Backdoor.Bot

View previous topic View next topic Go down

Backdoor.Bot

Post by Shameless_egotist on Fri 22 Oct 2010, 10:08 am

I recently just removed Security Tools off of my computer. After removal I have some files still kicking around. Backdoor.Bot in the format of a file, memory process and registry value. MBAM and SAS are scanning, locating but failing to get rid of the files. As per the "Read Before Posting" thread I scanned my computer using OTL. The following post will be the results of the scan.

Shameless_egotist

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-21
Operating System : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Shameless_egotist on Fri 22 Oct 2010, 10:13 am

OTL logfile created on: 2010-10-21 4:14:08 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\James\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 41.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 510.68 Gb Free Space | 54.83% Space Free | Partition Type: NTFS
Drive D: | 16.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 291.83 Gb Total Space | 94.83 Gb Free Space | 32.50% Space Free | Partition Type: NTFS
Drive F: | 6.26 Gb Total Space | 0.88 Gb Free Space | 14.14% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 7.47 Gb Total Space | 3.50 Gb Free Space | 46.79% Space Free | Partition Type: FAT32

Computer Name: ANDI | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
PRC - [2010-10-20 17:41:14 | 000,102,912 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\svchost.exe
PRC - [2010-10-20 12:32:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-10-20 12:32:01 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010-10-19 09:43:43 | 000,123,904 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe
PRC - [2010-10-19 09:43:30 | 000,111,616 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\dwm.exe
PRC - [2010-10-12 21:19:35 | 009,115,800 | ---- | M] (Blizzard Entertainment) -- C:\Users\Public\World of Warcraft\Wow.exe
PRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-04-29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010-02-18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2008-09-16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
MOD - [2010-08-21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-03-01 20:35:38 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009-07-13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010-10-20 07:27:22 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-01-09 00:12:49 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009-06-10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-04-29 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008-09-16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-04-19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010-02-17 02:07:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-01-29 02:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009-07-31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009-07-13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009-06-10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009-06-10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009-06-10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-04-29 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009-02-13 07:21:20 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2009-02-13 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009-02-13 07:18:30 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2007-04-16 21:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2006-06-17 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010-02-17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\James\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010-02-17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\James\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys -- (SASKUTIL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.1
FF - prefs.js..extensions.enabledItems: {43402508-4063-4C73-887C-236E5D2C4DA3}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-20 12:32:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-20 12:36:42 | 000,000,000 | ---D | M]

[2010-02-17 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2010-02-17 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010-10-21 07:51:42 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\id5ujizt.default\extensions
[2010-10-21 07:51:38 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\id5ujizt.default\extensions\personas@christopher.beard
[2010-06-07 16:57:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\id5ujizt.default\extensions\toolbar@ask.com
[2010-10-20 12:36:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-10-20 12:36:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009-06-10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKCU..\Run: [Btmchk] C:\Users\James\AppData\Local\Temp\Adobe\AdobeRdrPlug.DLL File not found
O4 - HKCU..\Run: [svchost] C:\Users\James\AppData\Roaming\Microsoft\svchost.exe ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
F3:64bit: - HKCU WinNT: Load - (C:\Users\James\AppData\Local\Temp\dwm.exe) - C:\Users\James\AppData\Local\Temp\dwm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\James\AppData\Local\Temp\dwm.exe) - C:\Users\James\AppData\Local\Temp\dwm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-12-09 16:16:52 | 000,000,074 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-05-06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009-12-28 04:47:58 | 000,000,090 | ---- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{0bbe8fe9-1b94-11df-b10d-0018f3f168ce}\Shell - "" = AutoRun
O33 - MountPoints2\{0bbe8fe9-1b94-11df-b10d-0018f3f168ce}\Shell\AutoRun\command - "" = G:\Borderlands.exe -- File not found
O33 - MountPoints2\{2d3f68d5-fce2-11de-8eb7-0018f3f168ce}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3f68d5-fce2-11de-8eb7-0018f3f168ce}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- [2007-10-23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-10-21 16:04:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2010-10-21 03:15:16 | 001,710,310 | -H-- | C] () -- C:\Users\James\AppData\Local\IconCache.db
[2010-10-20 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010-10-20 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010-10-20 19:47:24 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010-10-20 19:47:24 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010-10-20 19:47:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010-10-20 19:47:24 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010-10-20 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Windows Live
[2010-10-20 19:31:26 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010-10-20 19:31:25 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010-10-20 19:31:25 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010-10-20 19:31:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010-10-20 19:31:25 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010-10-20 19:31:24 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010-10-20 19:31:24 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010-10-20 19:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010-10-20 16:21:49 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010-10-20 12:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-10-20 12:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010-10-20 12:36:42 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-10-20 12:36:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-10-20 12:36:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-10-20 12:36:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-10-19 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010-10-19 16:13:48 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
[2010-10-19 16:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010-10-19 16:11:47 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\Uwuwaguvimupagi.bin
[2010-10-19 09:15:13 | 001,196,032 | ---- | C] () -- C:\Users\James\AppData\Local\DELETE.exe
[2010-10-18 21:16:36 | 000,000,120 | ---- | C] () -- C:\Users\James\AppData\Local\Swipa.dat
[2010-10-18 21:16:35 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{43402508-4063-4C73-887C-236E5D2C4DA3}
[2010-10-12 15:53:07 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010-10-12 15:53:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010-10-12 15:53:07 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-10-12 15:53:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-10-12 15:53:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-10-12 15:53:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-10-12 15:53:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010-10-12 15:53:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010-10-12 15:53:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010-10-12 15:53:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010-10-12 15:53:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010-10-12 15:53:06 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010-10-12 15:53:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-10-12 15:53:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-10-12 15:49:55 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010-10-12 15:49:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010-10-12 15:49:46 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010-10-12 15:49:28 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010-10-12 15:49:06 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010-10-12 15:46:44 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010-10-12 15:46:44 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010-10-12 15:44:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010-10-12 15:44:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010-10-12 15:42:54 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010-10-12 15:42:54 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010-10-12 15:42:53 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010-10-12 15:42:52 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010-10-12 15:40:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-10-04 20:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010-10-04 20:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010-10-02 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\Pokemon Walls
[2010-07-11 04:32:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\winafx.log
[2010-06-07 13:32:59 | 000,790,828 | ---- | C] () -- C:\Users\James\AppData\Local\rx_image32.Cache
[2010-02-11 00:06:46 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010-02-11 00:06:46 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7DD47A1773.sys
[2010-01-27 03:08:03 | 000,005,632 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-08 03:25:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-01-08 00:02:04 | 000,065,952 | ---- | C] () -- C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-07-13 23:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2009-07-13 23:54:24 | 000,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2010-10-21 07:46:30 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-10-21 07:46:30 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-10-21 07:39:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-10-21 07:39:07 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-20 19:50:14 | 000,000,020 | ---- | M] () -- C:\Windows\HS
[2010-10-20 12:32:21 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-10-19 22:53:55 | 000,000,963 | ---- | M] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010-10-19 16:16:10 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-10-19 16:16:10 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-10-19 16:16:10 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-10-19 16:11:47 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\Uwuwaguvimupagi.bin
[2010-10-19 09:15:13 | 001,196,032 | ---- | M] () -- C:\Users\James\AppData\Local\DELETE.exe
[2010-10-18 21:16:36 | 000,000,120 | ---- | M] () -- C:\Users\James\AppData\Local\Swipa.dat
[2010-10-13 16:56:50 | 000,005,632 | ---- | M] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-13 03:14:48 | 000,304,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-10-12 21:18:26 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010-10-04 20:49:08 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-10-04 20:46:21 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-20 19:50:14 | 000,000,020 | ---- | C] () -- C:\Windows\HS
[2010-10-20 12:32:21 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-10-19 22:53:55 | 000,000,963 | ---- | C] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010-10-04 20:49:08 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-10-04 20:46:21 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010-06-07 14:23:14 | 000,000,387 | ---- | C] () -- C:\Windows\WININIT.INI
[2010-03-10 21:02:37 | 000,000,269 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009-07-13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2004-01-30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll

========== Custom Scans ==========


< >

< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2010-10-21 07:39:07 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-21 07:39:07 | 4293,451,776 | -HS- | M] () -- C:\pagefile.sys
[2010-02-10 16:14:48 | 000,483,312 | ---- | M] () -- C:\vcredist_x86.log

< %PROGRAMFILES%*. >
[2010-08-02 01:39:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2K Games
[2010-01-29 14:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010-02-17 02:35:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2010-02-07 02:09:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010-06-07 16:46:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2010-10-20 19:47:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2010-10-04 20:44:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010-10-19 22:53:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010-03-21 14:06:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010-10-20 12:36:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010-06-07 14:22:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2010-02-17 02:07:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010-02-17 02:28:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dragon Age
[2010-08-02 01:39:53 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010-10-13 03:13:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010-10-04 20:49:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010-10-20 12:36:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010-02-17 16:27:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2010-06-11 18:29:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-01-08 00:10:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010-03-07 13:41:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft LifeCam
[2010-06-29 15:03:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010-09-29 07:35:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010-06-27 07:03:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010-10-20 12:32:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010-10-20 19:47:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2010-02-14 08:00:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010-06-07 16:56:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2010-10-04 20:46:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010-01-08 03:22:06 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010-04-04 14:51:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Starcraft
[2010-08-18 13:43:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2010-10-20 17:41:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010-06-21 14:21:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Triumph Studios
[2009-07-13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010-09-29 07:35:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010-03-10 21:02:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ventrillo
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010-10-20 19:50:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010-04-20 02:05:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live Safety Center
[2010-05-16 07:16:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010-10-13 03:13:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009-07-14 00:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010-02-17 02:01:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winrar

< %appdata%*.* >


< MD5 for: AGP440.SYS >
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009-07-13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009-07-13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >
PRC - [2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
PRC - [2010-10-20 17:41:14 | 000,102,912 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\svchost.exe
PRC - [2010-10-20 12:32:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-10-20 12:32:01 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010-10-19 09:43:43 | 000,123,904 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe
PRC - [2010-10-19 09:43:30 | 000,111,616 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\dwm.exe
PRC - [2010-10-12 21:19:35 | 009,115,800 | ---- | M] (Blizzard Entertainment) -- C:\Users\Public\World of Warcraft\Wow.exe
PRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-04-29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010-02-18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2008-09-16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
MOD - [2010-08-21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-03-01 20:35:38 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009-07-13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010-10-20 07:27:22 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-01-09 00:12:49 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009-06-10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-04-29 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008-09-16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-04-19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010-02-17 02:07:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-01-29 02:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009-07-31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009-07-13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009-06-10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009-06-10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009-06-10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-04-29 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009-02-13 07:21:20 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2009-02-13 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009-02-13 07:18:30 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2007-04-16 21:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2006-06-17 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010-02-17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\James\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010-02-17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\James\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys -- (SASKUTIL)


Shameless_egotist

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-21
Operating System : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Shameless_egotist on Fri 22 Oct 2010, 10:13 am

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.1
FF - prefs.js..extensions.enabledItems: {43402508-4063-4C73-887C-236E5D2C4DA3}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-20 12:32:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-20 12:36:42 | 000,000,000 | ---D | M]

[2010-02-17 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2010-02-17 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010-10-21 07:51:42 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\id5ujizt.default\extensions
[2010-10-21 07:51:38 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\id5ujizt.default\extensions\personas@christopher.beard
[2010-06-07 16:57:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\id5ujizt.default\extensions\toolbar@ask.com
[2010-10-20 12:36:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-10-20 12:36:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009-06-10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKCU..\Run: [Btmchk] C:\Users\James\AppData\Local\Temp\Adobe\AdobeRdrPlug.DLL File not found
O4 - HKCU..\Run: [svchost] C:\Users\James\AppData\Roaming\Microsoft\svchost.exe ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
F3:64bit: - HKCU WinNT: Load - (C:\Users\James\AppData\Local\Temp\dwm.exe) - C:\Users\James\AppData\Local\Temp\dwm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\James\AppData\Local\Temp\dwm.exe) - C:\Users\James\AppData\Local\Temp\dwm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-12-09 16:16:52 | 000,000,074 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-05-06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009-12-28 04:47:58 | 000,000,090 | ---- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{0bbe8fe9-1b94-11df-b10d-0018f3f168ce}\Shell - "" = AutoRun
O33 - MountPoints2\{0bbe8fe9-1b94-11df-b10d-0018f3f168ce}\Shell\AutoRun\command - "" = G:\Borderlands.exe -- File not found
O33 - MountPoints2\{2d3f68d5-fce2-11de-8eb7-0018f3f168ce}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3f68d5-fce2-11de-8eb7-0018f3f168ce}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- [2007-10-23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-10-21 16:04:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2010-10-20 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010-10-20 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010-10-20 19:47:24 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010-10-20 19:47:24 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010-10-20 19:47:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010-10-20 19:47:24 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010-10-20 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Windows Live
[2010-10-20 19:31:26 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010-10-20 19:31:25 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010-10-20 19:31:25 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010-10-20 19:31:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010-10-20 19:31:25 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010-10-20 19:31:24 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010-10-20 19:31:24 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010-10-20 19:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010-10-20 16:21:49 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010-10-20 12:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-10-20 12:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010-10-20 12:36:42 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-10-20 12:36:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-10-20 12:36:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-10-20 12:36:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-10-19 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010-10-19 16:13:48 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
[2010-10-19 16:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010-10-18 21:16:35 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{43402508-4063-4C73-887C-236E5D2C4DA3}
[2010-10-12 15:53:07 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010-10-12 15:53:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010-10-12 15:53:07 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-10-12 15:53:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-10-12 15:53:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-10-12 15:53:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-10-12 15:53:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010-10-12 15:53:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010-10-12 15:53:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010-10-12 15:53:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010-10-12 15:53:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010-10-12 15:53:06 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010-10-12 15:53:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-10-12 15:53:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-10-12 15:49:55 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010-10-12 15:49:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010-10-12 15:49:46 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010-10-12 15:49:28 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010-10-12 15:49:06 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010-10-12 15:46:44 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010-10-12 15:46:44 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010-10-12 15:44:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010-10-12 15:44:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010-10-12 15:42:54 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010-10-12 15:42:54 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010-10-12 15:42:53 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010-10-12 15:42:52 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010-10-12 15:40:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-10-04 20:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010-10-04 20:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010-10-02 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\Pokemon Walls
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2010-10-21 07:46:30 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-10-21 07:46:30 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-10-21 07:39:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-10-21 07:39:07 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-20 19:50:14 | 000,000,020 | ---- | M] () -- C:\Windows\HS
[2010-10-20 12:32:21 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-10-19 22:53:55 | 000,000,963 | ---- | M] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010-10-19 16:16:10 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-10-19 16:16:10 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-10-19 16:16:10 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-10-19 16:11:47 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\Uwuwaguvimupagi.bin
[2010-10-19 09:15:13 | 001,196,032 | ---- | M] () -- C:\Users\James\AppData\Local\DELETE.exe
[2010-10-18 21:16:36 | 000,000,120 | ---- | M] () -- C:\Users\James\AppData\Local\Swipa.dat
[2010-10-13 16:56:50 | 000,005,632 | ---- | M] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-13 03:14:48 | 000,304,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-10-12 21:18:26 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010-10-04 20:49:08 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-10-04 20:46:21 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-20 19:50:14 | 000,000,020 | ---- | C] () -- C:\Windows\HS
[2010-10-20 12:32:21 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-10-19 22:53:55 | 000,000,963 | ---- | C] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010-10-19 16:11:47 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\Uwuwaguvimupagi.bin
[2010-10-19 09:15:13 | 001,196,032 | ---- | C] () -- C:\Users\James\AppData\Local\DELETE.exe
[2010-10-18 21:16:36 | 000,000,120 | ---- | C] () -- C:\Users\James\AppData\Local\Swipa.dat
[2010-10-04 20:49:08 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-10-04 20:46:21 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010-07-11 04:32:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\winafx.log
[2010-06-07 14:23:14 | 000,000,387 | ---- | C] () -- C:\Windows\WININIT.INI
[2010-06-07 13:32:59 | 000,790,828 | ---- | C] () -- C:\Users\James\AppData\Local\rx_image32.Cache
[2010-03-10 21:02:37 | 000,000,269 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010-02-11 00:06:46 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010-02-11 00:06:46 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7DD47A1773.sys
[2010-01-27 03:08:03 | 000,005,632 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-08 03:25:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-07-13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2004-01-30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll

========== Custom Scans ==========


< >

< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2010-10-21 07:39:07 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-21 07:39:07 | 4293,451,776 | -HS- | M] () -- C:\pagefile.sys
[2010-02-10 16:14:48 | 000,483,312 | ---- | M] () -- C:\vcredist_x86.log

< %PROGRAMFILES%*. >
[2010-08-02 01:39:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2K Games
[2010-01-29 14:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010-02-17 02:35:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2010-02-07 02:09:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010-06-07 16:46:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2010-10-20 19:47:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2010-10-04 20:44:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010-10-19 22:53:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010-03-21 14:06:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010-10-20 12:36:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010-06-07 14:22:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2010-02-17 02:07:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010-02-17 02:28:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dragon Age
[2010-08-02 01:39:53 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010-10-13 03:13:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010-10-04 20:49:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010-10-20 12:36:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010-02-17 16:27:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2010-06-11 18:29:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-01-08 00:10:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010-03-07 13:41:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft LifeCam
[2010-06-29 15:03:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010-09-29 07:35:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010-06-27 07:03:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010-10-20 12:32:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010-10-20 19:47:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2010-02-14 08:00:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010-06-07 16:56:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2010-10-04 20:46:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010-01-08 03:22:06 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010-04-04 14:51:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Starcraft
[2010-08-18 13:43:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2010-10-20 17:41:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010-06-21 14:21:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Triumph Studios
[2009-07-13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010-09-29 07:35:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010-03-10 21:02:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ventrillo
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010-10-20 19:50:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010-04-20 02:05:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live Safety Center
[2010-05-16 07:16:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010-10-13 03:13:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009-07-14 00:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010-02-17 02:01:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winrar

< %appdata%*.* >


< MD5 for: AGP440.SYS >
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009-07-13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009-07-13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >

Shameless_egotist

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-21
Operating System : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Shameless_egotist on Fri 22 Oct 2010, 10:14 am

PRC - [2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
PRC - [2010-10-20 17:41:14 | 000,102,912 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\svchost.exe
PRC - [2010-10-20 12:32:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010-10-20 12:32:01 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010-10-19 09:43:43 | 000,123,904 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe
PRC - [2010-10-19 09:43:30 | 000,111,616 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\dwm.exe
PRC - [2010-10-12 21:19:35 | 009,115,800 | ---- | M] (Blizzard Entertainment) -- C:\Users\Public\World of Warcraft\Wow.exe
PRC - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-04-29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008-09-16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
MOD - [2010-08-21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-03-01 20:35:38 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009-07-13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010-10-20 07:27:22 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-08-13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-01-09 00:12:49 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-07-26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009-06-10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-04-29 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008-09-16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-04-19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010-02-17 02:07:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010-01-29 02:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009-07-31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009-07-13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009-06-10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009-06-10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009-06-10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-04-29 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009-02-13 07:21:20 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2009-02-13 07:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009-02-13 07:18:30 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2007-04-16 21:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2006-06-17 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010-02-17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\James\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010-02-17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\James\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys -- (SASKUTIL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.6.1
FF - prefs.js..extensions.enabledItems: {43402508-4063-4C73-887C-236E5D2C4DA3}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010-10-20 12:32:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010-10-20 12:36:42 | 000,000,000 | ---D | M]

[2010-02-17 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2010-02-17 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010-10-21 07:51:42 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\id5ujizt.default\extensions
[2010-10-21 07:51:38 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\id5ujizt.default\extensions\personas@christopher.beard
[2010-06-07 16:57:17 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\id5ujizt.default\extensions\toolbar@ask.com
[2010-10-20 12:36:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010-10-20 12:36:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009-06-10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKCU..\Run: [Btmchk] C:\Users\James\AppData\Local\Temp\Adobe\AdobeRdrPlug.DLL File not found
O4 - HKCU..\Run: [svchost] C:\Users\James\AppData\Roaming\Microsoft\svchost.exe ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
F3:64bit: - HKCU WinNT: Load - (C:\Users\James\AppData\Local\Temp\dwm.exe) - C:\Users\James\AppData\Local\Temp\dwm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\James\AppData\Local\Temp\dwm.exe) - C:\Users\James\AppData\Local\Temp\dwm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-12-09 16:16:52 | 000,000,074 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-05-06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009-12-28 04:47:58 | 000,000,090 | ---- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{0bbe8fe9-1b94-11df-b10d-0018f3f168ce}\Shell - "" = AutoRun
O33 - MountPoints2\{0bbe8fe9-1b94-11df-b10d-0018f3f168ce}\Shell\AutoRun\command - "" = G:\Borderlands.exe -- File not found
O33 - MountPoints2\{2d3f68d5-fce2-11de-8eb7-0018f3f168ce}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3f68d5-fce2-11de-8eb7-0018f3f168ce}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- [2007-10-23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Shameless_egotist

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-21
Operating System : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Shameless_egotist on Fri 22 Oct 2010, 10:15 am

========== Files/Folders - Created Within 30 Days ==========

[2010-10-21 16:04:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2010-10-20 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010-10-20 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010-10-20 19:47:24 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010-10-20 19:47:24 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010-10-20 19:47:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010-10-20 19:47:24 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010-10-20 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Windows Live
[2010-10-20 19:31:26 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010-10-20 19:31:25 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010-10-20 19:31:25 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010-10-20 19:31:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010-10-20 19:31:25 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010-10-20 19:31:24 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010-10-20 19:31:24 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010-10-20 19:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010-10-20 16:21:49 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010-10-20 12:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-10-20 12:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010-10-20 12:36:42 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-10-20 12:36:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-10-20 12:36:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-10-20 12:36:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-10-19 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010-10-19 16:13:48 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
[2010-10-19 16:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010-10-18 21:16:35 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{43402508-4063-4C73-887C-236E5D2C4DA3}
[2010-10-12 15:53:07 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010-10-12 15:53:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010-10-12 15:53:07 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-10-12 15:53:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-10-12 15:53:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-10-12 15:53:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-10-12 15:53:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010-10-12 15:53:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010-10-12 15:53:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010-10-12 15:53:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010-10-12 15:53:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010-10-12 15:53:06 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010-10-12 15:53:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-10-12 15:53:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-10-12 15:49:55 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010-10-12 15:49:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010-10-12 15:49:46 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010-10-12 15:49:28 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010-10-12 15:49:06 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010-10-12 15:46:44 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010-10-12 15:46:44 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010-10-12 15:44:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010-10-12 15:44:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010-10-12 15:42:54 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010-10-12 15:42:54 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010-10-12 15:42:53 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010-10-12 15:42:52 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010-10-12 15:40:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-10-04 20:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010-10-04 20:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010-10-02 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\Pokemon Walls
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2010-10-21 07:46:30 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-10-21 07:46:30 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-10-21 07:39:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-10-21 07:39:07 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-20 19:50:14 | 000,000,020 | ---- | M] () -- C:\Windows\HS
[2010-10-20 12:32:21 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-10-19 22:53:55 | 000,000,963 | ---- | M] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010-10-19 16:16:10 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-10-19 16:16:10 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-10-19 16:16:10 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-10-19 16:11:47 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\Uwuwaguvimupagi.bin
[2010-10-19 09:15:13 | 001,196,032 | ---- | M] () -- C:\Users\James\AppData\Local\DELETE.exe
[2010-10-18 21:16:36 | 000,000,120 | ---- | M] () -- C:\Users\James\AppData\Local\Swipa.dat
[2010-10-13 16:56:50 | 000,005,632 | ---- | M] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-13 03:14:48 | 000,304,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-10-12 21:18:26 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010-10-04 20:49:08 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-10-04 20:46:21 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-20 19:50:14 | 000,000,020 | ---- | C] () -- C:\Windows\HS
[2010-10-20 12:32:21 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-10-19 22:53:55 | 000,000,963 | ---- | C] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010-10-19 16:11:47 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\Uwuwaguvimupagi.bin
[2010-10-19 09:15:13 | 001,196,032 | ---- | C] () -- C:\Users\James\AppData\Local\DELETE.exe
[2010-10-18 21:16:36 | 000,000,120 | ---- | C] () -- C:\Users\James\AppData\Local\Swipa.dat
[2010-10-04 20:49:08 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-10-04 20:46:21 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010-07-11 04:32:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\winafx.log
[2010-06-07 14:23:14 | 000,000,387 | ---- | C] () -- C:\Windows\WININIT.INI
[2010-06-07 13:32:59 | 000,790,828 | ---- | C] () -- C:\Users\James\AppData\Local\rx_image32.Cache
[2010-03-10 21:02:37 | 000,000,269 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010-02-11 00:06:46 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010-02-11 00:06:46 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7DD47A1773.sys
[2010-01-27 03:08:03 | 000,005,632 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-08 03:25:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-07-13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2004-01-30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll

========== Custom Scans ==========


< >

< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2010-10-21 07:39:07 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-21 07:39:07 | 4293,451,776 | -HS- | M] () -- C:\pagefile.sys
[2010-02-10 16:14:48 | 000,483,312 | ---- | M] () -- C:\vcredist_x86.log

< %PROGRAMFILES%*. >
[2010-08-02 01:39:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2K Games
[2010-01-29 14:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010-02-17 02:35:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2010-02-07 02:09:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010-06-07 16:46:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2010-10-20 19:47:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2010-10-04 20:44:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010-10-19 22:53:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010-03-21 14:06:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010-10-20 12:36:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010-06-07 14:22:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2010-02-17 02:07:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010-02-17 02:28:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dragon Age
[2010-08-02 01:39:53 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010-10-13 03:13:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010-10-04 20:49:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010-10-20 12:36:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010-02-17 16:27:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2010-06-11 18:29:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-01-08 00:10:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010-03-07 13:41:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft LifeCam
[2010-06-29 15:03:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010-09-29 07:35:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010-06-27 07:03:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010-10-20 12:32:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010-10-20 19:47:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2010-02-14 08:00:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010-06-07 16:56:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2010-10-04 20:46:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010-01-08 03:22:06 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010-04-04 14:51:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Starcraft
[2010-08-18 13:43:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2010-10-20 17:41:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010-06-21 14:21:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Triumph Studios
[2009-07-13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010-09-29 07:35:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010-03-10 21:02:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ventrillo
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010-10-20 19:50:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010-04-20 02:05:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live Safety Center
[2010-05-16 07:16:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010-10-13 03:13:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009-07-14 00:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010-02-17 02:01:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winrar

< %appdata%*.* >


< MD5 for: AGP440.SYS >
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009-07-13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009-07-13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >
O4 - HKCU..\Run: [Btmchk] C:\Users\James\AppData\Local\Temp\Adobe\AdobeRdrPlug.DLL File not found
O4 - HKCU..\Run: [svchost] C:\Users\James\AppData\Roaming\Microsoft\svchost.exe ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
F3:64bit: - HKCU WinNT: Load - (C:\Users\James\AppData\Local\Temp\dwm.exe) - C:\Users\James\AppData\Local\Temp\dwm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\James\AppData\Local\Temp\dwm.exe) - C:\Users\James\AppData\Local\Temp\dwm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-12-09 16:16:52 | 000,000,074 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-05-06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009-12-28 04:47:58 | 000,000,090 | ---- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{0bbe8fe9-1b94-11df-b10d-0018f3f168ce}\Shell - "" = AutoRun
O33 - MountPoints2\{0bbe8fe9-1b94-11df-b10d-0018f3f168ce}\Shell\AutoRun\command - "" = G:\Borderlands.exe -- File not found
O33 - MountPoints2\{2d3f68d5-fce2-11de-8eb7-0018f3f168ce}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3f68d5-fce2-11de-8eb7-0018f3f168ce}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- [2007-10-23 02:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-10-21 16:04:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2010-10-20 19:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010-10-20 19:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2010-10-20 19:47:24 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010-10-20 19:47:24 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010-10-20 19:47:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010-10-20 19:47:24 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010-10-20 19:31:37 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\Windows Live
[2010-10-20 19:31:26 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010-10-20 19:31:25 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2010-10-20 19:31:25 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010-10-20 19:31:25 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010-10-20 19:31:25 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010-10-20 19:31:24 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010-10-20 19:31:24 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010-10-20 19:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010-10-20 16:21:49 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010-10-20 12:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010-10-20 12:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010-10-20 12:36:42 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010-10-20 12:36:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010-10-20 12:36:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010-10-20 12:36:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010-10-19 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010-10-19 16:13:48 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
[2010-10-19 16:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010-10-18 21:16:35 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\{43402508-4063-4C73-887C-236E5D2C4DA3}
[2010-10-12 15:53:07 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010-10-12 15:53:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010-10-12 15:53:07 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010-10-12 15:53:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010-10-12 15:53:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010-10-12 15:53:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010-10-12 15:53:07 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010-10-12 15:53:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010-10-12 15:53:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010-10-12 15:53:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010-10-12 15:53:06 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010-10-12 15:53:06 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010-10-12 15:53:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010-10-12 15:53:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010-10-12 15:49:55 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010-10-12 15:49:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010-10-12 15:49:46 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010-10-12 15:49:28 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010-10-12 15:49:06 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010-10-12 15:46:44 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010-10-12 15:46:44 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010-10-12 15:44:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010-10-12 15:44:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010-10-12 15:42:54 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010-10-12 15:42:54 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010-10-12 15:42:53 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010-10-12 15:42:52 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010-10-12 15:40:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010-10-04 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010-10-04 20:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010-10-04 20:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010-10-02 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\Pokemon Walls
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-10-21 16:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.com
[2010-10-21 07:46:30 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-10-21 07:46:30 | 000,015,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-10-21 07:39:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-10-21 07:39:07 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-20 19:50:14 | 000,000,020 | ---- | M] () -- C:\Windows\HS
[2010-10-20 12:32:21 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-10-19 22:53:55 | 000,000,963 | ---- | M] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010-10-19 16:16:10 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-10-19 16:16:10 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-10-19 16:16:10 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-10-19 16:11:47 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Local\Uwuwaguvimupagi.bin
[2010-10-19 09:15:13 | 001,196,032 | ---- | M] () -- C:\Users\James\AppData\Local\DELETE.exe
[2010-10-18 21:16:36 | 000,000,120 | ---- | M] () -- C:\Users\James\AppData\Local\Swipa.dat
[2010-10-13 16:56:50 | 000,005,632 | ---- | M] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-10-13 03:14:48 | 000,304,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-10-12 21:18:26 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010-10-04 20:49:08 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-10-04 20:46:21 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-10-20 19:50:14 | 000,000,020 | ---- | C] () -- C:\Windows\HS
[2010-10-20 12:32:21 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-10-19 22:53:55 | 000,000,963 | ---- | C] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010-10-19 16:11:47 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Local\Uwuwaguvimupagi.bin
[2010-10-19 09:15:13 | 001,196,032 | ---- | C] () -- C:\Users\James\AppData\Local\DELETE.exe
[2010-10-18 21:16:36 | 000,000,120 | ---- | C] () -- C:\Users\James\AppData\Local\Swipa.dat
[2010-10-04 20:49:08 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-10-04 20:46:21 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010-07-11 04:32:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\winafx.log
[2010-06-07 14:23:14 | 000,000,387 | ---- | C] () -- C:\Windows\WININIT.INI
[2010-06-07 13:32:59 | 000,790,828 | ---- | C] () -- C:\Users\James\AppData\Local\rx_image32.Cache
[2010-03-10 21:02:37 | 000,000,269 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010-02-11 00:06:46 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010-02-11 00:06:46 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7DD47A1773.sys
[2010-01-27 03:08:03 | 000,005,632 | ---- | C] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-08 03:25:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-07-13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008-10-07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008-10-07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008-10-07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2004-01-30 15:07:46 | 000,245,408 | ---- | C] () -- C:\Windows\SysWow64\unicows.dll

========== Custom Scans ==========


< >

< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2010-10-21 07:39:07 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010-10-21 07:39:07 | 4293,451,776 | -HS- | M] () -- C:\pagefile.sys
[2010-02-10 16:14:48 | 000,483,312 | ---- | M] () -- C:\vcredist_x86.log

< %PROGRAMFILES%*. >
[2010-08-02 01:39:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2K Games
[2010-01-29 14:50:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010-02-17 02:35:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2010-02-07 02:09:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010-06-07 16:46:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ask.com
[2010-10-20 19:47:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bing Bar Installer
[2010-10-04 20:44:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010-10-19 22:53:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010-03-21 14:06:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010-10-20 12:36:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010-06-07 14:22:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2010-02-17 02:07:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010-02-17 02:28:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dragon Age
[2010-08-02 01:39:53 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010-10-13 03:13:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010-10-04 20:49:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010-10-20 12:36:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010-02-17 16:27:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2010-06-11 18:29:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-01-08 00:10:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010-03-07 13:41:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft LifeCam
[2010-06-29 15:03:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010-09-29 07:35:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010-06-27 07:03:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010-10-20 12:32:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010-10-20 19:47:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN Toolbar
[2010-02-14 08:00:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010-06-07 16:56:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2010-10-04 20:46:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010-01-08 03:22:06 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010-04-04 14:51:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Starcraft
[2010-08-18 13:43:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2010-10-20 17:41:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010-06-21 14:21:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Triumph Studios
[2009-07-13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010-09-29 07:35:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010-03-10 21:02:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ventrillo
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010-10-20 19:50:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010-04-20 02:05:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live Safety Center
[2010-05-16 07:16:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010-10-13 03:13:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009-07-14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009-07-14 00:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009-07-14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010-02-17 02:01:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winrar

< %appdata%*.* >


< MD5 for: AGP440.SYS >
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009-07-13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009-07-13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >

< MD5 for: [2009-07-13 19:06:34 | 000,089,600 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009-07-13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< MD5 for: [2009-07-13 20:15:06 | 000,012,288 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: [2009-07-13 20:16:02 | 000,563,712 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: [2009-07-13 20:16:13 | 000,175,616 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\scecli.dll
[2009-07-13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

< MD5 for: [2009-07-13 20:40:20 | 000,018,944 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: [2009-07-13 20:41:52 | 000,692,736 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

< MD5 for: [2009-07-13 20:41:53 | 000,232,448 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: [2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA CORPORATION) >
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: [2009-07-13 20:47:48 | 000,073,280 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009-07-13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: [2009-07-13 20:48:04 | 000,410,688 | ---- | M] (INTEL CORPORATION) >
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: [2009-07-13 20:52:21 | 000,024,128 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: [2009-07-13 20:52:21 | 000,061,008 | ---- | M] (MICROSOFT CORPORATION) >
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >

Shameless_egotist

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-21
Operating System : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Shameless_egotist on Fri 22 Oct 2010, 10:15 am

Ok so that seems like alot but I hope it helps.

Shameless_egotist

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-21
Operating System : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Belahzur on Fri 22 Oct 2010, 11:02 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010-10-20 17:41:14 | 000,102,912 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\svchost.exe
    PRC - [2010-10-19 09:43:43 | 000,123,904 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\shell.exe
    PRC - [2010-10-19 09:43:30 | 000,111,616 | ---- | M] () -- C:\Users\James\AppData\Local\Temp\dwm.exe
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKCU..\Run: [svchost] C:\Users\James\AppData\Roaming\Microsoft\svchost.exe ()

    :files
    C:\Users\James\AppData\Roaming\Microsoft\svchost.exe

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Shameless_egotist on Fri 22 Oct 2010, 11:56 am

Log after restart from OTL:

All processes killed
========== OTL ==========
No active process named svchost.exe was found!
No active process named shell.exe was found!
No active process named dwm.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.
File C:\Users\James\AppData\Roaming\Microsoft\svchost.exe not found.
========== FILES ==========
File\Folder C:\Users\James\AppData\Roaming\Microsoft\svchost.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: James
->Temp folder emptied: 66033607 bytes
->Temporary Internet Files folder emptied: 1495540 bytes
->Java cache emptied: 40328941 bytes
->FireFox cache emptied: 78492115 bytes
->Flash cache emptied: 47226 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 128666 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50397 bytes
RecycleBin emptied: 4581817 bytes

Total Files Cleaned = 183.00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10212010_194507

Files\Folders moved on Reboot...
C:\Users\James\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UBVRJ6Q\01[1].htm not found!
File\Folder C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UBVRJ6Q\ADSAdClient31[1].txt not found!

Registry entries deleted on Reboot...

Shameless_egotist

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-21
Operating System : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Shameless_egotist on Fri 22 Oct 2010, 11:58 am

Ran MBAM and those same things registered as infected once again.

Shameless_egotist

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-21
Operating System : Windows 7

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Belahzur on Sat 23 Oct 2010, 10:59 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Backdoor.Bot

Post by Sponsored content Today at 4:36 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum