Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby Pandi » May 10th, 2010, 1:28 pm

Hi my Anti virus program Avira found a virus or MalWare. Can someone please help me and see whats wrong?
Object= WLANExt.exe Detection = TR/PatchLoad.393839.1
I will post a HIjack this log.

Thanks in advance

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:27:34, on 2010-05-10
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\explorer.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Users\Andreas\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Http://www.hp.se
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.eniro.se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.about.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = Http://www.ystars.se
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Verktygsfalt Sök - C:\ProgramData\AOL\ieToolbar\resources\sv-SE\local\search.html
O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 11197 bytes
Pandi
Regular Member
 
Posts: 23
Joined: July 29th, 2009, 7:15 am
Advertisement
Register to Remove

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby MWR 3 day Mod » May 14th, 2010, 2:24 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby xixo_12 » May 14th, 2010, 7:29 am

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and I will guide you.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • You may wish to print them off or copy the instruction into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Keep interact with me until your computer is clean.

Please make sure you have done your reading on this topic : How to get help at this forum
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed
***Note : Windows Vista require user to right click > Run as Administrator to use the tools.

First,
Fix entries.
  • Run the HiJack This by right click on the tool > Run as Administrator.
  • Click on Do a system scan only button.
  • Search the entries as below and tick at the small box.
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.about.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = Http://www.ystars.se
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  • Close any other program and leave HiJackThis program alone.
  • Click Fix checked.

Next,
Uninstall List.
  • Run the HiJack This.
  • Click on Open the Misc Tools section button.
  • Click on Misc Tools tab.
  • Under the System tools, click on Open Uninstall Manager button.
  • Find the Save list… button and save to the Desktop
  • Copy the content and paste the uninstall list here.

Next,
Checklist.
Please post.
  • Content of uninstall list.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby Pandi » May 14th, 2010, 7:50 am

Hi and thanks for the help. Same day i found another Virus that is Quarentine also. the name is = is the TR/PatchLoad.53871.1.4Trojan

I have followed the steps you told me

and here is the Uninstall list:

ActiveCheck component for HP Active Support Library
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2 - Svenska
Adobe Shockwave Player
AMD Driver Support for HP 3D DriverGuard
Apple Software Update
Atheros Driver Installation Program
AVerMedia A309 (MiniCard, DVB-T) 1.0.0.46
Avira AntiVir Personal - Free Antivirus
BankID säkerhetsprogram 4.10.4
Catalyst Control Center - Branding
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack för Office 2007-systemet
CyberLink DVD Suite
CyberLink YouCam
CyberLink YouCam
DC++ 0.750
Defraggler
ESU for Microsoft Vista
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Update
HP User Guides 0102
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
IDT Audio
Java(TM) 6 Update 20
JMicron JMB38X Flash Media Controller
Junk Mail filter update
LabelPrint
LightScribe System Software 1.12.33.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 Language Pack SP1 - sve
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (Swedish)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.0.4)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Nero 8
neroxml
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia PC Suite
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
QuickPlay SlingPlayer 0.4.6
QuickSFV (Remove only)
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Skype web features
Skype™ 4.1
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6h
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live inloggningsassistenten
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows-drivrutinspaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
Windows-drivrutinspaket - Nokia Modem (05/22/2008 3.8)
Windows-drivrutinspaket - Nokia Modem (05/22/2008 7.00.0.1)
Windows-drivrutinspaket - Nokia Modem (06/01/2009 7.01.0.4)
Windows-drivrutinspaket - Nokia Modem (10/05/2009 4.2)
Windows-drivrutinspaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinRAR archiver
ZoneAlarm
ZoneAlarm Toolbar
Pandi
Regular Member
 
Posts: 23
Joined: July 29th, 2009, 7:15 am

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby Pandi » May 14th, 2010, 8:34 am

I need to be logged off untill Sunday, so please have patiance and dont lock the thread. I will continue following what you say on sunday

Best regards
Pandi
Pandi
Regular Member
 
Posts: 23
Joined: July 29th, 2009, 7:15 am

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby xixo_12 » May 14th, 2010, 8:43 am

Hi,
Noted about your availability :)
Let's proceed

First,
Remove programs.
Please Click Start > Control Panel > Programs and Features
Remove the listed program(s) by clicking Uninstall/Change.
ZoneAlarm Toolbar

If some program(s) listed above are not in present, please do not panic and proceed to the next step.

Next,
Malwarebytes' Anti-Malware - Run
  • Right click on Malwarebytes' Anti-Malware icon > Run as Administrator to run the program.
  • Click on Update tab > Check for Updates.
  • Once done, click on Scanner tab, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Image
  • Refer to above image and then click Remove Selected to proceed.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


Next,
Checklist.
Please post.
  • Content of MBAM log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby xixo_12 » May 16th, 2010, 9:31 am

Hello :),

Reminder.
It's 48 hours since my last reply.
Bump for your attention.

Regards,
xixo_12
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby Pandi » May 16th, 2010, 10:47 am

xixo_12 wrote:Hello :),

Reminder.
It's 48 hours since my last reply.
Bump for your attention.

Regards,
xixo_12


Im doing a fullscan now with Malwarebytes
Pandi
Regular Member
 
Posts: 23
Joined: July 29th, 2009, 7:15 am

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby xixo_12 » May 16th, 2010, 11:03 am

ok noted ;)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby Pandi » May 16th, 2010, 1:40 pm

Hi again, Malwarebytes didnt find anything.

So here is the log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databasversion: 4105

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

2010-05-16 19:37:55
mbam-log-2010-05-16 (19-37-55).txt

Skanningstyp: Fullständig skanning (C:\|D:\|E:\|)
Antal skannade objekt: 315254
Förfluten tid: 2 timme(ar), 58 minut(er), 41 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)
Pandi
Regular Member
 
Posts: 23
Joined: July 29th, 2009, 7:15 am

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby xixo_12 » May 16th, 2010, 6:45 pm

Hi,
Let's proceed.

First,
DeFogger - Disable
Please download from HERE and save to the desktop.
  • Right click on DeFogger.exe > Run as Administrator to run it.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK. If nothing appear, please do reboot manually.
.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Right click on RSIT.exe > Run as Administrator to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Right click on Gmer.exe > Run as Administrator to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next,
Checklist.
Please post.
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby Pandi » May 17th, 2010, 4:59 am

I hope I did everything right. Here are the logs:

Rsit log:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Andreas at 2010-05-17 10:26:57
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 28 GB (12%) free of 228 GB
Total RAM: 3069 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:28:35, on 2010-05-17
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Andreas\Downloads\RSIT.exe
C:\Program Files\trend micro\Andreas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Http://www.hp.se
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.eniro.se
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: &AOL Verktygsfalt Sök - C:\ProgramData\AOL\ieToolbar\resources\sv-SE\local\search.html
O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 9696 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForAndreas.job
C:\Windows\tasks\User_Feed_Synchronization-{5B15A96B-740F-413F-A63C-0E20C880CC81}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live inloggningshjälpen - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-05-15 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-11-02 554288]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-06-27 442467]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-09-01 499768]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-26 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Andreas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wkcalrem.LNK]
C:\PROGRA~1\MICROS~2\WkCalRem.exe [2007-06-21 46432]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BankID säkerhetsprogram.lnk - C:\Program Files\Personal\bin\Personal.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dda8d686-e266-11de-9536-001e689c48b1}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-17 10:26:57 ----D---- C:\rsit
2010-05-12 09:51:20 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-10 19:51:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-06 19:10:28 ----D---- C:\Program Files\Windows Live Safety Center
2010-05-05 08:49:52 ----D---- C:\ProgramData\Sun
2010-05-05 08:49:50 ----D---- C:\Program Files\Common Files\Java
2010-05-05 08:49:14 ----A---- C:\Windows\system32\javaws.exe
2010-05-05 08:49:14 ----A---- C:\Windows\system32\javaw.exe
2010-05-05 08:49:14 ----A---- C:\Windows\system32\java.exe
2010-05-05 08:49:14 ----A---- C:\Windows\system32\deployJava1.dll

======List of files/folders modified in the last 1 months======

2010-05-17 10:28:35 ----D---- C:\Windows\Temp
2010-05-17 10:28:35 ----D---- C:\Program Files\Trend Micro
2010-05-17 10:25:20 ----A---- C:\ProgramData\HPWALog.txt
2010-05-17 10:25:19 ----HD---- C:\ProgramData
2010-05-17 10:24:08 ----D---- C:\Windows\Internet Logs
2010-05-17 10:22:53 ----D---- C:\Users\Andreas\AppData\Roaming\DC++
2010-05-17 10:20:34 ----D---- C:\Users\Andreas\AppData\Roaming\uTorrent
2010-05-17 08:37:08 ----D---- C:\Windows\Tasks
2010-05-17 08:36:17 ----SHD---- C:\System Volume Information
2010-05-17 08:36:13 ----D---- C:\Windows\System32
2010-05-16 16:43:07 ----D---- C:\Program Files\uTorrent
2010-05-14 09:19:23 ----D---- C:\Windows
2010-05-13 18:35:26 ----D---- C:\Users\Andreas\AppData\Roaming\Skype
2010-05-13 17:31:21 ----D---- C:\Users\Andreas\AppData\Roaming\skypePM
2010-05-12 20:01:44 ----D---- C:\Users\Andreas\AppData\Roaming\dvdcss
2010-05-12 12:49:01 ----D---- C:\Windows\winsxs
2010-05-12 12:35:30 ----D---- C:\Program Files\Windows Mail
2010-05-12 12:22:58 ----D---- C:\Windows\Debug
2010-05-12 12:22:38 ----D---- C:\Windows\system32\catroot2
2010-05-12 12:22:38 ----D---- C:\Windows\system32\catroot
2010-05-11 18:32:03 ----SHD---- C:\Windows\Installer
2010-05-11 18:31:52 ----D---- C:\Windows\inf
2010-05-11 18:31:43 ----D---- C:\Windows\system32\drivers
2010-05-11 18:31:37 ----D---- C:\Program Files\Common Files
2010-05-11 18:28:31 ----RD---- C:\Program Files
2010-05-07 09:39:18 ----D---- C:\Windows\Prefetch
2010-05-07 01:22:43 ----D---- C:\Users\Andreas\AppData\Roaming\hpqLog
2010-05-07 01:22:33 ----D---- C:\Windows\panther
2010-05-06 10:36:38 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-05 12:17:22 ----SHD---- C:\$RECYCLE.BIN
2010-05-05 08:49:10 ----D---- C:\Program Files\Java
2010-05-04 12:00:03 ----DC---- C:\Windows\system32\DRVSTORE
2010-05-04 11:02:10 ----D---- C:\Program Files\Common Files\Adobe
2010-05-04 11:02:09 ----D---- C:\ProgramData\Adobe
2010-04-30 20:51:06 ----A---- C:\Windows\system32\mrt.exe
2010-04-29 21:30:50 ----D---- C:\Program Files\Mozilla Firefox
2010-04-27 20:10:49 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-11-22 446664]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-08-07 34608]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-10 4172288]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-04-17 114528]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-04-14 118784]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-06-27 380928]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;USB-videoenhet (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Bluetooth frågeblockdrivrutin; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth-enhet (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-portdrivrutin; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth-radio USB-drivrutin; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth-ljudenhet; C:\Windows\system32\drivers\btwaudio.sys [2008-02-01 80424]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2008-02-01 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-02-01 16168]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth-enhet (RFCOMM-protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 vsdatant7;vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-20 267432]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-10 724992]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-08-07 24880]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-05-15 292248]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-05-15 116112]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-03-27 341328]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-08-14 9728]
R2 SNMP;@%SystemRoot%\system32\snmp.exe,-3; C:\Windows\System32\snmp.exe [2009-04-11 47616]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe [2008-06-27 221273]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 fsssvc;Tjänsten Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-06 165416]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]

-----------------EOF-----------------


Rsit Info:

info.txt logfile of random's system information tool 1.06 2010-05-17 10:28:37

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Digby's Donuts\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Treasure Island\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2 - Svenska-->MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A93000000001}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
AMD Driver Support for HP 3D DriverGuard-->MsiExec.exe /X{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
AVerMedia A309 (MiniCard, DVB-T) 1.0.0.46-->C:\Program Files\AVerMedia\AVerMedia A309 (MiniCard, DVB-T)\uninst.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BankID säkerhetsprogram 4.10.4-->"C:\Program Files\Personal\bin\persinst.exe" -u
Catalyst Control Center - Branding-->MsiExec.exe /I{187817E2-6407-461C-B59B-56CE73363D34}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Compatibility Pack för Office 2007-systemet-->MsiExec.exe /X{90120000-0020-041D-0000-0000000FF1CE}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DC++ 0.750-->"C:\Program Files\DC++\uninstall.exe"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{28C3E5E6-5ACA-408D-9A46-089C5334EC97}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Quick Launch Buttons 6.40 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 D2-->MsiExec.exe /I{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0102-->MsiExec.exe /I{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}
HP Wireless Assistant-->MsiExec.exe /X{1061DF04-CF33-40B0-8360-D07C9BBEB122}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x9 -removeonly
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LightScribe System Software 1.12.33.2-->MsiExec.exe /X{582287DA-0806-4AC0-BF19-C15E3A466034}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - sve-->MsiExec.exe /I{7D7152AF-581B-316F-8CA4-15342C3EFA4B}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office PowerPoint Viewer 2007 (Swedish)-->MsiExec.exe /X{95120000-00AF-041D-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{2C1B58D5-6549-472C-86B7-17BE57186628}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{BA63348B-143D-4CAC-A355-3879402ED781}
Nokia Ovi Suite-->C:\ProgramData\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Nokia_Ovi_Suite_PCS_Update.exe
Nokia Ovi Suite-->MsiExec.exe /X{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}
Nokia PC Suite-->C:\ProgramData\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_swe.exe
Nokia PC Suite-->MsiExec.exe /I{19DC9559-9C20-4A46-A67D-7ECBA52A2788}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{8DE292EC-FA26-4526-BFEB-3EE820E97005}
Ovi Desktop Sync Engine-->MsiExec.exe /X{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}
OviMPlatform-->MsiExec.exe /I{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}
PC Connectivity Solution-->MsiExec.exe /I{481C9A00-91AC-4065-870C-BD4E28186E5A}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
ProtectSmart Hard Drive Protection-->MsiExec.exe /X{AAD72731-807A-4B79-AE05-9190B7002B7B}
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickSFV (Remove only)-->C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x001d -removeonly
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - sve\setup.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}
Windows Live Family Safety-->MsiExec.exe /X{65F6D25C-2B2B-4673-A81D-E7D7D72B29E4}
Windows Live inloggningsassistenten-->MsiExec.exe /I{0E93710D-31E5-477C-8A4B-5032B484BE74}
Windows Live Mail-->MsiExec.exe /I{9BBE7AA1-AFA8-4D76-8FC2-1FDFD9BD3371}
Windows Live Messenger-->MsiExec.exe /X{EC928237-A3BD-4640-ABD0-E49E758F2315}
Windows Live Movie Maker-->MsiExec.exe /X{FF4F668A-E199-431A-8D93-B2FD14FE3C5C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Gallery-->MsiExec.exe /X{C3FE3DD5-92E1-4EC3-BD6B-822DD99E8991}
Windows Live Sync-->MsiExec.exe /X{08A247F5-E34F-4D17-8731-0906DF56947E}
Windows Live Toolbar-->MsiExec.exe /X{14FB2C18-CFC1-4DF4-A9CF-BAD3CCB5AAFD}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{1A8BAA46-1179-4743-B00E-51B794A018B0}
Windows-drivrutinspaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_1a3c82dd\enecir.inf
Windows-drivrutinspaket - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Windows-drivrutinspaket - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf
Windows-drivrutinspaket - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_3a2e1afb\nokbtmdm.inf
Windows-drivrutinspaket - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_d5bc047a\nokia_bluetooth.inf
Windows-drivrutinspaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Hp-dator
Event Code: 1003
Message: CBS-felet 0x800f0825 rapporterades under bearbetning av UI-språkpaket för da-DK
Record Number: 1084590
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20100413081908.072122-000
Event Type: Fel
User: NT INSTANS\SYSTEM

Computer Name: Hp-dator
Event Code: 1001
Message: Programinitieringen misslyckades. Senaste fel: 0x80070032
Record Number: 1084534
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20100413080551.975222-000
Event Type: Fel
User: NT INSTANS\SYSTEM

Computer Name: Hp-dator
Event Code: 7000
Message: Tjänsten Parallel port driver kunde inte startas på grund av följande fel:
Tjänsten kan inte startas. Anledningen är antingen att tjänsten är spärrad eller att inga aktiva enheter är associerade med den.
Record Number: 1084458
Source Name: Service Control Manager
Time Written: 20100413080338.000000-000
Event Type: Fel
User:

Computer Name: Hp-dator
Event Code: 7001
Message: Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda kunde inte starta på grund av följande fel:
Tjänsten kan inte startas. Anledningen är antingen att tjänsten är spärrad eller att inga aktiva enheter är associerade med den.
Record Number: 1084453
Source Name: Service Control Manager
Time Written: 20100413080338.000000-000
Event Type: Fel
User:

Computer Name: Hp-dator
Event Code: 46
Message: Det gick inte att initiera kraschdumpning.
Record Number: 1084404
Source Name: volmgr
Time Written: 20100413080211.553760-000
Event Type: Fel
User:

=====Application event log=====

Computer Name: Andreas-dator
Event Code: 1530
Message: Windows har upptäckt att din registerfil fortfarande används av andra program eller servrar. Filen tas nu bort ur minnet. Programmen eller tjänsterna som använder registerfilen kanske inte fungerar korrekt efter detta.

INFORMATION -
1 user registry handles leaked from \Registry\User\S-1-5-21-1476678547-3916440443-1311802025-1000_Classes:
Process 952 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000_CLASSES

Record Number: 209
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080817205616.000000-000
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: Andreas-dator
Event Code: 1530
Message: Windows har upptäckt att din registerfil fortfarande används av andra program eller servrar. Filen tas nu bort ur minnet. Programmen eller tjänsterna som använder registerfilen kanske inte fungerar korrekt efter detta.

INFORMATION -
1 user registry handles leaked from \Registry\User\S-1-5-21-1476678547-3916440443-1311802025-1000:
Process 952 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000

Record Number: 208
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080817205615.000000-000
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: Andreas-dator
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 195
Source Name: Microsoft-Windows-WMI
Time Written: 20080817205144.000000-000
Event Type: Fel
User:

Computer Name: Andreas-dator
Event Code: 1530
Message: Windows har upptäckt att din registerfil fortfarande används av andra program eller servrar. Filen tas nu bort ur minnet. Programmen eller tjänsterna som använder registerfilen kanske inte fungerar korrekt efter detta.

INFORMATION -
1 user registry handles leaked from \Registry\User\S-1-5-21-1476678547-3916440443-1311802025-1000_Classes:
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000_CLASSES

Record Number: 160
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080817204907.000000-000
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: Andreas-dator
Event Code: 1530
Message: Windows har upptäckt att din registerfil fortfarande används av andra program eller servrar. Filen tas nu bort ur minnet. Programmen eller tjänsterna som använder registerfilen kanske inte fungerar korrekt efter detta.

INFORMATION -
17 user registry handles leaked from \Registry\User\S-1-5-21-1476678547-3916440443-1311802025-1000:
Process 660 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000
Process 1016 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Microsoft\SystemCertificates\My
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Microsoft\SystemCertificates\CA
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Policies\Microsoft\SystemCertificates
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Policies\Microsoft\SystemCertificates
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Policies\Microsoft\SystemCertificates
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Policies\Microsoft\SystemCertificates
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Microsoft\SystemCertificates\trust
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Microsoft\SystemCertificates\Root
Process 1652 (\Device\HarddiskVolume1\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-1476678547-3916440443-1311802025-1000\Software\Microsoft\SystemCertificates\Disallowed

Record Number: 159
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080817204906.000000-000
Event Type: Varning
User: NT INSTANS\SYSTEM

=====Security event log=====

Computer Name: Hp-dator
Event Code: 4624
Message: En inloggning har skett på ett konto.

Subjekt:
Säkerhets-ID: S-1-5-18
Kontonamn: HP-DATOR$
Kontodomän: WORKGROUP
Inloggnings-ID: 0x3e7

Inloggningstyp: 5

Ny inloggning:
Säkerhets-ID: S-1-5-18
Kontonamn: SYSTEM
Kontodomän: NT INSTANS
Inloggnings-ID: 0x3e7
Inloggnings-GUID: {00000000-0000-0000-0000-000000000000}

Processinformation:
Process-ID: 0x2c8
Processnamn: C:\Windows\System32\services.exe

Nätverksinformation:
Arbetsstationens namn:
Källnätverksadress: -
Källport: -

Detaljerad autentiseringsinformation:
Inloggningsprocess: Advapi
Autentiseringspaket: Negotiate
Överförda tjänster: -
Paketnamn (endast NTLM): -
Nyckellängd: 0

Händelsen skapas när en inloggningssession skapas. Den skapas på datorn som inloggningen skedde på.

Subjektsfälten anger vilket konto på det lokala systemet som inloggningen begärdes för. Detta är oftast en tjänst, till exempel tjänsten Server, eller en lokal process som exempelvis Winlogon.exe eller Services.exe.

Fältet för inloggningstyp anger vilken typ av inloggning som skedde. De vanligaste typerna är 2 (interaktiv) och 3 (nätverk).

Fälten Ny inloggning anger kontot som den nya inloggningen skapades för, d.v.s. det konto som var inloggat.

Nätverksfälten anger varifrån en begäran om fjärrinloggning skickades. Arbetsstationens namn är inte alltid tillgängligt och fältet kan i vissa fall lämnas tomt.

I fälten med autentiseringsinformation finns detaljerad information om den här specifika inloggningsbegäran.
- Inloggnings-GUID är ett unikt ID som kan användas till att korrelera händelsen med en KDC-händelse.
- Överförda tjänster anger vilka mellanliggande tjänster som har deltagit i inloggningsbegäran.
- Paketets namn anger vilket underprotokoll som användes tillsammans med NTLM-protokollen.
- Nyckellängden anger längden på den skapade sessionsnyckeln. Värdet är 0 om ingen sessionsnyckel begärdes.
Record Number: 739437
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428201543.073129-000
Event Type: Lyckad granskning
User:

Computer Name: Hp-dator
Event Code: 4648
Message: Ett inloggningsförsök med uttryckliga autentiseringsuppgifter gjordes.

Subjekt:
Säkerhets-ID: S-1-5-18
Kontonamn: HP-DATOR$
Kontodomän: WORKGROUP
Inloggnings-ID: 0x3e7
Inloggnings-GUID: {00000000-0000-0000-0000-000000000000}

Konto vars autentiseringsuppgifter användes:
Kontonamn: SYSTEM
Kontodomän: NT INSTANS
Inloggnings-GUID: {00000000-0000-0000-0000-000000000000}

Målserver:
Målservernamn: localhost
Ytterligare information: localhost

Processinformation:
Process-ID: 0x2c8
Processnamn: C:\Windows\System32\services.exe

Nätverksinformation:
Nätverksadress: -
Port: -

Händelsen skapas när en process försöker logga in ett konto genom att uttryckligen ange kontots autentiseringsuppgifter. Detta förekommer oftast i konfigurationer av kommandotyp, som schemalagda aktiviteter, eller när kommandot RUNAS används.
Record Number: 739436
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428201543.073129-000
Event Type: Lyckad granskning
User:

Computer Name: Hp-dator
Event Code: 4672
Message: Särskilda privilegier tilldelades till ny inloggning.

Subjekt:
Säkerhets-ID: S-1-5-18
Kontonamn: SYSTEM
Kontodomän: NT INSTANS
Inloggnings-ID: 0x3e7

Privilegier: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 739435
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428201437.553129-000
Event Type: Lyckad granskning
User:

Computer Name: Hp-dator
Event Code: 4624
Message: En inloggning har skett på ett konto.

Subjekt:
Säkerhets-ID: S-1-5-18
Kontonamn: HP-DATOR$
Kontodomän: WORKGROUP
Inloggnings-ID: 0x3e7

Inloggningstyp: 5

Ny inloggning:
Säkerhets-ID: S-1-5-18
Kontonamn: SYSTEM
Kontodomän: NT INSTANS
Inloggnings-ID: 0x3e7
Inloggnings-GUID: {00000000-0000-0000-0000-000000000000}

Processinformation:
Process-ID: 0x2c8
Processnamn: C:\Windows\System32\services.exe

Nätverksinformation:
Arbetsstationens namn:
Källnätverksadress: -
Källport: -

Detaljerad autentiseringsinformation:
Inloggningsprocess: Advapi
Autentiseringspaket: Negotiate
Överförda tjänster: -
Paketnamn (endast NTLM): -
Nyckellängd: 0

Händelsen skapas när en inloggningssession skapas. Den skapas på datorn som inloggningen skedde på.

Subjektsfälten anger vilket konto på det lokala systemet som inloggningen begärdes för. Detta är oftast en tjänst, till exempel tjänsten Server, eller en lokal process som exempelvis Winlogon.exe eller Services.exe.

Fältet för inloggningstyp anger vilken typ av inloggning som skedde. De vanligaste typerna är 2 (interaktiv) och 3 (nätverk).

Fälten Ny inloggning anger kontot som den nya inloggningen skapades för, d.v.s. det konto som var inloggat.

Nätverksfälten anger varifrån en begäran om fjärrinloggning skickades. Arbetsstationens namn är inte alltid tillgängligt och fältet kan i vissa fall lämnas tomt.

I fälten med autentiseringsinformation finns detaljerad information om den här specifika inloggningsbegäran.
- Inloggnings-GUID är ett unikt ID som kan användas till att korrelera händelsen med en KDC-händelse.
- Överförda tjänster anger vilka mellanliggande tjänster som har deltagit i inloggningsbegäran.
- Paketets namn anger vilket underprotokoll som användes tillsammans med NTLM-protokollen.
- Nyckellängden anger längden på den skapade sessionsnyckeln. Värdet är 0 om ingen sessionsnyckel begärdes.
Record Number: 739434
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428201437.553129-000
Event Type: Lyckad granskning
User:

Computer Name: Hp-dator
Event Code: 4648
Message: Ett inloggningsförsök med uttryckliga autentiseringsuppgifter gjordes.

Subjekt:
Säkerhets-ID: S-1-5-18
Kontonamn: HP-DATOR$
Kontodomän: WORKGROUP
Inloggnings-ID: 0x3e7
Inloggnings-GUID: {00000000-0000-0000-0000-000000000000}

Konto vars autentiseringsuppgifter användes:
Kontonamn: SYSTEM
Kontodomän: NT INSTANS
Inloggnings-GUID: {00000000-0000-0000-0000-000000000000}

Målserver:
Målservernamn: localhost
Ytterligare information: localhost

Processinformation:
Process-ID: 0x2c8
Processnamn: C:\Windows\System32\services.exe

Nätverksinformation:
Nätverksadress: -
Port: -

Händelsen skapas när en process försöker logga in ett konto genom att uttryckligen ange kontots autentiseringsuppgifter. Detta förekommer oftast i konfigurationer av kommandotyp, som schemalagda aktiviteter, eller när kommandot RUNAS används.
Record Number: 739433
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100428201437.553129-000
Event Type: Lyckad granskning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=17
"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Gmaer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-17 10:53:43
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\ugliipob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0xA00340A2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0xA0034972]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA0033AF8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA002D0D8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA004BAA6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA0034602]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA0034760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA002DF9A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA004D4BC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA004CDB2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA004DE86]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA004E0C4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0xA004E576]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA002DA8C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA004F30C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA004E840]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA0033690]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA004EF4C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA002E3A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA004F894]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA004C4D6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 13D 826F88A0 8 Bytes [A2, 40, 03, A0, 72, 49, 03, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 826F8924 4 Bytes [F8, 3A, 03, A0]
.text ntkrnlpa.exe!KeSetEvent + 1D9 826F893C 4 Bytes [D8, D0, 02, A0]
.text ntkrnlpa.exe!KeSetEvent + 1E9 826F894C 4 Bytes [A6, BA, 04, A0]
.text ntkrnlpa.exe!KeSetEvent + 205 826F8968 4 Bytes [02, 46, 03, A0]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9EE03000, 0x23100A, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3516] ntdll.dll!LdrLoadDll 778F9390 5 Bytes JMP 000B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a517c8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a517c8@001dfd1f132a 0x46 0xE1 0xAF 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b3659
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0021866b3659@001dfd1f132a 0x57 0xA9 0xB8 0x0A ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\001060a517c8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\001060a517c8@001dfd1f132a 0x46 0xE1 0xAF 0x9B ...
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0021866b3659 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\0021866b3659@001dfd1f132a 0x57 0xA9 0xB8 0x0A ...

---- EOF - GMER 1.0.15 ----
Pandi
Regular Member
 
Posts: 23
Joined: July 29th, 2009, 7:15 am

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby xixo_12 » May 17th, 2010, 8:08 am

Hi,

Please be aware that I'm removing your P2P.
If you wish not to remove it, please don't follow the instructions and tell me to close this topic.

First,
OTM by Old Timer.
Please download from HERE and save to the desktop.
  • Right click on OTM.exe > Run as an Administrator.
  • Copy the lines in the codebox below.
    :processes
    :files
    C:\Users\Andreas\AppData\Roaming\uTorrent
    C:\Program Files\uTorrent
    :commands
    [emptytemp]
    [start explorer]
    [reboot]
  • Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar, Code box into OTMoveIt3 (1).) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.

Note:
  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
  • If you are asked to reboot the machine choose Yes.
  • In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,
CKScanner.
Please download from HERE and save to the desktop.
  • Right click on CKScanner.exe > Run as Administrator to run it and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next,
Discussion.
Your antivirus is working well? I mean, can you perform the updater (database) ?

Next,
Checklist.
Please post.
  • Content of OTM log
  • Content of CKFiles.txt
  • Respond to our discussion
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby Pandi » May 17th, 2010, 8:38 am

OTM log:

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Users\Andreas\AppData\Roaming\uTorrent folder moved successfully.
C:\Program Files\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andreas
->Temp folder emptied: 10416369 bytes
->Temporary Internet Files folder emptied: 1934362 bytes
->Java cache emptied: 54495488 bytes
->FireFox cache emptied: 33124594 bytes
->Apple Safari cache emptied: 40789466 bytes
->Flash cache emptied: 11661 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155565890 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 292271 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 322 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 283,00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05172010_141814

Files moved on Reboot...
C:\Users\Andreas\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Andreas\AppData\Local\Temp\~DF1DED.tmp moved successfully.
File C:\Windows\temp\ZLT0665b.TMP not found!

Registry entries deleted on Reboot...


CKFiles.txt:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

My Antivirus is working as usual and I can update it everyday, Im using Avira Antivir personal. And the two trojans is in the quarentine in my Antivirus program. Can they still do damage if they are in quarentine?
Pandi
Regular Member
 
Posts: 23
Joined: July 29th, 2009, 7:15 am

Re: Avira Antivirus found WLANExt.exe TR/PatchLoad.393839.1

Unread postby xixo_12 » May 17th, 2010, 6:24 pm

Hi,
Let's proceed.

So far, your system is looks so clean. If they quarantined, nothing to worry about. Let's check with another method.

First,
ATF by Atribune
Please download HERE and save to the desktop. Right click on ATF Cleaner.exe > Run as Administrator to open it.
Under Main choose:
    choose: Select All
    Click the Empty Selected button.
if you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,
Kaspersky Online AV Scan
Note: Internet Explorer should be used. Right click on the icon > Run as Administrator.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next.

Next,
Checklist.
Please post.
  • Content of kaspersky scan log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware