.job

[2011/05/23 11:57:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/23 11:13:55 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/23 10:52:02 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/23 10:32:19 | 000,001,390 | -HS- | M] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\851533308

[2011/05/23 10:32:19 | 000,001,390 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3747718582

[2011/05/23 10:32:19 | 000,001,386 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\851533308

[2011/05/23 09:44:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Qxizocukexugu.bin

[2011/05/23 09:43:30 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/22 19:33:03 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-861567501-839522115-1003Core.job

[2011/05/22 18:36:44 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rhuleyu.dat

[2011/05/21 18:57:51 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Cheat Engine.lnk

[2011/05/21 17:47:09 | 000,020,043 | ---- | M] () -- C:\Documents and Settings\Kyle\peerblock.dmp

[2011/05/21 10:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1417001333-861567501-839522115-1003.job

[2011/05/19 15:12:20 | 003,930,624 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\witcher2trainer.exe

[2011/05/19 10:22:20 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Fable III.lnk

[2011/05/18 19:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/05/17 16:51:41 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Start The Witcher 2.lnk

[2011/05/12 16:36:48 | 000,086,316 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\ItemslistV110.png

[2011/05/12 16:35:57 | 000,002,089 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\MCEdit.lnk

[2011/04/28 15:51:23 | 000,696,583 | ---- | M] () -- C:\Documents and Settings\Kyle\My Documents\Document mmm.rtf

[2011/04/25 13:08:20 | 000,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk

[2011/04/24 11:35:32 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drakensang - The River of Time.lnk

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 11:13:55 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/05/23 10:32:09 | 000,003,302 | -HS- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\t27p2s502nj4yp085y80r3nwi8f872

[2011/05/23 10:32:09 | 000,001,390 | -HS- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\851533308

[2011/05/23 10:32:09 | 000,001,390 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3747718582

[2011/05/23 10:32:09 | 000,001,386 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\851533308

[2011/05/23 10:31:56 | 000,010,970 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\t27p2s502nj4yp085y80r3nwi8f872

[2011/05/23 10:31:56 | 000,003,302 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\t27p2s502nj4yp085y80r3nwi8f872

[2011/05/23 10:31:55 | 000,344,064 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe

[2011/05/22 18:36:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rhuleyu.dat

[2011/05/22 18:36:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qxizocukexugu.bin

[2011/05/21 19:05:25 | 003,930,624 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\witcher2trainer.exe

[2011/05/21 18:57:51 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\Cheat Engine.lnk

[2011/05/19 10:26:42 | 000,001,085 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk

[2011/05/19 10:22:20 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\Fable III.lnk

[2011/05/17 16:51:41 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Start The Witcher 2.lnk

[2011/05/12 16:36:48 | 000,086,316 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\ItemslistV110.png

[2011/05/12 16:35:57 | 000,002,089 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\MCEdit.lnk

[2011/04/28 15:51:23 | 000,696,583 | ---- | C] () -- C:\Documents and Settings\Kyle\My Documents\Document mmm.rtf

[2011/04/25 13:08:20 | 000,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk

[2011/04/24 11:35:32 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drakensang - The River of Time.lnk

[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2011/03/21 08:02:20 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2011/03/17 03:16:12 | 000,322,978 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/02/22 11:07:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2011/01/31 04:19:13 | 000,167,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/09/19 15:10:35 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2010/09/19 15:10:34 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2010/09/10 15:24:17 | 000,061,796 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/08/24 10:34:10 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\myMPQ.ini

[2010/08/23 23:01:16 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/08/23 23:01:13 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/08/23 23:01:13 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/08/23 23:00:36 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/05/17 00:05:33 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/05 20:17:30 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2010/04/27 14:49:46 | 000,000,003 | ---- | C] () -- C:\WINDOWS\treeskp.sys

[2010/04/27 14:49:46 | 000,000,003 | ---- | C] () -- C:\WINDOWS\sbacknt.bin

[2010/04/04 14:25:43 | 000,004,428 | -HS- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\8s32

[2010/04/04 14:25:43 | 000,004,428 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8s32

[2009/10/15 15:13:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\fusioncache.dat

[2009/09/12 15:44:56 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2009/07/28 21:56:56 | 000,000,464 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/03/31 10:29:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009/03/27 07:52:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/01 15:37:23 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/03/01 15:37:22 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\PnkBstrK.sys

[2009/03/01 15:37:00 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2009/03/01 15:36:59 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe

[2009/03/01 15:36:59 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2009/01/24 10:45:48 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll

[2009/01/24 10:04:57 | 000,004,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2009/01/24 09:52:25 | 000,031,655 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2009/01/24 09:51:48 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/01/24 09:51:35 | 000,031,330 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/01/24 09:51:34 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/01/24 04:14:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/01/24 04:12:05 | 000,290,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/01/23 21:26:57 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2009/01/23 21:21:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/01/23 21:17:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/08/01 01:48:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/06/05 12:49:36 | 000,001,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/10/08 07:01:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/10/08 07:01:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/10/08 07:01:47 | 000,370,688 | ---- | C] () -- C:\WINDOWS\uvekorilowadil.dll

[2004/10/08 07:01:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/10/08 07:01:47 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/10/08 07:01:47 | 000,175,996 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/10/08 07:01:47 | 000,150,934 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/10/08 07:01:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/10/08 07:01:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/10/08 07:01:47 | 000,004,666 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/10/08 07:01:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/10/08 07:01:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/10/08 07:01:47 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/04/14 15:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare

[2010/07/23 06:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2011/05/19 10:28:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS

[2010/04/16 23:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2011/02/21 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2009/12/22 00:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/03/18 08:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2010/09/07 18:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/05/12 18:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\.minecraft

[2009/12/22 00:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Aveyond I

[2011/05/21 00:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Azureus

[2010/06/18 19:51:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\CallingID

[2011/02/21 10:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\comcasttb

[2010/07/23 08:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\DAEMON Tools Lite

[2010/12/20 12:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Hothead Games

[2010/08/27 09:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Leadertech

[2011/05/19 10:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Lionhead Studios

[2010/08/31 10:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\My Games

[2009/11/06 03:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\OpenOffice.org

[2011/03/18 08:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\PunkBuster

[2011/04/05 18:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\RIFT

[2011/04/22 23:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\runic games

[2010/07/25 14:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\ScripterRon

[2011/05/17 15:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\SystemRequirementsLab

[2011/03/21 13:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\The Creative Assembly

[2010/04/17 09:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Turbine

[2011/03/18 08:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Ubisoft

[2010/07/23 09:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\VBA-M

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 5/23/2011 12:42:18 PM - Run 1

OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Kyle\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 82.89% Memory free

5.34 Gb Paging File | 4.89 Gb Available in Paging File | 91.69% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 67.70 Gb Free Space | 29.07% Space Free | Partition Type: NTFS

Computer Name: KYLE-CPU | User Name: Kyle | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe ()

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe ()

[HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe ()

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"ANTIVIRUSDISABLENOTIFY" = 0

"FIREWALLDISABLENOTIFY" = 0

"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"58540:TCP" = 58540:TCP:*:Enabled:Pando Media Booster

"58540:UDP" = 58540:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"58540:TCP" = 58540:TCP:*:Enabled:Pando Media Booster

"58540:UDP" = 58540:UDP:*:Enabled:Pando Media Booster

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster

"C:\Program Files\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe" = C:\Program Files\Dragon Age 2 Demo\bin_ship\DragonAge2Demo.exe:*:Enabled:Dragon Age II Demo

"C:\Program Files\Dragon Age 2 Demo\DragonAge2Launcher.exe" = C:\Program Files\Dragon Age 2 Demo\DragonAge2Launcher.exe:*:Enabled:Dragon Age II Demo Launcher

"C:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe" = C:\Program Files\Dragon Age 2\bin_ship\DragonAge2.exe:*:Enabled:Dragon Age II -- (BioWare)

"C:\Program Files\Dragon Age 2\DragonAge2Launcher.exe" = C:\Program Files\Dragon Age 2\DragonAge2Launcher.exe:*:Enabled:Dragon Age II Launcher -- (BioWare)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client

"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager

"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander

"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player

"C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe" = C:\Program Files\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe:*:Enabled:Dragon Age Origins Character Creator

"C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age Origins Character Creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Character Creator Launcher

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService

"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService

"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster

"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD

"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater

"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server

"C:\Program Files\World of Warcraft Beta\Launcher.exe" = C:\Program Files\World of Warcraft Beta\Launcher.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\Stunlock Studios\Bloodline Champions Beta\Binary\BloodlineChampionsLoader.exe" = C:\Program Files\Stunlock Studios\Bloodline Champions Beta\Binary\BloodlineChampionsLoader.exe:*:Enabled:Bloodline Champions

"C:\Program Files\World of Warcraft Beta\Launcher.patch.exe" = C:\Program Files\World of Warcraft Beta\Launcher.patch.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher

"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()

"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe" = C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood -- ()

"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe" = C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer -- ()

"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe" = C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update -- ()

"C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe" = C:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay -- (Ubisoft Entertainment)

"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

"C:\Program Files\Microsoft Games\Fable III\Fable3.exe" = C:\Program Files\Microsoft Games\Fable III\Fable3.exe:*:Enabled:Fable III -- (Lionhead Studios Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 21

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III

"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III

"{4D565319-8B91-41cb-961C-0DDC86101AC5}" = Dragon Age II Demo

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI

"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions

"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab

"{93352A14-437E-4DB2-9CB8-463D0649B5DE}" = MA111 Configuration Utility

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B35E04CF-3A12-4F91-9981-ECF1915BCE76}" = MA111 Configuration Utility

"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package

"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff

"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.65

"8461-7759-5462-8226" = Vuze

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Cheat Engine 6.0_is1" = Cheat Engine 6.0

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"Drakensang_TRoT_is1" = Drakensang - The River of Time

"DualCoreCenter_is1" = DualCoreCenter

"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War 1.6 Patch

"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War 1.3 Patch

"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch

"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War 1.7 Patch

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch

"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War 1.1 Patch

"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War 1.5 Patch

"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PunkBusterSvc" = PunkBuster Services

"Runic Games Torchlight" = Torchlight

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Super_nude_patch_II_1.0" = Super nude patch 3 1.0

"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)

"SystemRequirementsLab" = System Requirements Lab

"True Internet Color" = E-Color Indicator

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMIinfo" = WMIinfo

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/23/2011 12:27:56 PM | Computer Name = KYLE-CPU | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The connection with the server was terminated abnormally

Error - 5/23/2011 12:27:56 PM | Computer Name = KYLE-CPU | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/23/2011 12:59:11 PM | Computer Name = KYLE-CPU | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The connection with the server was terminated abnormally

Error - 5/23/2011 12:59:26 PM | Computer Name = KYLE-CPU | Source = crypt32 | ID = 131077

Description = Failed auto update retrieval of third-party root certificate from:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

with error: This operation returned because the timeout period expired.

Error - 5/23/2011 12:59:26 PM | Computer Name = KYLE-CPU | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The connection with the server was terminated abnormally

Error - 5/23/2011 12:59:27 PM | Computer Name = KYLE-CPU | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/23/2011 12:59:27 PM | Computer Name = KYLE-CPU | Source = crypt32 | ID = 131077

Description = Failed auto update retrieval of third-party root certificate from:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

with error: The specified server cannot perform the requested operation.

Error - 5/23/2011 12:59:27 PM | Computer Name = KYLE-CPU | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/23/2011 1:02:12 PM | Computer Name = KYLE-CPU | Source = LoadPerf | ID = 3012

Description = The performance strings in the Performance registry value is corrupted

when process Performance extension counter provider. BaseIndex value from Performance

registry

is the first DWORD in Data section, LastCounter value is the second DWORD in Data

section, and LastHelp value is the third DWORD in Data section.

Error - 5/23/2011 1:02:12 PM | Computer Name = KYLE-CPU | Source = LoadPerf | ID = 3011

Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)

failed. The Error code is the first DWORD in Data section.

[ System Events ]

Error - 5/23/2011 12:10:41 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7034

Description = The ForceWare IP service service terminated unexpectedly. It has

done this 1 time(s).

Error - 5/23/2011 12:10:46 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7034

Description = The iPod Service service terminated unexpectedly. It has done this

1 time(s).

Error - 5/23/2011 12:11:00 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 5/23/2011 12:43:00 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 2 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 5/23/2011 12:43:02 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7034

Description = The PnkBstrA service terminated unexpectedly. It has done this 1

time(s).

Error - 5/23/2011 1:38:31 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 5/23/2011 1:38:32 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7034

Description = The PnkBstrA service terminated unexpectedly. It has done this 1

time(s).

Error - 5/23/2011 1:38:34 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7034

Description = The iPod Service service terminated unexpectedly. It has done this

1 time(s).

Error - 5/23/2011 1:38:40 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7031

Description = The Media Center Extender Service service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in

5000 milliseconds: Restart the service.

Error - 5/23/2011 1:38:49 PM | Computer Name = KYLE-CPU | Source = Service Control Manager | ID = 7034

Description = The Bonjour Service service terminated unexpectedly. It has done

this 1 time(s).

< End of report >

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-23 12:43:36

-----------------------------

12:43:36.078 OS Version: Windows 5.1.2600 Service Pack 3

12:43:36.078 Number of processors: 2 586 0x6B02

12:43:36.078 ComputerName: KYLE-CPU UserName: Kyle

12:43:36.906 Initialize success

12:44:15.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

12:44:15.781 Disk 0 Vendor: ST3250410AS 4.AAA Size: 238475MB BusType: 3

12:44:15.781 Device \Driver\atapi -> DriverStartIo 8ae6d53b

12:44:15.781 Disk 0 MBR read error 0

12:44:15.781 Disk 0 MBR scan

12:44:15.781 Disk 0 unknown MBR code

12:44:15.781 MBR BIOS signature not found 0

12:44:15.781 Disk 0 scanning sectors +488376000

12:44:15.781 Disk 0 scanning C:\WINDOWS\system32\drivers

12:44:20.140 Service scanning

12:44:20.937 Disk 0 trace - called modules:

12:44:20.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ae6d6f0]<<

12:44:20.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeaaab8]

12:44:20.937 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000077[0x8aebd9e8]

12:44:20.937 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> [0x8aebcd98]

12:44:20.937 \Driver\atapi[0x8aef9a08] -> IRP_MJ_CREATE -> 0x8ae6d6f0

12:44:20.937 Scan finished successfully

12:44:34.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kyle\Desktop\MBR.dat"

12:44:34.406 The log file has been saved successfully to "C:\Documents and Settings\Kyle\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - [2011/05/23 10:31:55 | 000,344,064 | -HS- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bvc.exe
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - File not found
O3 - HKU\S-1-5-21-1417001333-861567501-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3 - HKU\S-1-5-21-1417001333-861567501-839522115-1003\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - File not found
O4 - HKLM..\Run: [framework] File not found
O4 - HKLM..\Run: [Turbine Download Manager Tray Icon] File not found
O4 - HKU\S-1-5-21-1417001333-861567501-839522115-1003..\Run: [CurseClient] File not found
O4 - HKU\S-1-5-21-1417001333-861567501-839522115-1003..\Run: [EA Core] File not found
O4 - HKU\S-1-5-21-1417001333-861567501-839522115-1003..\Run: [Pando Media Booster] File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O33 - MountPoints2\{7b857f78-d845-11df-b55e-00095b672347}\Shell - "" = AutoRun
O33 - MountPoints2\{7b857f78-d845-11df-b55e-00095b672347}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b857f78-d845-11df-b55e-00095b672347}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/05/23 12:00:14 | 000,003,302 | -HS- | M] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\t27p2s502nj4yp085y80r3nwi8f872
[2011/05/23 12:00:14 | 000,003,302 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\t27p2s502nj4yp085y80r3nwi8f872
[2011/05/23 10:32:19 | 000,001,390 | -HS- | M] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\851533308
[2011/05/23 10:32:19 | 000,001,390 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3747718582
[2011/05/23 10:32:19 | 000,001,386 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\851533308
:Files
ipconfig /flushdns /c
%systemroot%\Prefetch\*.*
%appdata%\*.exe
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" =-
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Copy log you get

Next

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Download ComboFix to your Dekstop from here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • Disable any realtime protection (AntiVirus,AntiSpyware...)so they don't interfere with ComboFix <- IMPORTANT!!
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

Share this post


Link to post
Share on other sites

Right... seems as tho combofix got rid off it

it scared the crap outa me but it fixed it :P

Sorry for posing the following like this but i cant attach files and don't know how to do the scroll box thing you did in the above post.

All processes killed

========== OTL ==========

No active process named bvc.exe was found!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

Registry value HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\framework deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Turbine Download Manager Tray Icon deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CurseClient deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.

Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}

C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700}

C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.

File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.

Starting removal of ActiveX control Microsoft XML Parser for Java

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b857f78-d845-11df-b55e-00095b672347}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b857f78-d845-11df-b55e-00095b672347}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b857f78-d845-11df-b55e-00095b672347}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b857f78-d845-11df-b55e-00095b672347}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b857f78-d845-11df-b55e-00095b672347}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b857f78-d845-11df-b55e-00095b672347}\ not found.

File F:\LaunchU3.exe not found.

C:\WINDOWS\003132_.tmp deleted successfully.

C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll deleted successfully.

C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder deleted successfully.

C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP\WiseCustomCalla.dll deleted successfully.

C:\WINDOWS\B83FC356B7C0441F8A4DD71E088E7974.TMP folder deleted successfully.

C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP\WiseCustomCalla.dll deleted successfully.

C:\WINDOWS\D56B0E274A3E46C9B5C1D93D580C099C.TMP folder deleted successfully.

C:\WINDOWS\msdownld.tmp folder deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\WINDOWS\System32\YoItzVlad.tmp deleted successfully.

C:\Documents and Settings\Kyle\Local Settings\Application Data\t27p2s502nj4yp085y80r3nwi8f872 moved successfully.

C:\Documents and Settings\All Users\Application Data\t27p2s502nj4yp085y80r3nwi8f872 moved successfully.

C:\Documents and Settings\Kyle\Local Settings\Application Data\851533308 moved successfully.

C:\Documents and Settings\All Users\Application Data\3747718582 moved successfully.

C:\Documents and Settings\All Users\Application Data\851533308 moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Kyle\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Kyle\Desktop\cmd.txt deleted successfully.

C:\WINDOWS\Prefetch\7ZFM.EXE-0E30BD4B.pf moved successfully.

C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-24548733.pf moved successfully.

C:\WINDOWS\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-1C6F3579.pf moved successfully.

C:\WINDOWS\Prefetch\BVC.EXE-3797D54E.pf moved successfully.

C:\WINDOWS\Prefetch\CHROME.EXE-017FC303.pf moved successfully.

C:\WINDOWS\Prefetch\CHROME.EXE-017FC306.pf moved successfully.

C:\WINDOWS\Prefetch\CHROME.EXE-017FC307.pf moved successfully.

C:\WINDOWS\Prefetch\CHROME.EXE-017FC30A.pf moved successfully.

C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf moved successfully.

C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf moved successfully.

C:\WINDOWS\Prefetch\DLLHOST.EXE-5353C76C.pf moved successfully.

C:\WINDOWS\Prefetch\DUALCORECENTER.EXE-24C78130.pf moved successfully.

C:\WINDOWS\Prefetch\EHRECVR.EXE-20796750.pf moved successfully.

C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf moved successfully.

C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-09F3BAEC.pf moved successfully.

C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.

C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf moved successfully.

C:\WINDOWS\Prefetch\JAVAW.EXE-2DC32ABC.pf moved successfully.

C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-24AE4A36.pf moved successfully.

C:\WINDOWS\Prefetch\LAUNCHER.EXE-0C731E7D.pf moved successfully.

C:\WINDOWS\Prefetch\Layout.ini moved successfully.

C:\WINDOWS\Prefetch\MCRDSVC.EXE-0560ADD0.pf moved successfully.

C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.

C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.

C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.

C:\WINDOWS\Prefetch\OTL.EXE-10488442.pf moved successfully.

C:\WINDOWS\Prefetch\PLUGIN-CONTAINER.EXE-15EDC9DD.pf moved successfully.

C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf moved successfully.

C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.

C:\WINDOWS\Prefetch\SSUPDATE.EXE-0FCFAE6D.pf moved successfully.

C:\WINDOWS\Prefetch\SUPERANTISPYWARE.EXE-07994D9B.pf moved successfully.

C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf moved successfully.

C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf moved successfully.

C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.

C:\WINDOWS\Prefetch\WITCHER2.EXE-0FF31D30.pf moved successfully.

C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf moved successfully.

C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf moved successfully.

C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.

C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf moved successfully.

C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.

File/Folder C:\Documents and Settings\Kyle\Application Data\*.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring deleted successfully.

========== COMMANDS ==========

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Kyle

->Temp folder emptied: 2913328006 bytes

->Temporary Internet Files folder emptied: 152209044 bytes

->Java cache emptied: 10241 bytes

->FireFox cache emptied: 48278366 bytes

->Google Chrome cache emptied: 383348445 bytes

->Flash cache emptied: 4699 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 87025 bytes

User: NetworkService

->Temp folder emptied: 589824 bytes

->Temporary Internet Files folder emptied: 242629642 bytes

->Flash cache emptied: 5921 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 223840443 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 112083980 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes

RecycleBin emptied: 11227552 bytes

Total Files Cleaned = 3,898.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Kyle

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 05232011_150624

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ComboFix 11-05-23.02 - Kyle 05/23/2011 15:28:37.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3195 [GMT -5:00]

Running from: c:\documents and settings\Kyle\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Kyle\Application Data\Adobe\plugs

c:\documents and settings\Kyle\Application Data\Adobe\shed

c:\documents and settings\Kyle\Local Settings\Application Data\{5BD8809A-20A5-4DC4-B872-01A56410F8A3}

c:\documents and settings\Kyle\Local Settings\Application Data\{5BD8809A-20A5-4DC4-B872-01A56410F8A3}\chrome.manifest

c:\documents and settings\Kyle\Local Settings\Application Data\{5BD8809A-20A5-4DC4-B872-01A56410F8A3}\chrome\content\_cfg.js

c:\documents and settings\Kyle\Local Settings\Application Data\{5BD8809A-20A5-4DC4-B872-01A56410F8A3}\chrome\content\overlay.xul

c:\documents and settings\Kyle\Local Settings\Application Data\{5BD8809A-20A5-4DC4-B872-01A56410F8A3}\install.rdf

c:\documents and settings\NetworkService\Local Settings\Application Data\bvc.exe

C:\install.exe

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbar.dll

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\windows\system32\install

c:\windows\system32\itlpfw32.dll

c:\windows\uvekorilowadil.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ITLPERF

-------\Service_itlperf

.

.

((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))

.

.

2011-05-23 20:06 . 2011-05-23 20:06 -------- d-----w- C:\_OTL

2011-05-23 16:14 . 2011-05-23 16:14 -------- d-----w- c:\documents and settings\Kyle\Application Data\SUPERAntiSpyware.com

2011-05-23 16:14 . 2011-05-23 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-05-23 16:13 . 2011-05-23 16:14 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-23 15:03 . 2011-05-23 15:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-05-22 23:36 . 2011-05-23 14:44 0 ----a-w- c:\windows\Qxizocukexugu.bin

2011-05-21 23:57 . 2011-05-21 23:57 -------- d-----w- c:\program files\Cheat Engine 6

2011-05-21 03:34 . 2011-05-21 03:34 -------- d-----w- c:\program files\CD Projekt RED

2011-05-19 15:32 . 2011-05-19 15:32 -------- d-----w- c:\documents and settings\Kyle\Lionhead Studios

2011-05-19 15:28 . 2011-05-19 15:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\DSS

2011-05-19 15:28 . 2011-05-19 15:28 -------- d-----w- c:\documents and settings\Kyle\Application Data\Lionhead Studios

2011-05-19 15:26 . 2011-05-19 15:26 -------- d-----w- c:\windows\system32\xlive

2011-05-19 15:26 . 2011-05-19 15:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE

2011-05-19 15:05 . 2011-05-19 15:05 -------- d-----w- c:\program files\Microsoft Games

2011-05-17 22:16 . 2011-05-17 22:16 -------- d-----w- c:\documents and settings\Kyle\Local Settings\Application Data\The Witcher 2

2011-05-17 22:05 . 2010-08-24 13:50 4368720 ----a-w- c:\windows\system32\mfc100u.dll

2011-05-17 21:24 . 2011-05-21 06:11 -------- d-----w- c:\program files\The Witcher 2

2011-05-12 21:33 . 2011-05-12 23:01 -------- d-----w- c:\documents and settings\Kyle\Application Data\.minecraft

2011-05-12 21:27 . 2011-05-12 21:28 -------- d-----w- c:\documents and settings\Kyle\Local Settings\Application Data\MCEdit

2011-04-25 19:25 . 2011-04-25 19:25 -------- d-----w- c:\windows\Super nude patch 3

2011-04-25 18:03 . 2011-04-25 19:00 -------- d-----w- c:\program files\Electronic Arts

2011-04-24 16:30 . 2011-04-25 13:46 -------- d-----w- c:\program files\Drakensang - The River of Time

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-09 23:55 . 2011-04-09 23:55 15453336 ----a-w- c:\windows\system32\xlive.dll

2011-04-09 23:55 . 2011-04-09 23:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll

2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-18 13:11 . 2009-03-01 20:37 189248 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-03-18 13:11 . 2009-03-01 20:36 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-03-07 05:33 . 2009-01-24 02:18 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45 . 2004-10-08 12:01 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2004-10-08 12:01 1857920 ----a-w- c:\windows\system32\win32k.sys

2009-04-01 03:47 . 2009-03-27 12:52 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]

"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2011-03-08 2356088]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-04 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-1-24 192512]

MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2009-1-23 1158144]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=

"c:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Microsoft Games\\Fable III\\Fable3.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58540:TCP"= 58540:TCP:Pando Media Booster

"58540:UDP"= 58540:UDP:Pando Media Booster

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/23/2010 7:01 AM 691696]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [1/24/2009 10:45 AM 28160]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/24/2009 10:06 AM 100456]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [8/8/2010 4:40 PM 19056]

R3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\system32\drivers\MA111nd5.sys [1/24/2009 10:59 AM 666624]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [5/5/2010 9:09 PM 23096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

itlsvc REG_MULTI_SZ itlperf

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

.

2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-861567501-839522115-1003Core.job

- c:\documents and settings\Kyle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 20:13]

.

2011-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-861567501-839522115-1003UA.job

- c:\documents and settings\Kyle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-17 20:13]

.

.

------- Supplementary Scan -------

.

uStart Page =

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvLsp.dll

TCP: {217E8EE2-FD0F-4A50-9BAE-641B665380C9} = 68.87.68.166,68.87.74.166

FF - ProfilePath - c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\9dt0b3ta.default\

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://kickass.wyzostart.com/s/?src=FF-Address&site=Bing&cfg=2-109-0-1A1Ut&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net

FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

HKLM-Run-Fcamidinigo - c:\windows\uvekorilowadil.dll

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

AddRemove-SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D} - c:\program files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe

AddRemove-True Internet Color - c:\program files\E-Color\E-Color Indicator\Uninst.isu

AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-23 15:40

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST3250410AS rev.4.AAA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8AF2B53B

user & kernel MBR OK

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"??"=hex:9b,4d,a9,be,f1,83,d5,c8,40,db,37,87,78,a4,4c,64,2f,64,e7,3a,77,fe,5e,

9b,40,60,c6,16,44,ef,90,98,fd,50,9d,9d,68,4d,d8,17,4e,4d,ef,9c,c9,fc,a5,8f,\

"??"=hex:a9,65,34,ef,b3,3a,1f,31,27,76,e5,ae,80,37,7f,8d

.

[HKEY_USERS\S-1-5-21-1417001333-861567501-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:eb,1d,be,e6,97,74,cd,8c,40,7c,35,38,93,46,2e,bc,f4,16,f2,93,3e,

5c,33,62,c5,02,8c,69,07,ae,ec,24,6b,c1,38,cb,04,99,98,6f,cd,86,85,55,34,0d,\

"rkeysecu"=hex:b1,c4,a5,2b,cb,44,fd,d6,ef,a7,ab,87,e8,d8,fb,2d

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(756)

c:\windows\system32\WININET.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'lsass.exe'(816)

c:\windows\system32\WININET.dll

c:\windows\system32\nvLsp.dll

.

- - - - - - - > 'explorer.exe'(236)

c:\windows\system32\WININET.dll

c:\windows\system32\nvLsp.dll

c:\program files\iTunes\iTunesMiniPlayer.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll

c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll

c:\windows\system32\ieframe.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

c:\windows\system32\dllhost.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\eHome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-05-23 15:45:11 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-23 20:45

.

Pre-Run: 76,664,516,608 bytes free

Post-Run: 76,625,170,432 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - CBA2EDDDF1A8C0AD61F0EF3645F8F5B3

Share this post


Link to post
Share on other sites
Sorry for posing the following like this but i cant attach files

I actually prefer them posted :mrgreen:

-Download TDSSKiller from here: http://support.kaspersky.com/downloads/utils/tdsskiller.zip and save it to your Desktop.

-Extract its contents to your desktop.

-Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

-If an infected file is detected, the default action will be Cure, click on Continue.

-If a suspicious file is detected, the default action will be Skip, click on Continue.

-It may ask you to reboot the computer to complete the process. Click on Reboot Now.

-If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

-If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

Copy and paste the contents of that file here.

Post the TDSSKiller log and a new OTL log please

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...