Free Malware Removal Forum

by **Artur** » January 26th, 2010, 5:12 pm

Hello.
3 days ago i had my MMO game charachter robbed. I immidietly scanned my computer and my Antivirus "Avanquest Sustem Suite" found a trojan named A0387131.dll, i chose to delete it, rebooted and rescanned my computer, nothing was found. I kept scanning my computer every day since i was worried it might come back. And today it was back, i chose to quarantine it, after a few hours of searching for a solution i opened my Antivirus and found e-mail defense disabled and automatic protection disabled. I tried enabling it, but my AV just hangs repeatedly.

I have a router and i have a software Firewall.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:11, on 2010-01-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~2\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~2\SYSTEM~1\mxtask2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\ekort\ekort.exe
C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\AnVir Virus Destroyer\AnVir.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\WINDOWS\system32\OBroker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\AVANQU~2\SYSTEM~1\SSuite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\Program Files\ekort\Bhoekort.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\avgssie.dll
O2 - BHO: Data Vault - {8373ADC0-6330-11DD-9D77-22C856D89593} - C:\Program Files\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: e-kort Helper Class - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files\ekort\EKortHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: e-kort Toolbar - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files\ekort\EKortToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [e-kort] C:\PROGRA~1\ekort\ekort.exe /dontopenmycards /Autostart
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnVir Virus Destroyer] "C:\Program Files\AnVir Virus Destroyer\AnVir.exe" Minimized
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: BankID Security Application.lnk = C:\Program Files\Personal\bin\Personal.exe
O4 - Global Startup: GammaTray.lnk = ?
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: SystemSuite (SBAMSvc) - Sunbelt Software - C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software - C:\PROGRA~1\AVANQU~2\SYSTEM~1\MXTask.exe

--
End of file - 9140 bytes

by **melboy** » January 31st, 2010, 10:39 am

Hi and welcome to the MR forums.

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

I will be working on your Malware issues this may or may not solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
If you don't know or understand something, please don't hesitate to ask.
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start. Backing up: What, how, where

No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.

DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Disable any script blocker, and then double click dds.scr to run the tool. A command window will appear, this is normal.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.

Please copy & paste the contents of :

DDS.txt
Attach.txt

And post them in your next reply.

Gmer

Download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

In your next reply:

DDS.txt
Attach.txt
GMER log

by **Artur** » February 1st, 2010, 12:37 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by Artur at 0:02:35,49 on 2010-02-01
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1361 [GMT 1:00]

AV: Avanquest SystemSuite *On-access scanning enabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Avanquest NetDefense Firewall *enabled* {E9CD9D09-CF58-4ec3-9B3F-E6B12C3E4171}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVANQU~2\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~2\SYSTEM~1\mxtask2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\PROGRA~1\ekort\ekort.exe
C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\OBroker.exe
svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Artur\My Documents\Hämtade filer\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: EKortBrowserHelper Class: {1c900459-deef-4aa9-b260-1ef0f0c70a8d} - c:\program files\ekort\Bhoekort.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avanquest\systemsuite\avgssie.dll
BHO: DataVault Object: {8373adc0-6330-11dd-9d77-22c856d89593} - c:\program files\avanquest\systemsuite\IE_ContextMenu_Vault.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program files\ekort\EKortHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program files\ekort\EKortToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [AnVir Virus Destroyer] "c:\program files\anvir virus destroyer\AnVir.exe" Minimized
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Launch LGDCore] "c:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [e-kort] c:\progra~1\ekort\ekort.exe /dontopenmycards /Autostart
mRun: [CTCheck] c:\program files\creative\zen media explorer\CTCheck.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\artur\startm~1\programs\access~1\startup\dialog~1.lnk - c:\program files\vcom\powerdesk\pddlghlp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asuswi~1.lnk - c:\program files\asus wifi-ap solo\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\gammat~1.lnk - c:\program files\magictune premium\GammaTray.exe
IE: {578FC4E3-151E-456c-AF8E-B63061EFE228}}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {F552DDE6-2090-4bf4-B924-6141E87789A5} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\artur\applic~1\mozilla\firefox\profiles\he3vcs50.default\
FF - component: c:\program files\avanquest\systemsuite\firefox3dv\components\VaultComponent.dll
FF - component: c:\program files\ekort\components\SlimOrbAddonEkort.dll
FF - plugin: c:\documents and settings\artur\application data\mozilla\firefox\profiles\he3vcs50.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-12-19 13360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-12-19 203056]
R2 SBAMSvc;SystemSuite;c:\program files\common files\antivirus\SBAMSvc.exe [2009-9-8 1012040]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-12-19 69936]
R3 ct20xflt;ct20xflt;c:\windows\system32\drivers\ct20xflt.sys [2009-7-14 1811224]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 198168]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1353240]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 73752]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-7-14 1227800]
R3 KFilter;KFilter;c:\progra~1\avanqu~2\system~1\KFilter.sys [2009-12-3 61560]
R3 TFilter;TFilter;c:\progra~1\avanqu~2\system~1\TFilter.sys [2009-12-3 26952]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-16 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2010-1-16 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 198168]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1353240]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 73752]
S3 I97DRIVER;I97DRIVER;\??\c:\progra~1\avanqu~2\system~1\dgs.sys --> c:\progra~1\avanqu~2\system~1\dgs.sys [?]
S3 MailScan;MailScan;\??\c:\progra~1\avanqu~2\system~1\mailscan.sys --> c:\progra~1\avanqu~2\system~1\MailScan.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2007-12-31 25773]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-8-16 235648]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-8-5 93872]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-8-16 13532]

=============== Created Last 30 ================

2010-01-26 17:36:48 0 d-----w- c:\program files\Trend Micro
2010-01-16 23:57:09 0 d-----w- c:\program files\Ventrilo
2010-01-16 23:57:05 262 ----a-w- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-01-16 20:58:48 820 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
2010-01-16 20:58:48 55324 ----a-w- c:\windows\system32\BMXState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
2010-01-16 20:58:48 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2010-01-16 20:58:48 1080 ----a-w- c:\windows\system32\settings.sfm
2010-01-16 20:25:56 90112 ------w- c:\windows\Updreg.EXE
2010-01-16 20:23:58 782336 ----a-r- c:\windows\system32\tmp15B.tmp
2010-01-16 20:23:58 782336 ----a-r- c:\windows\system32\tmp15A.tmp
2010-01-16 20:23:58 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-16 20:23:58 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-16 20:23:58 0 d-----w- c:\program files\OpenAL
2010-01-16 20:23:56 73752 ----a-r- c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTHWIUT.SYS
2010-01-16 20:23:55 198168 ----a-r- c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CT20XUT.SYS
2010-01-16 20:23:54 1353240 ----a-r- c:\windows\system32\{EF7AEA4C-EC87-45fd-A909-47D0136316DE}##CTEXFIFX.SYS
2010-01-16 20:23:26 7978 ----a-r- c:\windows\system32\CTAPO32.UDA
2010-01-16 20:23:25 595193 ----a-r- c:\windows\system32\APOIM32.exe
2010-01-16 20:23:24 89336 ----a-r- c:\windows\system32\ctpxst32.exe
2010-01-16 20:21:54 7572224 ------w- c:\windows\system32\CT8MGM.SF2
2010-01-16 20:21:52 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2010-01-16 20:21:51 2167684 ------w- c:\windows\system32\CT2MGM.SF2
2010-01-16 20:20:56 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-01-16 19:58:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Creative Labs
2010-01-16 19:47:35 53248 ------w- c:\windows\Ctregrun.exe
2010-01-16 18:30:29 55324 ----a-w- c:\windows\system32\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
2010-01-16 18:29:14 7062 ----a-w- c:\windows\system32\audiopid.vxd
2010-01-16 18:28:00 106496 ----a-w- c:\windows\system32\cttele32.dll
2010-01-16 18:27:09 0 d-----w- c:\windows\system32\Data
2010-01-13 17:05:20 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-03 21:25:58 35000 ----a-w- c:\windows\system32\mxntdfg.exe
2006-06-23 12:48:54 32768 ----a-w- c:\windows\inf\UpdateUSB.exe
2007-12-31 11:47:45 2 --shatr- c:\windows\winstart.bat

============= FINISH: 0:03:24,13 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2007-08-16 02:09:53
System Uptime: 2010-01-31 12:49:36 (12 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5K Deluxe
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | LGA775 | 2671/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 59 GiB total, 15,435 GiB free.
D: is FIXED (NTFS) - 90 GiB total, 8,206 GiB free.
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF0DC369
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0DC369
Service: RTLWUSB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&625283&0&00E5
Manufacturer: Marvell
Name: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_81F81043&REV_12\4&625283&0&00E5
Service: yukonwxp

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&B6AFFD&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&B6AFFD&0
Service: i8042prt

==== System Restore Points ===================

RP669: 2009-12-19 08:43:42 - Installed Avanquest MergeModules
RP670: 2009-12-19 08:43:49 - Installed SystemSuite 10 Professional
RP671: 2009-12-20 12:24:38 - System Checkpoint
RP672: 2009-12-22 07:35:17 - System Checkpoint
RP673: 2009-12-23 09:08:17 - System Checkpoint
RP674: 2009-12-24 15:27:24 - System Checkpoint
RP675: 2009-12-25 15:36:13 - System Checkpoint
RP676: 2009-12-26 15:47:14 - System Checkpoint
RP677: 2009-12-27 16:05:10 - System Checkpoint
RP678: 2009-12-28 21:19:49 - System Checkpoint
RP679: 2009-12-29 22:03:07 - System Checkpoint
RP680: 2009-12-31 12:07:23 - System Checkpoint
RP681: 2010-01-01 14:55:09 - System Checkpoint
RP682: 2010-01-02 15:28:01 - System Checkpoint
RP683: 2010-01-03 18:15:07 - System Checkpoint
RP684: 2010-01-07 18:16:45 - System Checkpoint
RP685: 2010-01-08 18:58:52 - System Checkpoint
RP686: 2010-01-10 09:56:10 - System Checkpoint
RP687: 2010-01-11 20:18:37 - System Checkpoint
RP688: 2010-01-12 20:36:14 - System Checkpoint
RP689: 2010-01-14 10:17:51 - Software Distribution Service 3.0
RP690: 2010-01-15 16:04:47 - System Checkpoint
RP691: 2010-01-16 16:06:06 - System Checkpoint
RP692: 2010-01-16 18:52:36 - Configured SoundMAX
RP693: 2010-01-16 18:52:48 - Removed SoundMAX
RP694: 2010-01-16 19:28:47 - Installed Creative Audio Control Panel
RP695: 2010-01-16 19:29:11 - Installed Creative Software AutoUpdate
RP696: 2010-01-16 20:45:56 - Installed Sound Blaster X-Fi
RP697: 2010-01-16 21:09:27 - Removed Creative Audio Control Panel
RP698: 2010-01-16 21:10:10 - Removed Creative Software AutoUpdate
RP699: 2010-01-16 21:10:41 - Removed Creative System Information
RP700: 2010-01-16 21:11:09 - Removed Dolby Digital Live Pack
RP701: 2010-01-16 21:11:59 - Removed Sound Blaster X-Fi
RP702: 2010-01-16 21:19:52 - Installed Sound Blaster X-Fi
RP703: 2010-01-16 21:24:52 - Installed Creative Audio Control Panel
RP704: 2010-01-16 21:43:01 - Installed Console Launcher
RP705: 2010-01-16 21:45:15 - Installed Creative Media Toolbox 6
RP706: 2010-01-16 21:49:40 - Installed Creative MediaSource 5
RP707: 2010-01-16 21:51:13 - Installed WaveStudio 7
RP708: 2010-01-16 21:52:16 - Installed Creative 3DMIDI Player
RP709: 2010-01-16 21:54:24 - Installed Creative Audio Control Panel
RP710: 2010-01-16 21:54:43 - Installed Creative Software AutoUpdate
RP711: 2010-01-17 00:56:26 - Removed Ventrilo Client
RP712: 2010-01-17 00:57:08 - Installed Ventrilo Client
RP713: 2010-01-18 20:05:18 - System Checkpoint
RP714: 2010-01-19 22:33:19 - Software Distribution Service 3.0
RP715: 2010-01-22 19:37:27 - Software Distribution Service 3.0
RP716: 2010-01-23 20:19:58 - System Checkpoint
RP717: 2010-01-24 12:28:50 - Removed Adobe Reader 9.1.3.
RP718: 2010-01-25 13:08:21 - System Checkpoint
RP719: 2010-01-26 19:14:42 - System Checkpoint
RP720: 2010-01-26 20:03:15 - Removed Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
RP721: 2010-01-26 20:04:36 - Removed Microsoft Visual Studio Web Authoring Component
RP722: 2010-01-26 20:05:47 - Removed Microsoft SQL Server Setup Support Files (English)
RP723: 2010-01-26 20:06:46 - Removed Microsoft Windows SDK for Visual Studio 2008 Tools
RP724: 2010-01-26 20:07:10 - Removed Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
RP725: 2010-01-26 20:07:37 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP726: 2010-01-26 20:08:20 - Removed Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
RP727: 2010-01-26 20:08:47 - Removed Microsoft SQL Server Compact 3.5 Design Tools ENU
RP728: 2010-01-26 20:09:32 - Removed Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
RP729: 2010-01-26 20:09:42 - Removed Microsoft SQL Server Database Publishing Wizard 1.2
RP730: 2010-01-26 20:11:14 - Removed Microsoft Visual C++ 2005 Redistributable
RP731: 2010-01-26 20:11:44 - Removed Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
RP732: 2010-01-26 20:12:08 - Removed Microsoft SQL Server Native Client
RP733: 2010-01-26 20:13:55 - Removed Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
RP734: 2010-01-26 20:14:08 - OpenOffice.org Installer 1.0 togs bort
RP735: 2010-01-26 20:14:17 - Removed Microsoft SQL Server Compact 3.5 ENU
RP736: 2010-01-26 20:14:44 - Removed Microsoft SQL Server VSS Writer
RP737: 2010-01-26 20:15:13 - Removed Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
RP738: 2010-01-26 20:15:37 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
RP739: 2010-01-26 20:24:52 - Configured Tenable Nessus
RP740: 2010-01-28 18:13:39 - System Checkpoint
RP741: 2010-01-30 11:46:23 - System Checkpoint
RP742: 2010-01-31 17:36:57 - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AnVir Virus Destroyer
ASUS WiFi-AP Solo
ASUSUpdate
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Avanquest update
BankID Security Application 4.10.4
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Creative 3DMIDI Player
Creative Audio Control Panel
Creative Console Launcher
Creative Media Toolbox 6
Creative Media Toolbox 6 (Shared Components)
Creative MediaSource 5
Creative Software AutoUpdate
Creative System Information
Creative WaveStudio 7
Critical Update for Windows Media Player 11 (KB959772)
Curse Client
Debugging Tools for Windows (x86)
DH Driver Cleaner Professional Edition
DivX Content Uploader
DivX Web Player
Dolby Digital Live Pack
e-kort
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GhostSurf 2.0
Half-Life(R) 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Matrix Storage Manager
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
JMB36X Raid Configurer
Junk Mail filter update
LightScribe 1.4.124.1
Logitech G11 Keyboard Software 1.03
MagicTune Premium
MailWasher
Marvell Miniport Driver
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola Phone Tools
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MultiRes (remove only)
Nero 8 Ultra Edition HD
neroxml
OGA Notifier 2.0.0048.0
OpenAL
PC Probe II
PDF Settings
PowerDesk 6
RawShooter essentials 2006
REALTEK GbE & FE Ethernet PCI NIC Driver
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
SiSoftware Sandra Lite XIIc
Skins
Software Update for Web Folders
Sound Blaster X-Fi
Spotify
SteelSeries Kinzu Optical Mouse
SystemSuite 10 Professional
TomTom HOME
TPTEST 5.0.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC_MergeModuleToMSI
VCRedistSetup
WebFldrs XP
Ventrilo Client
Winamp
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Wow Web Stats Client v3.0
x-Perl
ZEN Media Explorer
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

2010-01-26 22:35:35, error: Service Control Manager [7034] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated unexpectedly. It has done this 1 time(s).
2010-01-26 22:35:21, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2010-01-26 22:30:53, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
2010-01-26 22:30:53, error: SideBySide [59] - Generate Activation Context failed for C:\PROGRA~1\AVANQU~2\SYSTEM~1\SunbeltConnector.dll. Reference error message: The operation completed successfully. .
2010-01-26 22:30:53, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
2010-01-26 17:11:13, error: Service Control Manager [7034] - The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-01 05:19:49
Windows 5.1.2600 Service Pack 3
Running: 7zniooh2.exe; Driver: C:\DOCUME~1\Artur\LOCALS~1\Temp\fgrdrpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xBA6144D0]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xBA614520]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Ip TFilter.sys (TFilter Kernel Module/Avanquest Software)
AttachedDevice \Driver\Tcpip \Device\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Tcp TFilter.sys (TFilter Kernel Module/Avanquest Software)
AttachedDevice \Driver\Tcpip \Device\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\Udp TFilter.sys (TFilter Kernel Module/Avanquest Software)
AttachedDevice \Driver\Tcpip \Device\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)
AttachedDevice \Driver\Tcpip \Device\RawIp TFilter.sys (TFilter Kernel Module/Avanquest Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

by **melboy** » February 1st, 2010, 3:33 pm

Hi Artur

AnVir Virus Destroyer

I'm not too familiar with the above program. Have you purchased this or do you pay a subscription for it?

As you have Avanquest installed too, it is not safe to have more than one anti-virus installed on a system.

Doing so not only does not provide better protection, it can actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it could cause crashes! You should remove all but one anti-virus program. I would recommend keeping Avanquest provided any subscription for it is up to date.

ATF-Cleaner

Please download ATF Cleaner by Atribune.

Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords
please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords
please click No at the prompt.
Click Exit on the Main menu to close the program.

Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
If items are found, check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.

The log can also be found here:
1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.

by **Artur** » February 1st, 2010, 10:17 pm

Hello again Melboy.

AnVir was seriusly outdated and i merely kept it for some tools i liked, nothing cruicial to me. I have uninstalled it.
Yes, Avanquest is a running subscription.

I have ran the ATF Cleaner.
But i cannot get Malwarebytes to install. Prior to posting here i had tried to install it aswell, both times the same thing happend: nothing. I double click the "mbam-setup.exe" i select to run it but nothign happens,. I right click and "open" yet nothing happens.

by **Artur** » February 2nd, 2010, 12:13 pm

Oh, and i forgot to mention i have tried renaming it, still doesent work.

by **melboy** » February 2nd, 2010, 4:40 pm

Hi Artur

Malware has a habit of stopping the tools we use to remove it. The fact MBAM wont install and your Avanquest is disabled shows that this may be the case. Your logs thus far though don't show anything out of the ordinary. Do you have problems running any other programs?

SysProt AntiRootkit©

Please download SysProt AntiRootkit© by swatkat and save it to your desktop.

Scroll down to the bottom of the page and click on SysProt.zip under the Attachments section to save the file.
Unzip it into a folder on your desktop and enter it, then double click on SysProt.exe to start the program.
Go to the Log tab and check (tick) all items listed in the Write to log box.
Check Hidden Objects Only at the bottom of the window too.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear. Select Scan root drive only and click Start.
When completed, you will be prompted showing the location of SysProtLog.txt, which is the same folder SysProt.exe was extracted to.
Post the contents of the log in your reply.

by **Artur** » February 2nd, 2010, 7:07 pm

Hi.
I dont have any problems with any other programs. Not that i know of at least. But SysProt locked up and stopped responding after creating the log, i had to ctrl+alt+del and close it.
If i remember correct, the the Object on the bottom of this log is where Avanquest reported the trojan infection, of couse i cannot remember the exact file name but it was reported in C:\System Volume Information\_restore

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AABE8000
Module End: AAC00000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA614000
Module End: BA616000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwCreateKey
Address: BA5EA4D0
Driver Base: BA5EA000
Driver End: BA5EC000
Driver Name: \SystemRoot\system32\drivers\sbaphd.sys

Function Name: ZwSetValueKey
Address: BA5EA520
Driver Base: BA5EA000
Driver End: BA5EC000
Driver Name: \SystemRoot\system32\drivers\sbaphd.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: ALFETTA:1968
Remote Address: EY-IN-F102.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: ALFETTA:1055
Remote Address: BY2MSG4020310.PHX.GBL:1863
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: ALFETTA:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ALFETTA:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: ALFETTA:5152
Remote Address: LOCALHOST:1093
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: ALFETTA:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: ALFETTA:1058
Remote Address: LOCALHOST:1057
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: ALFETTA:1057
Remote Address: LOCALHOST:1058
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: ALFETTA:1057
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: LISTENING

Local Address: ALFETTA:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: ALFETTA:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: ALFETTA:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ALFETTA:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: ALFETTA:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ALFETTA:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: ALFETTA:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ALFETTA:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ALFETTA:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: ALFETTA:DISCARD
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: NA

Local Address: ALFETTA:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: ALFETTA:1066
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Contacts\wlcomm.exe
State: NA

Local Address: ALFETTA:1045
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
State: NA

Local Address: ALFETTA:1038
Remote Address: NA
Type: UDP
Process: C:\PROGRA~1\ekort\ekort.exe
State: NA

Local Address: ALFETTA:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: ALFETTA:37618
Remote Address: NA
Type: UDP
Process: C:\Program Files\Curse\CurseClient.exe
State: NA

Local Address: ALFETTA:MS-SQL-M
Remote Address: NA
Type: UDP
Process: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
State: NA

Local Address: ALFETTA:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ALFETTA:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{58155731-F4E1-415E-BAEE-6BDA7B2A4A1A}
Status: Access denied

Log edited to remove e-mail addresses - Admin

by **melboy** » February 2nd, 2010, 8:12 pm

Hi Artur

i cannot remember the exact file name but it was reported in C:\System Volume Information\_restore

Yes, that would be where the A0387131.dll file was found - That is System Restore. We will deal with that in due course.

In your first post you stated

i opened my Antivirus and found e-mail defense disabled and automatic protection disabled. I tried enabling it, but my AV just hangs repeatedly.

By "automatic protection" I presume you mean the realtime/on-access protection.
Your DDS log shows it is enabled.

AV: Avanquest SystemSuite *On-access scanning enabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Avanquest NetDefense Firewall *enabled* {E9CD9D09-CF58-4ec3-9B3F-E6B12C3E4171}

Can you confirm whether this is the case or not?

See if you can run an online scan.

Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Animated guide, if required.

by **Artur** » February 3rd, 2010, 3:50 am

Quote from Avanquest Help file.
"Active Defense guards your computer by checking files as they are accessed and warning you if it detects a virus or if a program is spyware. ". This shows as disabled. All the checkboxes and settings are set to enable (and always have been), but when i open Avanquest it tells me "Active defense" is disabled. The actual program is running and the tools for defragmentation and so on are accessible.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, February 3, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, February 03, 2010 00:49:23
Records in database: 3399455
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 115027
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:24:30

No threats found. Scanned area is clean.

Selected area has been scanned.

by **Artur** » February 3rd, 2010, 1:04 pm

Hello again Melboy. I may just have spotted something.
After not using my computer for a few hours i was trying to open Firefox, got a message FF was alredy running and could not open an additional session. Went to task manager to look over my open applications and processes and noticed somehting called "Scanningprocess.exe" in my process list, i had never seen that before so i googled it. From what i could see it is a process that belongs to ZoneAlarm, wich i dont have installed and dont think i ever had installed on this computer. From what i saw i did not have FF open according to the process or application list.

I tried terminating the process but it only popped up again, i rebooted and now its gone.

by **melboy** » February 3rd, 2010, 1:26 pm

Hi Artur

To put your mind at rest whilst I go over your logs again - scanningprocess.exe is part of the Kaspersky online scan I had you run.

by **melboy** » February 3rd, 2010, 5:56 pm

Hi Artur

OTL

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scans box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) & paste the contents of these files into your next post. (Sometimes you have to make several post to get the logs posted.)

by **Artur** » February 3rd, 2010, 9:12 pm

OTL logfile created on: 2010-02-04 01:48:36 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Artur\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 19,23 Gb Free Space | 32,82% Space Free | Partition Type: NTFS
Drive D: | 90,44 Gb Total Space | 7,85 Gb Free Space | 8,68% Space Free | Partition Type: NTFS
Drive E: | 413,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALFETTA
Current User Name: Artur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-02-04 01:46:35 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Artur\Desktop\OTL.exe
PRC - [2010-01-23 16:53:22 | 001,845,248 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe
PRC - [2009-12-03 22:25:32 | 000,050,456 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\MXTask2.exe
PRC - [2009-12-03 22:25:30 | 000,529,688 | ---- | M] (Avanquest Software) -- C:\Program Files\Avanquest\SystemSuite\MXTask.exe
PRC - [2009-11-19 17:49:19 | 000,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
PRC - [2009-09-08 13:46:32 | 001,012,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2009-07-14 00:28:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009-07-14 00:22:08 | 001,263,616 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2009-05-27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009-03-09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009-02-06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008-12-29 16:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008-12-11 13:14:24 | 000,377,856 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files\ekort\ekort.exe
PRC - [2008-12-11 13:11:28 | 000,145,920 | ---- | M] () -- C:\WINDOWS\system32\OBroker.exe
PRC - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008-09-26 14:50:46 | 000,206,184 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
PRC - [2008-07-20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008-07-20 16:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008-04-14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-18 16:29:12 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007-11-06 10:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
PRC - [2007-10-10 06:28:32 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2007-09-17 19:27:58 | 000,069,120 | ---- | M] (Autodata Limited) -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2007-01-15 15:18:00 | 000,036,864 | ---- | M] () -- C:\Program Files\MagicTune Premium\GammaTray.exe
PRC - [2006-12-19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2006-10-19 12:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006-07-23 02:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006-06-15 23:28:36 | 000,987,136 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
PRC - [2006-02-28 11:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005-09-08 09:50:22 | 000,040,960 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
PRC - [1999-12-13 08:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2010-02-04 01:46:35 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Artur\Desktop\OTL.exe
MOD - [2008-04-14 01:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2005-09-08 09:50:04 | 000,081,920 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.dll

========== Win32 Services (SafeList) ==========

SRV - [2010-01-16 21:46:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2010-01-16 21:20:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009-12-03 22:25:30 | 000,529,688 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files\Avanquest\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2009-09-08 13:46:32 | 001,012,040 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009-05-27 02:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009-03-09 04:19:15 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-02-25 22:27:41 | 000,602,112 | ---- | M] (ATI Technologies Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009-02-25 14:15:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009-02-23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008-11-24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008-11-24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008-07-20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008-06-01 17:31:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-02-28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008-02-18 16:29:12 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007-09-17 19:27:58 | 000,069,120 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2007-09-11 16:10:18 | 000,184,504 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007-09-11 16:10:08 | 001,265,856 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2006-12-19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006-10-19 12:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006-02-28 11:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [1999-12-13 08:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {4d855a8a-1536-4aa8-bf99-da2362910205}:9.0.2.0
FF - prefs.js..extensions.enabledItems: ekort@orbiscom:3.16.8.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039

FF - HKLM\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program Files\ekort [2009-02-24 20:14:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4d855a8a-1536-4aa8-bf99-da2362910205}: C:\Program Files\Avanquest\SystemSuite\Firefox3DV [2009-12-19 08:44:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRA~1\AVANQU~2\SYSTEM~1\Firefox [2009-12-19 08:43:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-30 12:15:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-24 20:30:05 | 000,000,000 | ---D | M]

[2008-09-29 16:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Mozilla\Extensions
[2008-09-29 16:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010-02-03 17:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Mozilla\Firefox\Profiles\he3vcs50.default\extensions
[2007-11-21 21:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Mozilla\Firefox\Profiles\he3vcs50.default\extensions\moveplayer@movenetworks.com
[2007-08-18 11:09:14 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\Artur\Application Data\Mozilla\Firefox\Profiles\he3vcs50.default\searchplugins\thottbot-wow.xml
[2010-02-03 17:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-01-17 15:16:37 | 000,001,470 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml
[2007-11-04 07:16:09 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2007-11-04 07:16:09 | 000,001,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010-01-17 15:16:37 | 000,002,670 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml
[2010-01-17 15:16:37 | 000,000,948 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\tyda-sv-SE.xml
[2010-01-17 15:16:37 | 000,001,174 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml
[2010-01-17 15:16:37 | 000,000,647 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-01-26 19:36:05 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (EKortBrowserHelper Class) - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\Program Files\ekort\Bhoekort.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\avgssie.dll ()
O2 - BHO: (DataVault Object) - {8373ADC0-6330-11DD-9D77-22C856D89593} - C:\Program Files\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll (Avanquest Software)
O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files\ekort\EKortHelper.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files\ekort\EKortToolbar.dll ()
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [e-kort] C:\Program Files\ekort\ekort.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\HOMERunner.exe (TomTom)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\Artur\Start Menu\Programs\Accessories\Startup\Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe (Avanquest Publishing USA, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Artur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Artur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-08-16 01:08:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005-07-26 23:59:10 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{e1898afe-3b68-11de-992d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{e1898afe-3b68-11de-992d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e1898afe-3b68-11de-992d-806d6172696f}\Shell\AutoRun\command - "" = E:\wubi.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-08-16 02:56:40 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010-02-04 01:46:29 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Artur\Desktop\OTL.exe
[2010-02-03 08:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artur\Desktop\MR
[2010-01-26 20:05:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-01-26 18:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-01-23 17:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Artur\Local Settings\Application Data\Deployment
[2009-10-16 10:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009-09-05 11:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008-07-09 12:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008-07-09 12:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008-07-09 12:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008-07-09 12:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
[2008-07-09 12:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008-07-09 12:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2008-05-25 18:05:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008-03-08 21:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Talkback
[2008-03-08 21:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2008-03-08 21:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2008-01-17 19:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Avanquest
[2007-10-24 18:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Avanquest
[2007-08-16 01:24:08 | 000,014,336 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2007-08-16 01:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007-08-16 01:08:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010-02-04 01:46:35 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Artur\Desktop\OTL.exe
[2010-02-03 17:45:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-03 17:45:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-03 17:45:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-03 17:44:15 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Artur\NTUSER.DAT
[2010-02-03 17:44:15 | 000,055,324 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010-02-03 17:44:15 | 000,055,324 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010-02-03 17:44:15 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000000-00001102-0000000B-00411102}.rfx
[2010-02-03 17:43:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Artur\ntuser.ini
[2010-01-26 21:33:22 | 001,403,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-01-26 20:47:42 | 000,015,472 | ---- | M] () -- C:\Documents and Settings\Artur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-01-26 19:36:05 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-01-26 18:36:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Artur\Desktop\HijackThis.lnk
[2010-01-24 11:34:22 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Artur\Desktop\Wow nummer.doc
[2010-01-23 17:01:54 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Artur\Desktop\Curse Client.appref-ms
[2010-01-22 19:38:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-01-26 18:36:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Artur\Desktop\HijackThis.lnk
[2010-01-24 11:33:41 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Artur\Desktop\Wow nummer.doc
[2010-01-23 17:01:54 | 000,000,312 | ---- | C] () -- C:\Documents and Settings\Artur\Desktop\Curse Client.appref-ms
[2010-01-17 00:57:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-07-14 01:14:20 | 000,027,839 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009-07-14 01:14:16 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009-07-14 00:28:04 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009-07-14 00:28:04 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009-05-26 12:12:38 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2009-05-24 09:45:02 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\Artur\Local Settings\Application Data\PathsToScan.txt
[2009-05-08 09:33:44 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009-05-08 09:33:44 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008-09-02 13:11:01 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008-06-05 19:48:53 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Artur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-01-17 19:30:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-10-16 15:23:23 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007-10-15 23:27:33 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007-09-13 17:32:18 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Artur\Local Settings\Application Data\fusioncache.dat
[2007-08-16 14:58:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-08-16 14:22:13 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007-08-16 14:22:13 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007-08-16 01:16:10 | 000,035,123 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007-08-16 01:15:56 | 000,034,282 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007-08-16 01:15:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007-08-16 01:15:44 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003-04-09 14:30:19 | 000,196,608 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2002-02-07 16:54:34 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmigameport.sys

========== LOP Check ==========

[2007-09-17 19:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodata Limited
[2008-10-17 11:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2007-08-16 12:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009-10-04 11:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bredbandsbolaget
[2007-08-17 19:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009-07-18 06:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2008-09-29 16:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009-02-25 19:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Agency9
[2008-10-17 11:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Avanquest
[2010-01-14 19:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Azureus
[2008-08-18 18:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007-08-16 13:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Earthsim
[2008-07-27 12:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Personal
[2008-03-30 18:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Pixmantec
[2010-01-20 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Spotify
[2007-10-26 19:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\TomTom
[2007-12-27 21:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\Uniblue
[2007-12-15 11:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Artur\Application Data\VCOM

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008-09-23 23:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-09-23 23:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008-03-08 02:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-9_xp32_dd_ccc_wdm_enu_68898\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2008-09-23 23:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-09-23 23:57:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008-07-20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2008-07-20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008-07-20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\DRVSTORE\iaStor_AB9805EF1336A6B48853E12AAD09CDFBD40769BB\iaStor.sys
[2007-03-21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\OemDir\iaStor.sys
[2007-03-21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys
[2008-07-20 16:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008-04-14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004-08-04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004-08-04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008-04-14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007-08-16 02:58:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007-08-16 02:58:47 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007-08-16 02:58:47 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 2010-02-04 01:48:36 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Artur\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 19,23 Gb Free Space | 32,82% Space Free | Partition Type: NTFS
Drive D: | 90,44 Gb Total Space | 7,85 Gb Free Space | 8,68% Space Free | Partition Type: NTFS
Drive E: | 413,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALFETTA
Current User Name: Artur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [File Finder...] -- C:\Program Files\VCOM\PowerDesk\pdfind.exe /PATH:%1 (Avanquest Publishing USA, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- (SiSoftware)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Documents and Settings\Artur\Desktop\Spel\Curse\CurseClient.exe" = C:\Documents and Settings\Artur\Desktop\Spel\Curse\CurseClient.exe:*:Enabled:Curse Client -- File not found
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" = C:\Program Files\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe:*:Enabled:Bredbandsbolaget Servicecenter -- File not found
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8 Ultra Edition HD
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6A615007-721D-4063-B226-EA41EB6604B9}" = SystemSuite 10 Professional
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B99E90E-2AC4-4D72-8D88-39030783172B}" = e-kort
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789E18B7-8F1B-4EB0-80A1-69815C539C79}" = x-Perl
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9BBE7AA1-AFA8-4D76-8FC2-1FDFD9BD3371}" = Windows Live Mail
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A03E4302-F387-47F3-8136-6D9D9286CD3B}" = SteelSeries Kinzu Optical Mouse
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B93251B5-9209-4DAB-867C-AA98D91584CD}" = PowerDesk 6
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}" = e-kort
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XIIc
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"3DMIDI" = Creative 3DMIDI Player
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AudioCS" = Creative Audio Control Panel
"Console Launcher" = Creative Console Launcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CurseClient" = Curse Client
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"GhostSurf_is1" = GhostSurf 2.0
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"MailWasher_is1" = MailWasher
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiRes (remove only)" = MultiRes (remove only)
"OpenAL" = OpenAL
"Personal" = BankID Security Application 4.10.4
"RawShooter essentials 2006" = RawShooter essentials 2006
"Spotify" = Spotify
"SysInfo" = Creative System Information
"TomTom HOME" = TomTom HOME
"TPTEST5_is1" = TPTEST 5.0.2
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZEN (MTP) Media Explorer" = ZEN Media Explorer
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Wow Web Stats Client v3.0" = Wow Web Stats Client v3.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-01-12 12:42:56 | Computer Name = ALFETTA | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 9.2 -- A process is running that cannot be shut
down by Setup. Please either close all applications and run Setup again, or restart
your computer and run Setup again.

Error - 2010-01-16 16:23:13 | Computer Name = ALFETTA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 2010-01-16 16:23:13 | Computer Name = ALFETTA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 2010-01-30 06:07:31 | Computer Name = ALFETTA | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 2010-01-30 06:07:36 | Computer Name = ALFETTA | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

[ System Events ]
Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\AVANQU~2\SYSTEM~1\SunbeltConnector.dll.
Reference
error message: The operation completed successfully. .

Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\AVANQU~2\SYSTEM~1\SunbeltConnector.dll.
Reference
error message: The operation completed successfully. .

Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\AVANQU~2\SYSTEM~1\SunbeltConnector.dll.
Reference
error message: The operation completed successfully. .

Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 2010-02-03 13:11:03 | Computer Name = ALFETTA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\PROGRA~1\AVANQU~2\SYSTEM~1\SunbeltConnector.dll.
Reference
error message: The operation completed successfully. .

< End of report >

by **Artur** » February 3rd, 2010, 9:39 pm

Hmm. Damn. I think i see something (again).
Theres a row with "x-Perl", thats the name of a UI modification i use in the MMO i play, it should not be doing anything in my system.

Would make perfect sense someone bundled a trojan in it to steal my account info and then rob my game charachter.

I await your response.

Free Malware Removal Forum

A0387131.dll

A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Re: A0387131.dll

Who is online