Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Background program keeps de-selecting my current application

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Background program keeps de-selecting my current application

Unread postby Bold » April 2nd, 2010, 12:26 am

Dell Vostro 2150
Windows XP SP3

Symptom: At random times I will be writing in an application or on a forum and something causes it to be 'de-selected.' That is, my application will stop registering my typing - as if I had clicked on the Windows Toolbar. Occasionally I'll be able to catch the program/process' icon if I alt-tab (see attached), which calls itself Registrar. This happens intermittently and I've found no timing/pattern to it yet. Once, the process appeared to open IE and send out some automated spam through a hotmail account. I have only seen this behavior once, but clearly it's malicious.

My HiJack this log file:
Code: Select all
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:13 PM, on 4/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\BOLD\LOCALS~1\Temp\~temp\hmml45\csrss.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\sessmgr.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeBridge] //~
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare\AWC.exe" /startup
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\System32\drivers\spoolsv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\BOLD\LOCALS~1\Temp\cisvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\cmstp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\BOLD\APPLIC~1\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\WINDOWS\System\mstsc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\BOLD\LOCALS~1\Temp\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\System32\drivers\spoolsv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\rsvp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\DOCUME~1\BOLD\LOCALS~1\Temp\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258389455359
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9f9baeab53ff0) (gupdate1c9f9baeab53ff0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13084 bytes


The Uninstall list:
Code: Select all
AC3Filter 1.61b
Acrobat.com
Acrobat.com
Active Desktop Calendar 7.75
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Design Premium
Adobe Creative Suite 4 Design Premium
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Advanced SystemCare 3
Advanced Video FX Engine
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
Age of Mythology Gold
Aliens vs. Predator 2
Aliens vs. Predator 2 Tools
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
Audacity 1.3.9 (Unicode)
Autodesk DirectConnect 2009
Battlecraft 1942
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Beyond Good & Evil
BioShock
BitDefender Antivirus 2009
Bonjour
Brother HL-4070CDW
Brother MFL-Pro Suite
Celtx (2.7)
Choice Guard
CmdHere Powertoy For Windows XP
Col. Cruachan's RFA Explorer
Compatibility Pack for the 2007 Office system
Connect
Critical Update for Windows Media Player 11 (KB959772)
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
Diablo II
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Dragon UnPACKer 5
Dungeon Siege 2
Dungeon Siege II Tool Kit 1.1
DVD Decrypter (Remove Only)
Easy CD-DA Extractor 12
Empires Dawn of the Modern World
eMule
EphPod
FFmpeg for Audacity on Windows
FileZilla Client 3.3.2.1
Final Draft
Font Xplorer 1.2.2 
Freeplane
Game Maker 8.0
Google Earth
Google SketchUp Pro 7
Google Update Helper
Google Updater
Grand Theft Auto IV
GTAIII
Half-Life 2: Lost Coast
Half-Life(R) 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB938759)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Internet Explorer Developer Toolbar
iTunes
Java(TM) 6 Update 15
Junk Mail filter update
Karaoke CD+G Creator
K-Lite Mega Codec Pack 5.1.0
kuler
LAME v3.98.2 for Audacity
Laptop Integrated Webcam Driver (1.01.01.0529)  
Live! Cam Avatar v1.0
Logitech MouseWare 9.79.1 
Maya 2009
Maya 2009 Documentation (en_US)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
MSXML4 Parser
nCleaner second 2.3.4.0
Nero 7 Ultra Edition
neroxml
Neverwinter Nights 2
New AoE3 Editor 2
Notepad++
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
OpenAL
Opera 10.10
OVT Scanner
PaperPort Image Printer
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
PowerDVD
Psychonauts
PunkBuster Services
QuickSet
QuickTime
RAD Video Tools
Realtek High Definition Audio Driver
REALTEK RTL8187 Wireless LAN Driver and Utility
Renamer 1.1
Rockstar Games Social Club
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safari
ScanSoft PaperPort 11
Screencaster Plug-in for FF
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Serious Sam 2
Skype web features
Skype™ 4.1
Smart Defrag
Sonic CinePlayer Decoder Pack
Source SDK
SourceGear DiffMerge
Spybot - Search & Destroy
SpywareBlaster 4.2
Steam(TM)
Suite Shared Configuration CS4
SuperNotecard for Scriptwriting 1.9
System Shock2
TagScanner 5.0 build 532
The Suffering: Ties That Bind
TmUnitedForever
Tomb Raider:
Tron 2.0
UE3Redist
UE3Redist
Unreal Tournament 3
Unreal Tournament G.O.T.Y. Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Tablet Manager
VC80CRTRedist - 8.0.50727.762
VDMSound
VST Bridge 1.1
VUE 3.0
Warzone 2100
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
WinRAR archiver
WinRez LT Studio
WinZip 12.0
Wolfenstein
Wolfenstein(TM) 1.11 Patch
X-Lite 3.0


These are reg entries which I believe to be part of the culprit:
Code: Select all
Author : Local AppWizard-Generated Applications
Software : Registrar
Age : New

HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Registrar\Recent File List
HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Registrar\Settings
HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\Registrar
HKEY_CLASSES_ROOT\ATL.Registrar
HKEY_CLASSES_ROOT\EventRegistrar.EventRegistrar
HKEY_CLASSES_ROOT\EventRegistrar.EventRegistrar.1


As mentioned, attached is the Alt-Tab icon that appears when the process is interrupting my workflow. Any/all help is greatly appreciated!
You do not have the required permissions to view the files attached to this post.
Bold
Active Member
 
Posts: 8
Joined: April 1st, 2010, 11:56 pm
Advertisement
Register to Remove

Re: Background program keeps de-selecting my current application

Unread postby MWR 3 day Mod » April 5th, 2010, 5:55 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Background program keeps de-selecting my current application

Unread postby deltalima » April 6th, 2010, 3:18 pm

Hi Bold,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

CKScanner

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please paste direct into the reply, there is no need for a code box.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Background program keeps de-selecting my current application

Unread postby Bold » April 7th, 2010, 1:04 am

Thanks for the reply!
The CKFiles.txt output file was empty.

The OTX file:

OTL logfile created on: 4/6/2010 9:55:37 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\BOLD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 111.92 Gb Free Space | 37.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOLD_LAPTOP
Current User Name: BOLD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BOLD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\BOLD\Local Settings\Temp\~temp\aiunml221\smss.exe (TODO: <Company name>)
PRC - C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\BOLD\Local Settings\Application Data\clipsrv.exe ()
PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe ()
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ATWTUSB.EXE ()
PRC - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\BOLD\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe ()
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (dfmirage) -- C:\WINDOWS\system32\drivers\dfmirage.sys (DemoForge, LLC)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (OEM13Vid) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys (Creative Technology Ltd.)
DRV - (OEM13Vfx) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM13Afx) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys (Creative Technology Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (APL531) -- C:\WINDOWS\system32\drivers\ov550i.sys (Omnivision Technologies, Inc.)
DRV - (aiptektp) -- C:\WINDOWS\system32\drivers\aiptektp.sys (WALTOP International Corp.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\lmouflt2.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.)
DRV - (tandpl) -- C:\WINDOWS\system32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\WINDOWS\system32\drivers\enodpl.sys ()
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2010/03/30 20:44:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 20:07:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 20:07:12 | 000,000,000 | ---D | M]

[2010/01/22 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Extensions
[2010/01/22 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/04/06 15:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions
[2009/11/19 17:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/07/31 16:50:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/18 15:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions\firebug@software.joehewitt.com
[2010/03/18 15:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions\staged-xpis
[2010/04/06 15:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/12 09:14:47 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/09/22 14:14:24 | 000,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npDimdimControl.dll
[2006/08/09 03:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll

O1 HOSTS File: ([2010/03/17 23:03:02 | 000,380,737 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 13117 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot S&D\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [atwtusb] C:\WINDOWS\System32\ATWTUSB.EXE ()
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)
O4 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare\AWC.exe (IObit)
O4 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare\Sup_SmartRAM.exe (IObit)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.DLL (Microsoft Corporation)
F3 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006 WinNT: Load - (C:\WINDOWS\sessmgr.exe) - C:\WINDOWS\sessmgr.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Spool = C:\WINDOWS\System32\drivers\spoolsv.exe /waitservice ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ClipSrv = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Cisvc = C:\DOCUME~1\BOLD\LOCALS~1\Temp\cisvc.exe /waitservice File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Esent Utl = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe /waitservice ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DllHst = C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: CmSTP = C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\cmstp.exe /waitservice ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Logman = C:\DOCUME~1\BOLD\APPLIC~1\logman.exe /waitservice ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Mstsc = C:\WINDOWS\System\mstsc.exe /waitservice ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: IEudinit = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice ()
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: IEudinit = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice ()
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ComRepl = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe /waitservice ()
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Logman = C:\DOCUME~1\BOLD\LOCALS~1\Temp\logman.exe /waitservice File not found
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Spool = C:\WINDOWS\System32\drivers\spoolsv.exe /waitservice ()
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: rsvp = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\rsvp.exe /waitservice ()
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ClipSrv = C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice ()
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Cisvc = C:\DOCUME~1\BOLD\LOCALS~1\Temp\cisvc.exe /waitservice File not found
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: CmSTP = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice ()
O7 - HKU\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Esent Utl = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\MICROS~1\esentutl.exe /waitservice ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot S&D\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 8389455359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\BOLD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BOLD\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 13:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/06 13:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Local Settings\Application Data\RustemSoft
[2010/04/06 13:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\RustemSoft
[2010/04/06 12:20:52 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BOLD\Desktop\OTL.exe
[2010/04/05 15:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad
[2010/04/05 07:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/05 07:38:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 07:38:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 07:38:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 07:38:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/03 09:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\World Creator
[2010/04/03 09:51:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BOLD\Recent
[2010/04/02 11:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Application Data\OpenOffice.org
[2010/04/02 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/02 11:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/02 11:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/02 08:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\CompareIt
[2010/03/31 23:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Application Data\BitDefender
[2010/03/29 23:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\VDMSound
[2010/03/27 14:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2010/03/27 14:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2010/03/27 14:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2010/03/24 14:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\thriXXX
[2010/03/17 22:30:43 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/17 12:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/16 11:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/11 23:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Local Settings\Application Data\none
[2010/03/11 08:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/06/30 13:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/30 12:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/14 07:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/11 09:09:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/05/11 09:09:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/11 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/11 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/06 21:41:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2639425400-4150335791-2106716870-1006UA.job
[2010/04/06 21:41:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2639425400-4150335791-2106716870-1006Core.job
[2010/04/06 21:31:22 | 000,000,466 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/04/06 21:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/06 20:03:44 | 000,052,592 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/06 15:31:47 | 000,052,592 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/04/06 12:20:52 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BOLD\Desktop\OTL.exe
[2010/04/06 12:20:45 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\BOLD\Desktop\CKScanner.exe
[2010/04/06 12:17:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/06 11:55:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/05 23:29:49 | 014,417,920 | -H-- | M] () -- C:\Documents and Settings\BOLD\NTUSER.DAT
[2010/04/05 09:26:54 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/05 07:38:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/05 07:38:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 07:38:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 07:38:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 07:38:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 07:16:23 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/04/05 07:16:21 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/05 07:16:21 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/05 07:16:21 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/05 07:15:15 | 000,000,718 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/05 07:15:12 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/05 07:14:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 07:11:51 | 002,078,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/05 07:11:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 07:11:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 07:11:27 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/05 00:47:55 | 014,939,306 | -H-- | M] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\IconCache.db
[2010/04/04 22:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/04/02 00:18:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\BOLD\ntuser.ini
[2010/04/01 21:08:45 | 000,002,570 | ---- | M] () -- C:\Documents and Settings\BOLD\My Documents\mfc.jpg
[2010/04/01 18:21:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/01 17:51:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/03/30 20:42:47 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/03/30 12:28:39 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\BOLD\My Documents\Invoice - Chris Bold 3-24-10.doc
[2010/03/28 21:35:54 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\BOLD\Desktop\todo.doc
[2010/03/27 14:50:05 | 000,002,645 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2010/03/27 14:47:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp
[2010/03/27 14:47:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp
[2010/03/25 21:18:54 | 000,152,064 | ---- | M] () -- C:\Documents and Settings\BOLD\My Documents\A REPORT ON HELEN KELLER BY ROWAN LASKY.doc
[2010/03/23 01:58:25 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\BOLD\My Documents\584109eb_Fudgonaut.sav
[2010/03/21 13:03:53 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/03/17 23:03:02 | 000,380,737 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/17 22:35:14 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/17 22:31:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/17 21:40:22 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2010/03/15 12:50:57 | 000,033,416 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/08 15:08:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/08 15:08:42 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/03/08 12:27:32 | 021,785,600 | ---- | M] () -- C:\Documents and Settings\BOLD\My Documents\Burning-Man-Pictures.doc
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/06 12:20:45 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\BOLD\Desktop\CKScanner.exe
[2010/04/01 21:08:45 | 000,002,570 | ---- | C] () -- C:\Documents and Settings\BOLD\My Documents\mfc.jpg
[2010/03/30 12:28:39 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\BOLD\My Documents\Invoice - Chris Bold 3-24-10.doc
[2010/03/28 21:33:17 | 000,095,744 | ---- | C] () -- C:\WINDOWS\sessmgr.exe
[2010/03/27 14:47:53 | 000,002,645 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2010/03/27 14:47:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp
[2010/03/27 14:47:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp
[2010/03/25 21:15:08 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\BOLD\My Documents\A REPORT ON HELEN KELLER BY ROWAN LASKY.doc
[2010/03/23 01:53:05 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\BOLD\My Documents\584109eb_Fudgonaut.sav
[2010/03/17 22:31:09 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/03/09 09:20:53 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Application Data\spoolsv.exe
[2010/03/08 15:06:41 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System\rsvp.exe
[2010/03/08 12:27:30 | 021,785,600 | ---- | C] () -- C:\Documents and Settings\BOLD\My Documents\Burning-Man-Pictures.doc
[2010/02/20 10:46:43 | 000,000,025 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2010/02/08 08:52:29 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Application Data\mstsc.exe
[2010/02/05 22:00:15 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\mstsc.exe
[2010/01/29 11:34:05 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\rsvp.exe
[2010/01/29 11:34:04 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Application Data\logman.exe
[2010/01/22 08:54:52 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Application Data\cisvc.exe
[2010/01/21 17:16:05 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\logman.exe
[2010/01/21 17:15:43 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Application Data\dllhst3g.exe
[2010/01/21 01:04:21 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\clipsrv.exe
[2010/01/20 08:44:21 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\ieudinit.exe
[2010/01/15 00:17:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/28 11:48:59 | 000,743,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/23 17:47:55 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/11/23 13:47:57 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/11/23 13:47:57 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/11/23 13:47:12 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/11/23 13:47:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/11/16 10:30:17 | 000,005,511 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2009/11/16 01:10:45 | 000,000,466 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/16 01:10:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/11/15 23:28:15 | 000,000,148 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/11/15 23:28:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/11/15 23:28:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/11/15 23:28:14 | 000,020,605 | ---- | C] () -- C:\WINDOWS\HL-4070CDW.INI
[2009/11/15 23:27:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/11/15 23:27:54 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/11/15 22:35:25 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2009/11/15 22:35:25 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/31 13:13:45 | 000,000,714 | ---- | C] () -- C:\WINDOWS\Edofma.INI
[2009/10/22 19:10:26 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/22 19:10:25 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\BOLD\Application Data\PnkBstrK.sys
[2009/09/24 13:51:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\PUTTY.RND
[2009/09/21 16:48:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/09/21 16:48:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/09/21 16:48:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/09/21 16:48:25 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/09/21 16:48:25 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/09/21 16:48:25 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2009/09/16 17:51:23 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/16 17:51:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/09/16 17:51:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/09/16 17:51:21 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/16 17:51:21 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/16 17:51:20 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/16 17:51:19 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/22 00:07:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/14 19:24:03 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/05/04 21:36:53 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2009/04/26 21:42:47 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/04/26 08:06:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/04/25 13:33:17 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/25 10:25:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/04/25 10:25:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/04/25 10:25:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/04/24 15:19:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\w32apiw.dll
[2009/04/24 13:17:56 | 000,000,025 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2009/04/24 13:15:43 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
[2009/04/24 12:18:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/24 10:40:04 | 014,417,920 | -H-- | C] () -- C:\Documents and Settings\BOLD\NTUSER.DAT
[2009/04/24 10:40:04 | 000,036,864 | -H-- | C] () -- C:\Documents and Settings\BOLD\ntuser.dat.LOG
[2009/04/24 10:40:04 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\BOLD\ntuser.ini
[2009/04/24 10:39:47 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/04/17 04:30:57 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/17 01:52:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/17 01:44:37 | 000,000,279 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/17 01:42:04 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/04/17 01:42:03 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/25 14:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

The OTL extras file:

OTL Extras logfile created on: 4/6/2010 9:55:37 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\BOLD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 111.92 Gb Free Space | 37.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOLD_LAPTOP
Current User Name: BOLD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Games\UT3\Binaries\UT3.exe" = C:\Games\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"C:\Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Games\TmUnitedForever\TmForever.exe" = C:\Games\TmUnitedForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Games\AoE3\age3x.exe" = C:\Games\AoE3\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Games\AoE3\age3y.exe" = C:\Games\AoE3\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"C:\Games\BF1942\BF1942.exe" = C:\Games\BF1942\BF1942.exe:*:Enabled:BF1942 -- ()
"C:\Games\UT3\Binaries\UnrealConsole.exe" = C:\Games\UT3\Binaries\UnrealConsole.exe:*:Enabled:UnrealConsole -- (Epic Games)
"C:\Games\UT\System\UnrealTournament.exe" = C:\Games\UT\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- ()
"C:\Program Files\Google\Google SketchUp 7\SketchUp.exe" = C:\Program Files\Google\Google SketchUp 7\SketchUp.exe:*:Disabled:SketchUp Application -- (Google, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Games\NWN2\nwn2main.exe" = C:\Games\NWN2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Games\NWN2\nwn2main_amdxp.exe" = C:\Games\NWN2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Games\NWN2\nwupdate.exe" = C:\Games\NWN2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Games\NWN2\nwn2server.exe" = C:\Games\NWN2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Games\GTA4\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Games\GTA4\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- ()
"C:\Games\GTA4\Grand Theft Auto IV\GTAIV.exe" = C:\Games\GTA4\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\DOCUME~1\BOLD\LOCALS~1\Temp\~temp\mlp232\mdm.exe" = C:\DOCUME~1\BOLD\LOCALS~1\Temp\~temp\mlp232\mdm.exe:*:Enabled:UpdateWizzard -- ()
"C:\DOCUME~1\BOLD\LOCALS~1\Temp\~temp\mlp239\mdm.exe" = C:\DOCUME~1\BOLD\LOCALS~1\Temp\~temp\mlp239\mdm.exe:*:Enabled:UpdateWizzard -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0C8F5A16-1A6D-405B-A31E-C79B2C7CDA26}" = Screencaster Plug-in for FF
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A621A2F-98F6-4373-89A2-8ED16076990A}" = WinRez LT Studio
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E002EAE-2F9D-4071-B65B-E19ABB1C297A}" = Brother HL-4070CDW
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{362C6A81-4C88-4B26-8C79-B2EE0076F65F}" = Wolfenstein(TM) 1.11 Patch
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{47D511E4-CF3F-45D4-90A0-B02E086A889C}" = Aliens vs. Predator 2 Tools
"{48E15C9C-E25C-40AD-A46B-AB270729B9B9}" = Google SketchUp Pro 7
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6BF81CE7-3D5A-497F-8912-2A65A0253E1B}" = Beyond Good & Evil
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E0F42A8-AC7D-4557-8D8F-49918C543ABF}" = BitDefender Antivirus 2009
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0900)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Ultra Edition
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95264530-5A22-8E7E-FE9D-D63A927BCAEA}" = Adobe Media Player
"{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A746CE98-A755-4AD7-B4B8-346DC74CDECD}" = OVT Scanner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBD40517-2A65-4683-A164-E1F1E5770BAB}" = Battlecraft 1942
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3AE9DA1-2E44-4F11-803E-20977F0FE6B9}" = Safari
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{D3941722-C4DD-4509-88C4-0E87F675A859}_is1" = Freeplane
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED264BD6-724B-4300-9C5F-EC4F2F01F647}" = The Suffering: Ties That Bind
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19082BE-3928-40B8-B985-C6E230010912}_is1" = Karaoke CD+G Creator
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{f827bbee-510d-4dc4-bc62-83c8104285f5}" = Nero 9
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC272B66-8372-49EF-A642-28CAD2B9EAC9}" = Tron 2.0
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"AC3Filter_is1" = AC3Filter 1.61b
"Active Desktop Calendar_is1" = Active Desktop Calendar 7.75
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Advanced Video FX Engine" = Advanced Video FX Engine
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Celtx (2.7)" = Celtx (2.7)
"Col. Cruachan's RFA Explorer" = Col. Cruachan's RFA Explorer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Compare It!_is1" = Compare It!
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DragonUnPACKer5_is1" = Dragon UnPACKer 5
"Dungeon Siege II Tool Kit_is1" = Dungeon Siege II Tool Kit 1.1
"DungeonSiege2" = Dungeon Siege 2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"eMule" = eMule
"EphPod" = EphPod
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"FileZilla Client" = FileZilla Client 3.3.2.1
"Font Xplorer" = Font Xplorer 1.2.2
"Game Maker 8.0" = Game Maker 8.0
"Google Updater" = Google Updater
"Halo" = Microsoft Halo
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist
"InstallShield_{362C6A81-4C88-4B26-8C79-B2EE0076F65F}" = Wolfenstein(TM) 1.11 Patch
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nCleaner" = nCleaner second 2.3.4.0
"New AoE3 Editor 2" = New AoE3 Editor 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OVT Scanner" = Uninstall OVT Scanner
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"Renamer_is1" = Renamer 1.1
"Rmtablet" = USB Tablet Manager
"SeriousSam2" = Serious Sam 2
"Smart Defrag_is1" = Smart Defrag
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SShockDeinstallKey" = System Shock2
"Steam App 211" = Source SDK
"Steam App 340" = Half-Life 2: Lost Coast
"SuperNotecard for Scriptwriting" = SuperNotecard for Scriptwriting 1.9
"TagScanner_is1" = TagScanner 5.0 build 532
"TmUnitedForever_is1" = TmUnitedForever
"Tomb Raider: Legend" = Tomb Raider:ver
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VDMSound" = VDMSound
"VST Bridge_is1" = VST Bridge 1.1
"VUE" = VUE 3.0
"Warzone 2100" = Warzone 2100
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World Creator v1.5 Freeware" = World Creator v1.5 Freeware
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-Lite 1.5_is1" = X-Lite 3.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2639425400-4150335791-2106716870-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2010 1:27:43 PM | Computer Name = BOLD_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 4.528.17.0, faulting module
corefoundation.dll, version 1.510.21.0, fault address 0x00054e62.

Error - 3/15/2010 3:34:16 PM | Computer Name = BOLD_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 4.528.17.0, faulting module
pubsubdll.dll, version 1.65.6.3, fault address 0x0002f634.

Error - 3/18/2010 5:34:11 AM | Computer Name = BOLD_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.1, faulting module mshtml.dll,
version 8.0.6001.18876, fault address 0x000a2077.

Error - 3/19/2010 4:00:32 PM | Computer Name = BOLD_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.1, faulting module mshtml.dll,
version 8.0.6001.18876, fault address 0x000a2077.

Error - 3/21/2010 7:42:48 AM | Computer Name = BOLD_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.1, faulting module mshtml.dll,
version 8.0.6001.18876, fault address 0x000a2077.

Error - 3/23/2010 5:00:58 AM | Computer Name = BOLD_LAPTOP | Source = MsiInstaller | ID = 10005
Description = Product: Tinker -- Error 25580. Cannot connect to Windows Firewall.
(-2147023143 )

Error - 3/24/2010 10:20:58 AM | Computer Name = BOLD_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application csrss.exe, version 1.0.0.1, faulting module mshtml.dll,
version 8.0.6001.18876, fault address 0x000a2077.

Error - 3/26/2010 3:39:54 AM | Computer Name = BOLD_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 1.0.0.1, faulting module mshtml.dll,
version 8.0.6001.18876, fault address 0x000a2077.

Error - 3/30/2010 11:44:44 PM | Computer Name = BOLD_LAPTOP | Source = MsiInstaller | ID = 11316
Description = Product: BitDefender Antivirus 2009 -- Error 1316. A network error
occurred while attempting to read from the file: C:\WINDOWS\Installer\bdav.msi

Error - 4/5/2010 12:53:25 PM | Computer Name = BOLD_LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
d3d9.dll, version 5.3.2600.5512, fault address 0x00103a6b.

[ System Events ]
Error - 4/2/2010 9:46:37 PM | Computer Name = BOLD_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/2/2010 10:13:53 PM | Computer Name = BOLD_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/3/2010 11:21:17 AM | Computer Name = BOLD_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/3/2010 2:25:43 PM | Computer Name = BOLD_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/3/2010 2:26:29 PM | Computer Name = BOLD_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/4/2010 3:05:52 PM | Computer Name = BOLD_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/4/2010 3:06:22 PM | Computer Name = BOLD_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/5/2010 10:11:49 AM | Computer Name = BOLD_LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address 00242BC72E93 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/5/2010 12:26:59 PM | Computer Name = BOLD_LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/6/2010 1:24:08 PM | Computer Name = BOLD_LAPTOP | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).


< End of report >
Bold
Active Member
 
Posts: 8
Joined: April 1st, 2010, 11:56 pm

Re: Background program keeps de-selecting my current application

Unread postby deltalima » April 7th, 2010, 4:22 am

Hi Bold,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    BitTorrent
    BitTorrent DNA


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Now please run CKScanner again and post the contents of CKFiles.txt, if the file is blank then please post the exact contents of the results window after the scan has completed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Background program keeps de-selecting my current application

Unread postby Bold » April 7th, 2010, 3:41 pm

Thanks deltalima,

I removed the p2p programs and re-ran CKScanner, the .txt file still comes up empty. Could there be something else preventing the CKScanner output?
Bold
Active Member
 
Posts: 8
Joined: April 1st, 2010, 11:56 pm

Re: Background program keeps de-selecting my current application

Unread postby deltalima » April 7th, 2010, 3:50 pm

Bold wrote:Thanks deltalima,

I removed the p2p programs and re-ran CKScanner, the .txt file still comes up empty. Could there be something else preventing the CKScanner output?


What text is displayed in the white box to the right of the CKScanner window once the scan has completed ?

It should start with CKScanner - Additional Security Risks
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Background program keeps de-selecting my current application

Unread postby Bold » April 7th, 2010, 9:04 pm

Apologies deltalima, it was user error. Here you go:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\games\mame\roms\cracksht.zip
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel
c:\program files\autodesk\maya2009\brushes\fun\cracks.mel.icon
c:\program files\autodesk\maya2009\docs\maya2009\en_us\files\uv_texture_mapping_creating_a_cracker_box_model.htm
c:\program files\autodesk\maya2009\scripts\others\crackshatter.mel
c:\program files\autodesk\maya2009\scripts\others\crackshatter.res.mel
scanner sequence 3.ED.11
----- EOF -----
Bold
Active Member
 
Posts: 8
Joined: April 1st, 2010, 11:56 pm

Re: Background program keeps de-selecting my current application

Unread postby deltalima » April 8th, 2010, 7:47 am

Hi Bold,

Please remove the program Spybot - Search & Destroy , it will interfere with our fixes and can be reinstalled later if still required.

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Spybot - Search & Destroy
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\sessmgr.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Now please run a new OTL scan and post just the OTL.txt log along with the RKill log, the Malwarebytes log and the results from the Virustotal scan.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Background program keeps de-selecting my current application

Unread postby Bold » April 8th, 2010, 11:53 pm

Thanks...I followed all the steps and here are the four logs.

OTL.txt
OTL logfile created on: 4/8/2010 1:46:55 PM - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\BOLD\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 110.65 Gb Free Space | 37.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOLD_LAPTOP
Current User Name: BOLD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\BOLD\Local Settings\Temp\~temp\hmbst27\lsass.exe (TODO: <Company name>)
PRC - C:\Documents and Settings\BOLD\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare\AWC.exe (IObit)
PRC - C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\BOLD\Local Settings\Application Data\clipsrv.exe ()
PRC - C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe ()
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)
PRC - C:\Program Files\IObit\Advanced SystemCare\Sup_SmartRAM.exe (IObit)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ATWTUSB.EXE ()
PRC - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\BOLD\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\XemiComputers\Active Desktop Calendar\MouseHook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender SRL)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe ()
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (dfmirage) -- C:\WINDOWS\system32\drivers\dfmirage.sys (DemoForge, LLC)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys ()
DRV - (adfs) -- C:\WINDOWS\system32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (OEM13Vid) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys (Creative Technology Ltd.)
DRV - (OEM13Vfx) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM13Afx) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys (Creative Technology Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (APL531) -- C:\WINDOWS\system32\drivers\ov550i.sys (Omnivision Technologies, Inc.)
DRV - (aiptektp) -- C:\WINDOWS\system32\drivers\aiptektp.sys (WALTOP International Corp.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\lmouflt2.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.)
DRV - (tandpl) -- C:\WINDOWS\system32\drivers\tandpl.sys ()
DRV - (enodpl) -- C:\WINDOWS\system32\drivers\enodpl.sys ()
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2010/03/30 20:44:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/31 20:07:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 20:07:12 | 000,000,000 | ---D | M]

[2010/01/22 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Extensions
[2010/01/22 12:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Extensions\celtx@celtx.com
[2010/04/07 18:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions
[2009/11/19 17:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/07/31 16:50:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/18 15:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions\firebug@software.joehewitt.com
[2010/03/18 15:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\BOLD\Application Data\Mozilla\Firefox\Profiles\fq7elrhe.default\extensions\staged-xpis
[2010/04/07 18:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/12 09:14:47 | 000,065,536 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/09/22 14:14:24 | 000,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npDimdimControl.dll
[2006/08/09 03:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npWebLaunch.dll

O1 HOSTS File: ([2010/03/17 23:03:02 | 000,380,737 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 13117 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [atwtusb] C:\WINDOWS\System32\ATWTUSB.EXE ()
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKCU..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe (XemiComputers ltd.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare\AWC.exe (IObit)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare\Sup_SmartRAM.exe (IObit)
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.DLL (Microsoft Corporation)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe) - C:\Documents and Settings\BOLD\Application Data\Microsoft\dllhst3g.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ClipSrv = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DllHst = C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ClipSrv = C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 8389455359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\BOLD\Application Data\XemiComputers\Active Desktop Calendar\Desktop\Active Desktop Calendar.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\BOLD\Application Data\XemiComputers\Active Desktop Calendar\Desktop\Active Desktop Calendar.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 13:33:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Application Data\Malwarebytes
[2010/04/08 13:33:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/08 13:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/08 13:33:09 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 13:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/08 13:01:22 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BOLD\Desktop\TFC.exe
[2010/04/07 15:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Application Data\Free Download Manager
[2010/04/07 15:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2010/04/07 15:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2010/04/06 13:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Local Settings\Application Data\RustemSoft
[2010/04/06 13:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\RustemSoft
[2010/04/06 12:20:52 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\BOLD\Desktop\OTL.exe
[2010/04/05 15:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad
[2010/04/05 07:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/05 07:38:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 07:38:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 07:38:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 07:38:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/03 09:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\World Creator
[2010/04/03 09:51:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\BOLD\Recent
[2010/04/02 11:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Application Data\OpenOffice.org
[2010/04/02 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/04/02 11:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/04/02 11:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/02 08:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\CompareIt
[2010/03/31 23:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Application Data\BitDefender
[2010/03/29 23:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\VDMSound
[2010/03/27 14:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2010/03/27 14:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2010/03/27 14:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2010/03/24 14:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\thriXXX
[2010/03/17 22:30:43 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/17 12:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/16 11:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/11 23:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\BOLD\Local Settings\Application Data\none
[2010/03/11 08:52:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/06/30 13:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/30 12:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/14 07:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/11 09:09:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/05/11 09:09:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/11 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/11 09:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/08 13:47:53 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/08 13:47:53 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/08 13:47:53 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/08 13:44:21 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/04/08 13:43:49 | 000,052,592 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/04/08 13:43:47 | 000,000,718 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/08 13:43:44 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/08 13:43:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 13:43:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/08 13:43:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/08 13:43:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 13:43:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/08 13:43:15 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/08 13:42:33 | 014,417,920 | -H-- | M] () -- C:\Documents and Settings\BOLD\NTUSER.DAT
[2010/04/08 13:42:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\BOLD\ntuser.ini
[2010/04/08 13:42:08 | 016,009,518 | -H-- | M] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\IconCache.db
[2010/04/08 13:41:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2639425400-4150335791-2106716870-1006UA.job
[2010/04/08 13:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/08 13:03:28 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\BOLD\Desktop\rkill.exe
[2010/04/08 13:01:22 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BOLD\Desktop\TFC.exe
[2010/04/08 08:34:25 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 07:39:02 | 000,000,466 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/04/07 21:41:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2639425400-4150335791-2106716870-1006Core.job
[2010/04/07 16:40:27 | 000,052,592 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/04/06 12:20:52 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\BOLD\Desktop\OTL.exe
[2010/04/06 12:20:45 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\BOLD\Desktop\CKScanner.exe
[2010/04/05 07:38:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/05 07:38:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 07:38:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 07:38:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 07:38:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 07:11:51 | 002,078,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/04 22:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/04/01 21:08:45 | 000,002,570 | ---- | M] () -- C:\Documents and Settings\BOLD\My Documents\mfc.jpg
[2010/04/01 18:21:56 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/01 17:51:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/03/30 20:42:47 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2010/03/30 12:28:39 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\BOLD\My Documents\Invoice - Chris Bold 3-24-10.doc
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 21:35:54 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\BOLD\Desktop\todo.doc
[2010/03/27 14:50:05 | 000,002,645 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2010/03/27 14:47:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp
[2010/03/27 14:47:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp
[2010/03/25 21:18:54 | 000,152,064 | ---- | M] () -- C:\Documents and Settings\BOLD\My Documents\A REPORT ON HELEN KELLER BY ROWAN LASKY.doc
[2010/03/23 01:58:25 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\BOLD\My Documents\584109eb_Fudgonaut.sav
[2010/03/21 13:03:53 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2010/03/17 23:03:02 | 000,380,737 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/17 22:35:14 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/17 22:31:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/17 21:40:22 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2010/03/15 12:50:57 | 000,033,416 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

========== Files Created - No Company Name ==========

[2010/04/08 13:03:28 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\BOLD\Desktop\rkill.exe
[2010/04/06 12:20:45 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\BOLD\Desktop\CKScanner.exe
[2010/04/01 21:08:45 | 000,002,570 | ---- | C] () -- C:\Documents and Settings\BOLD\My Documents\mfc.jpg
[2010/03/30 12:28:39 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\BOLD\My Documents\Invoice - Chris Bold 3-24-10.doc
[2010/03/28 21:33:17 | 000,095,744 | ---- | C] () -- C:\WINDOWS\sessmgr.exe
[2010/03/27 14:47:53 | 000,002,645 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2010/03/27 14:47:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp
[2010/03/27 14:47:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp
[2010/03/25 21:15:08 | 000,152,064 | ---- | C] () -- C:\Documents and Settings\BOLD\My Documents\A REPORT ON HELEN KELLER BY ROWAN LASKY.doc
[2010/03/23 01:53:05 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\BOLD\My Documents\584109eb_Fudgonaut.sav
[2010/03/17 22:31:09 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/02/20 10:46:43 | 000,000,025 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2010/02/05 22:00:15 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\mstsc.exe
[2010/01/22 08:54:52 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Application Data\cisvc.exe
[2010/01/21 17:16:05 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\logman.exe
[2010/01/21 01:04:21 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\clipsrv.exe
[2010/01/20 08:44:21 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\ieudinit.exe
[2010/01/15 00:17:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/28 11:48:59 | 000,743,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/23 17:47:55 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/11/23 13:47:57 | 000,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/11/23 13:47:57 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/11/23 13:47:12 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/11/23 13:47:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/11/16 10:30:17 | 000,005,511 | ---- | C] () -- C:\WINDOWS\aiptbl.ini
[2009/11/16 01:10:45 | 000,000,466 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/16 01:10:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/11/15 23:28:15 | 000,000,148 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2009/11/15 23:28:15 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/11/15 23:28:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/11/15 23:28:14 | 000,020,605 | ---- | C] () -- C:\WINDOWS\HL-4070CDW.INI
[2009/11/15 23:27:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/11/15 23:27:54 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/11/15 22:35:25 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys
[2009/11/15 22:35:25 | 000,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/31 13:13:45 | 000,000,714 | ---- | C] () -- C:\WINDOWS\Edofma.INI
[2009/10/22 19:10:26 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/10/22 19:10:25 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\BOLD\Application Data\PnkBstrK.sys
[2009/09/24 13:51:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\PUTTY.RND
[2009/09/21 16:48:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/09/21 16:48:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/09/21 16:48:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/09/21 16:48:25 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/09/21 16:48:25 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/09/21 16:48:25 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2009/09/16 17:51:23 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/16 17:51:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/09/16 17:51:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/09/16 17:51:21 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/09/16 17:51:21 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/16 17:51:20 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/09/16 17:51:19 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/22 00:07:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/14 19:24:03 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/05/04 21:36:53 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2009/04/26 21:42:47 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/04/26 08:06:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/04/25 13:33:17 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\BOLD\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/25 10:25:01 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/04/25 10:25:01 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/04/25 10:25:01 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/04/24 15:19:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\w32apiw.dll
[2009/04/24 13:17:56 | 000,000,025 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2009/04/24 13:15:43 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.311018984119889580931149468956
[2009/04/24 12:18:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/24 10:40:04 | 014,417,920 | -H-- | C] () -- C:\Documents and Settings\BOLD\NTUSER.DAT
[2009/04/24 10:40:04 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\BOLD\ntuser.dat.LOG
[2009/04/24 10:40:04 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\BOLD\ntuser.ini
[2009/04/24 10:39:47 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/04/17 04:30:57 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/17 01:52:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/17 01:44:37 | 000,000,279 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/17 01:42:04 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/04/17 01:42:03 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/25 14:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

RKill.log
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as BOLD on 04/08/2010 at 13:29:49.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\BOLD\Desktop\rkill.exe


Rkill completed on 04/08/2010 at 13:29:52.

Malwarebytes.log
Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Database version: 3970

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/8/2010 1:41:39 PM
mbam-log-2010-04-08 (13-41-39).txt

Scan type: Quick scan
Objects scanned: 110995
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 14
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 140

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\bisoft (Worm.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sK9Ou0s (Worm.Bagle) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cmstp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mstsc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cmstp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Rodecap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Rodecap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\BOLD\Application Data\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23611062.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23680796.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23757812.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23758609.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23758656.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23782250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23782531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23782546.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23815156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23818000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23819875.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23865312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23867656.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23868046.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23868640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23869609.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23896781.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23898156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23898375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23961031.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\23961671.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\24052390.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\24055562.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\24057671.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\24108625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\24112656.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\24113796.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\24143843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\24144484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38718187.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38718234.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38718250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38803453.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38803515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38803531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38838687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38841281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38843078.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38883156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38884406.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38884781.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38885375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38885390.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38917625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38918250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38918437.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38968890.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38968937.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38975859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38976812.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\38977250.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\39025906.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\39028484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\39030296.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\39040953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\39041578.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\39041750.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53527515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53528625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53618281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53618359.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53618375.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53639671.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53639703.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53700140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53700156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53709640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53711703.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53713468.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53752046.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53753406.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53753843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53754437.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53754484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53754515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53776390.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53779859.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53780078.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53837218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53837296.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53837312.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53843843.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53844515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53845046.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53981796.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53983015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53984015.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53992656.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53993218.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\53993390.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68538671.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68539468.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68560125.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68560500.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68560515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68580046.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68580062.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68580078.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68589796.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68592281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68594078.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68612968.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68632062.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68633687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68634062.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68634640.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68635578.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68635593.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68659421.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68661281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68661484.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68708281.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68708953.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68730406.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68731171.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68731625.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68782546.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68784515.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68785203.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68793156.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68793734.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\drivers\downld\68793921.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\Microsoft\cmstp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\dllhst3g.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\logman.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\Microsoft\logman.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\Microsoft\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\mstsc.exe (Trojan.Zaplo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spoolsv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\cisvc.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\esentutl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Local Settings\Application Data\Microsoft\cmstp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Local Settings\Application Data\Microsoft\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Local Settings\Application Data\Microsoft\esentutl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Local Settings\Application Data\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\BOLD\Application Data\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

VirusTotal.txt
File sessmgr.exe received on 2010.04.08 20:02:26 (UTC)
Current status: finished
Result: 24/39 (61.54%)
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.08 Trojan.Win32.Cosmu!IK
AhnLab-V3 5.0.0.2 2010.04.08 -
AntiVir 7.10.6.49 2010.04.08 TR/Downloader.Gen
Antiy-AVL 2.0.3.7 2010.04.08 -
Authentium 5.2.0.5 2010.04.08 W32/Horst.C.gen!Eldorado
Avast 4.8.1351.0 2010.04.08 Win32:Rodecap
Avast5 5.0.332.0 2010.04.08 Win32:Rodecap
AVG 9.0.0.787 2010.04.08 -
BitDefender 7.2 2010.04.08 -
CAT-QuickHeal 10.00 2010.04.08 -
ClamAV 0.96.0.3-git 2010.04.08 -
Comodo 4541 2010.04.08 TrojWare.Win32.Scar.~d002
DrWeb 5.0.2.03300 2010.04.08 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7414 2010.04.08 Win32/Alureon.AOO
F-Prot 4.5.1.85 2010.04.08 W32/Horst.C.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.08 Trojan:W32/Cosmu.gen!A
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.08 Win32:Rodecap
Ikarus T3.1.1.80.0 2010.04.08 Trojan.Win32.Cosmu
Jiangmin 13.0.900 2010.04.08 -
Kaspersky 7.0.0.125 2010.04.08 -
McAfee-GW-Edition 6.8.5 2010.04.08 Heuristic.BehavesLike.Win32.Downloader.H
Microsoft 1.5605 2010.04.08 Trojan:Win32/Rodecap.A
NOD32 5011 2010.04.08 a variant of Win32/Rodecap.AA
Norman 6.04.11 2010.04.08 W32/Malware
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.08 Trj/Genetic.gen
PCTools 7.0.3.5 2010.04.08 -
Prevx 3.0 2010.04.08 High Risk Fraudulent Security Program
Rising 22.42.03.03 2010.04.08 Trojan.DL.Win32.Downloader.GEN
Sophos 4.52.0 2010.04.08 -
Sunbelt 6152 2010.04.08 BehavesLike.Win32.Malware (v)
Symantec 20091.2.0.41 2010.04.08 Suspicious.Insight
TheHacker 6.5.2.0.258 2010.04.08 Trojan/Downloader.gen
TrendMicro 9.120.0.1004 2010.04.08 TROJ_HORST.SMPE
VBA32 3.12.12.4 2010.04.05 suspected of Win32.Trojan.Downloader (http://...)
ViRobot 2010.4.8.2267 2010.04.08 -
VirusBuster 5.0.27.0 2010.04.08 Trojan.Cosmu.Gen
Additional information
File size: 95744 bytes
MD5...: 31f7b5efc5be13e3356998a6efb6e294
SHA1..: 7a85bb36a7764a247e7d8d498abac03e1d39df13
SHA256: 60717386ee8d67c9d4b9f4b108d420758590a6e91460b20e5bbf430cd681bd46
ssdeep: 1536:kCFq5HscoGGL+SduGnEiGjyAAe0AbwmlqY5N:kyq5HsiUuWIUAvlqY5N
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xaa03
timedatestamp.....: 0x4b572471 (Wed Jan 20 15:42:41 2010)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12a49 0x12c00 6.46 2f90ccdb2fe22ec98bf14a34f6769d02
.rdata 0x14000 0x33e2 0x3400 5.58 1608942614d058e636f4ae6defccf3b6
.data 0x18000 0x8ca0 0x1200 2.31 bad2eb94ee34cb3647b4c158f395b42d

( 7 imports )
> USER32.dll: GetWindow, GetSystemMetrics, CreateAcceleratorTableA
> ADVAPI32.dll: OpenProcessToken, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegDisablePredefinedCache, RegEnumKeyExA, LookupAccountSidA, GetTokenInformation, RegCloseKey, RegEnumValueA, RegOpenKeyExA
> PSAPI.DLL: GetDeviceDriverBaseNameA, GetPerformanceInfo, EnumDeviceDrivers
> WS2_32.dll: -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: TlsAlloc, FlushFileBuffers, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, HeapReAlloc, CloseHandle, GetTickCount, SetErrorMode, GetWindowsDirectoryA, GetVolumeInformationA, DeviceIoControl, GetCurrentDirectoryA, SetFileTime, WriteFile, CreateFileA, ExitProcess, CreateMutexA, OpenMutexA, Sleep, CreateProcessA, GetEnvironmentVariableA, GetShortPathNameA, GetCurrentProcess, MultiByteToWideChar, GetModuleFileNameA, SetEnvironmentVariableA, CopyFileA, SetFileAttributesA, GetLastError, CreateDirectoryA, CreateThread, GetLocalTime, GetDriveTypeA, GetLogicalDriveStringsA, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, RtlUnwind, GetCommandLineA, GetStartupInfoA, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetStdHandle, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, LoadLibraryA, InitializeCriticalSectionAndSpinCount, HeapFree, HeapAlloc, RaiseException, HeapSize, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapCreate, VirtualFree, QueryPerformanceCounter, GetCurrentProcessId, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, SetFilePointer, GetConsoleCP, GetConsoleMode, GetLocaleInfoA, VirtualAlloc

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=6A61DDBC004E5D3F7690018B47765B00F1D5DCE7' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=6A61DDBC004E5D3F7690018B47765B00F1D5DCE7</a>


Note: although some of these applications removed several pieces of malware I did not know of, my original problem still persists.

Thanks for your continuing help!
Bold
Active Member
 
Posts: 8
Joined: April 1st, 2010, 11:56 pm

Re: Background program keeps de-selecting my current application

Unread postby deltalima » April 9th, 2010, 5:16 am

Hi Bold,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    clipsrv.exe
    :otl
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    F3 - HKCU WinNT: Load - (C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe) - C:\Documents and Settings\BOLD\Application Data\Microsoft\dllhst3g.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ClipSrv = C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DllHst = C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: ClipSrv = C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice ()
    :files
    C:\Documents and Settings\BOLD\Local Settings\Application Data\mstsc.exe
    C:\Documents and Settings\BOLD\Application Data\cisvc.exe
    C:\Documents and Settings\BOLD\Local Settings\Application Data\logman.exe
    C:\Documents and Settings\BOLD\Local Settings\Application Data\clipsrv.exe
    C:\Documents and Settings\BOLD\Local Settings\Application Data\ieudinit.exe
    C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe
    C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\clipsrv.exe
    C:\Documents and Settings\BOLD\Local Settings\Temp\~temp\hmbst27\lsass.exe
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please run a quick scan with Malwarebytes and post the log along with the report from OTL.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Background program keeps de-selecting my current application

Unread postby Bold » April 10th, 2010, 1:45 pm

OTL report:
All processes killed
========== PROCESSES ==========
No active process named clipsrv.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

C:\Documents and Settings\BOLD\Application Data\Microsoft\dllhst3g.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ClipSrv deleted successfully.
C:\Documents and Settings\BOLD\Local Settings\Application Data\clipsrv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\DllHst deleted successfully.
File C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe /waitservice not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\ClipSrv deleted successfully.
C:\WINDOWS\System32\drivers\clipsrv.exe moved successfully.
========== FILES ==========
C:\Documents and Settings\BOLD\Local Settings\Application Data\mstsc.exe moved successfully.
C:\Documents and Settings\BOLD\Application Data\cisvc.exe moved successfully.
C:\Documents and Settings\BOLD\Local Settings\Application Data\logman.exe moved successfully.
File\Folder C:\Documents and Settings\BOLD\Local Settings\Application Data\clipsrv.exe not found.
C:\Documents and Settings\BOLD\Local Settings\Application Data\ieudinit.exe moved successfully.
File\Folder C:\DOCUME~1\BOLD\APPLIC~1\MICROS~1\dllhst3g.exe not found.
File\Folder C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\clipsrv.exe not found.
C:\Documents and Settings\BOLD\Local Settings\Temp\~temp\hmbst27\lsass.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: BOLD
->Temp folder emptied: 2318304 bytes
->Temporary Internet Files folder emptied: 26341067 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84915886 bytes
->Google Chrome cache emptied: 9514317 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3005 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2705 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 117.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04102010_102913

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


MalwareBytes report:
Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Database version: 3970

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/10/2010 10:41:59 AM
mbam-log-2010-04-10 (10-41-59).txt

Scan type: Quick scan
Objects scanned: 110440
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks again deltalima - I can't express how grateful I am for your help :)
Bold
Active Member
 
Posts: 8
Joined: April 1st, 2010, 11:56 pm

Re: Background program keeps de-selecting my current application

Unread postby deltalima » April 10th, 2010, 1:55 pm

Hi Bold,

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a new HijackThis log and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Background program keeps de-selecting my current application

Unread postby Bold » April 11th, 2010, 11:44 pm

Kapersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, April 11, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, April 11, 2010 11:42:48
Records in database: 3935152
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 309449
Threats found: 2
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 05:27:16


File name / Threat / Threats count
C:\Documents and Settings\BOLD\Desktop\WORK\THIRD HATCH\Vital Energy\site-www.thevitalenergycenter.com-20100315-084343.zip Infected: Backdoor.PHP.C99Shell.bv 2
C:\Documents and Settings\BOLD\Desktop\WORK\THIRD HATCH\Vital Energy\site-www.thevitalenergycenter.com-20100319-194412.zip Infected: Backdoor.PHP.C99Shell.bv 2
C:\Documents and Settings\BOLD\Desktop\WORK\THIRD HATCH\Vital Energy\_OLD\OLD SITE\site-www.thevitalenergycenter.com-20091020-160438.zip Infected: Backdoor.PHP.C99Shell.bv 1
C:\_OTL\MovedFiles\04102010_102913\C_Documents and Settings\BOLD\Local Settings\Temp\~temp\hmbst27\lsass.exe Infected: Trojan-Mailfinder.Win32.Blen.si 1

Selected area has been scanned.

HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:59 PM, on 4/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeBridge] //~
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare\AWC.exe" /startup
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\BOLD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\BOLD\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8389455359
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9f9baeab53ff0) (gupdate1c9f9baeab53ff0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12477 bytes

I haven't been using my computer much this weekend, though I will be using it extensively tomorrow - I will respond with my findings. Thanls you!
Bold
Active Member
 
Posts: 8
Joined: April 1st, 2010, 11:56 pm

Re: Background program keeps de-selecting my current application

Unread postby deltalima » April 12th, 2010, 8:38 am

Hi Bold,

Please see here.

The scans we run often reveal information that most businesses would not want exposed in an open forum, and there are other legal constraints and ramifications involved with business machines that we are not equipped or trained to deal with.


As the computer is used for business I will ask for the thread to be closed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 491 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware