PDA

View Full Version : Laptop with Malware



Joshen
2012-11-19, 23:08
Lets try again :-)

Hello
We have a Laptop that is mainly used by my wife.
Lately the computer freezes from time to time, sometime it continues after a while, and sometimes a reset is needed. It seams slow and infected by something. Tried some scanner and it seams to report malwares.

I dont think any cleaning program have been used but im not the only one using it

As we have another computer on the same net i hope you can help me taking a quick look at that later as well.


If i have missed some infomation you need, please let me now.
Thanks
//Joshen




DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
Run by TOJ at 16:55:05 on 2012-11-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.1725 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://vbb.timantti.com/regal20/configurator/default.aspx?locale=2
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/firefox
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=bOCtkLVEHd4J9hylyuvf_w&ind=2010121907&ptnrS=ZVfox000&si=&n=77d006b3&psa=&st=kwd&searchfor=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2012-10-27 09:46; en-GB@dictionaries.addons.mozilla.org; c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - ExtSQL: 2012-10-27 09:49; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-11-17 11:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-27 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-16 44808]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-18 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-18 676936]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-12-19 28762]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
R2 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\ugs\ugslicensing\lmgrd.exe [2008-4-22 1372160]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-18 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2012-11-18 17:15:34 -------- d-----w- c:\users\toj\appdata\local\VS Revo Group
2012-11-18 17:15:27 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-11-18 17:15:25 -------- d-----w- c:\program files\VS Revo Group
2012-11-18 17:00:43 -------- d-----w- c:\users\toj\appdata\roaming\Malwarebytes
2012-11-18 17:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-11-18 17:00:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-18 17:00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-17 12:25:41 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{666ce97d-8e3b-4196-9111-58d84bd6d898}\offreg.dll
2012-11-17 10:18:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 21:32:54 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{666ce97d-8e3b-4196-9111-58d84bd6d898}\mpengine.dll
2012-11-16 05:00:22 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 05:00:21 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 05:00:21 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:59:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:59:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:59:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:59:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:59:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:59:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:59:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 17:24:36 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 17:24:36 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 17:24:35 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 17:24:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 17:24:35 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 17:24:35 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 17:24:35 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 17:24:35 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 17:24:25 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 17:24:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 17:23:58 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 17:23:58 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-27 07:49:23 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-27 07:49:20 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-27 07:49:15 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-27 07:48:38 41224 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2012-11-17 10:18:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 19:30:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 19:30:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57:48 981504 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 15:20:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
============= FINISH: 16:55:53,61 ===============




aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 16:57:50
-----------------------------
16:57:50.900 OS Version: Windows 6.1.7601 Service Pack 1
16:57:50.900 Number of processors: 2 586 0x170A
16:57:50.903 ComputerName: MAGGIE2 UserName: TOJ
16:57:52.626 Initialize success
16:57:52.746 AVAST engine defs: 12111900
16:58:04.628 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:58:04.628 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
16:58:04.648 Disk 0 MBR read successfully
16:58:04.658 Disk 0 MBR scan
16:58:04.668 Disk 0 Windows 7 default MBR code
16:58:04.678 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
16:58:04.698 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228233 MB offset 20973568
16:58:04.698 Disk 0 scanning sectors +488394752
16:58:04.758 Disk 0 scanning C:\Windows\system32\drivers
16:58:15.776 Service scanning
16:58:41.128 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:58:49.492 Modules scanning
16:59:06.508 Disk 0 trace - called modules:
16:59:06.878 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spwq.sys >>UNKNOWN [0x85554938]<<
16:59:06.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d42948]
16:59:06.928 3 CLASSPNP.SYS[8b99059e] -> nt!IofCallDriver -> [0x862d0698]
16:59:06.938 5 ACPI.sys[8b3c03d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862ad028]
16:59:08.608 AVAST engine scan C:\Windows
16:59:12.066 AVAST engine scan C:\Windows\system32
17:02:06.517 AVAST engine scan C:\Windows\system32\drivers
17:02:21.983 AVAST engine scan C:\Users\TOJ
17:08:28.876 AVAST engine scan C:\ProgramData
17:09:34.472 Scan finished successfully
17:09:48.016 Disk 0 MBR has been saved successfully to "C:\Users\TOJ\Desktop\MBR.dat"
17:09:48.026 The log file has been saved successfully to "C:\Users\TOJ\Desktop\aswMBR.txt"





FunWebProducts: [SBI $724750D4] Program directory (Bibliotek, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\

FunWebProducts: [SBI $A4654040] Program directory (Bibliotek, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\Images\

FunWebProducts: [SBI $7AEE25A5] Class ID (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

FunWebProducts: [SBI $8CC75C5A] Settings (Registervärde, nothing done)
HKEY_USERS\S-1-5-21-1995726087-44847017-43282288-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}

FunWebProducts: [SBI $B71E4FFD] Program directory (Bibliotek, nothing done)
C:\Program Files\FunWebProducts\

FunWebProducts: [SBI $934664E3] Executable (Fil, nothing done)
C:\Windows\System32\f3PSSavr.scr
Properties.size=32768
Properties.md5=A82C8C631255FD5DE31E796EED8CDA49
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

FunWebProducts: [SBI $2B247FE8] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
Properties.size=86096
Properties.md5=E651BE4F6E4DCD99AA66EF80C5CDD28B
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

FunWebProducts: [SBI $4296F4A6] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
Properties.size=86078
Properties.md5=D460ECA5D4574507FF4DABCC2CBC5F2E
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

FunWebProducts: [SBI $51F213BA] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\

FunWebProducts: [SBI $9975C0B8] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\

FunWebProducts: [SBI $9AC0555D] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Avatar\

FunWebProducts: [SBI $87976B73] Program directory (Bibliotek, nothing done)
C:\Program Files\funwebproducts\ScreenSaver

MyWay.MyWebSearch: [SBI $39E631BB] Settings (Registernyckel, nothing done)
HKEY_USERS\S-1-5-21-1995726087-44847017-43282288-1003\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: [SBI $1D729FD1] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: [SBI $B1C70274] Browser helper object (Registernyckel, nothing done)
HKEY_USERS\S-1-5-21-1995726087-44847017-43282288-1003\Software\MyWebSearch

MyWay.MyWebSearch: [SBI $91B56C2A] Class ID (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}

MyWay.MyWebSearch: [SBI $EABEA47E] Type library (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}

MyWay.MyWebSearch: [SBI $95E7D650] Type library (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}

MyWay.MyWebSearch: [SBI $DBE9DC78] Browser helper object (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\FocusInteractive

MyWay.MyWebSearch: [SBI $0AB712F8] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: [SBI $6CDD369B] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: [SBI $AC7657F9] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\MyWebSearch

MyWay.MyWebSearch: [SBI $51E6ABA2] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\

MyWay.MyWebSearch: [SBI $B836F058] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

MyWay.MyWebSearch: [SBI $4A8ED495] Type library (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
Properties.size=89655
Properties.md5=140AB62FFB5E3991894AEAD1E105393D
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Properties.size=56438
Properties.md5=87B6FB1125216E8D7B293400B715FB8D
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Properties.size=66726
Properties.md5=E660C15170591EBE447F601DDC6163C1
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Properties.size=56688
Properties.md5=C13224330D67C961D2E3E4279A5BC1A6
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
Properties.size=330710
Properties.md5=B8F1A5EA13A9C3E6C2C8C28FA86ABD3E
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
Properties.size=301118
Properties.md5=FD8A7DE5CE05EDA235B4D29C0E64FBFF
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
Properties.size=71675
Properties.md5=EAD44A1AC4FD80104D1B4814CE3582E1
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
Properties.size=106998
Properties.md5=43182F0E08638C0FFB08B33D7876B340
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
Properties.size=129559
Properties.md5=1A47783E119A96A3597DA38717FB9E59
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
Properties.size=272367
Properties.md5=72876A9D1BA63B025CF73A5EB622569E
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
Properties.size=122747
Properties.md5=46DD0C9F0820FE10E0DB7D2DC5B18E2F
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
Properties.size=43287
Properties.md5=4C64C9C48FAFB1CE394BAD985A1A1CA6
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
Properties.size=155471
Properties.md5=256AC64A886E9E60E56CE07A0F5C6808
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
Properties.size=149817
Properties.md5=648274DCDAE169827E769628379D342A
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
Properties.size=243509
Properties.md5=D9E3A3AEB53C0B0E1A4F6987D1995F0B
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
Properties.size=113081
Properties.md5=14DF54094BF76DBE5D71DB552DFB2633
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S
Properties.size=132691
Properties.md5=0B908DA08C94A96D21804A6FD866518A
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $2CFDFB02] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
Properties.size=305
Properties.md5=BC3475B177749B81BFAB5D21091786B5
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $2CFDFB02] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
Properties.size=16
Properties.md5=3AB2A38E4DC5A3DF24564D639021C8B0
Properties.filedate=1292761401
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
Properties.size=7406
Properties.md5=089EFCEA98317E0D0DC0543BE2EDA81F
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
Properties.size=7406
Properties.md5=141581A8DE0D46FB85F25A89DA38284C
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
Properties.size=10134
Properties.md5=24E6DA5796608E7DAD1011EC432B1666
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
Properties.size=7406
Properties.md5=2327AE7F0BAC7814F0870CED67420AAC
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
Properties.size=7406
Properties.md5=7429E321AC5058790EA073CD55F7328F
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
Properties.size=12782
Properties.md5=EC6393D63343AF0856E5DCBD16C182BC
Properties.filedate=1292761401
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL
Properties.size=28776
Properties.md5=F79220B730D91FBF4D8C94BA91C1A857
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
Properties.size=16501
Properties.md5=4F0AE2BC1861832947E4A872E2D02BA2
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
Properties.size=16479
Properties.md5=D3CEDDEF152C4060992562F2E740D179
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
Properties.size=155738
Properties.md5=24CDF2C595324C7F1AB402701322B376
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
Properties.size=32768
Properties.md5=D9FD5A34E06E66EDD50A88CDB2D2FC4B
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
Properties.size=28762
Properties.md5=48D50D679D28E5C4BF5A67664CC56B41
Properties.filedate=1292761398
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
Properties.size=139264
Properties.md5=ACB88F31279E312F633B24F48F8C0808
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
Properties.size=278610
Properties.md5=807D3213938A474995CC69EB73E86DE9
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
Properties.size=77906
Properties.md5=220BC041CDD85E4409A88CD46306D60D
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
Properties.size=32856
Properties.md5=8EE956AEE18F2459D5EC5AC53E2314D9
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
Properties.size=32768
Properties.md5=A82C8C631255FD5DE31E796EED8CDA49
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
Properties.size=24576
Properties.md5=C4FF418909D55A7744B04774A83135C9
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $F06432E0] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin

MyWay.MyWebSearch: [SBI $C771B898] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MyWebSearchService

MyWay.MyWebSearch: [SBI $9C66098D] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MyWebSearchService

MyWay.MyWebSearch: [SBI $1E9D2A89] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Game\

MyWay.MyWebSearch: [SBI $6B75E445] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\History\

MyWay.MyWebSearch: [SBI $D182749E] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\icons\

MyWay.MyWebSearch: [SBI $4A5017B0] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Message\

MyWay.MyWebSearch: [SBI $EBAA84FB] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\

MyWay.MyWebSearch: [SBI $9DB56617] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Settings\

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Avatar

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Game

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\History

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\icons

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Message

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Notifier

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Overlay

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Settings

MyWay.MyWebSearch: [SBI $78882F84] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar

MyWay.MyWebSearch: [SBI $9185AE0B] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

MyWay.MyWebSearch: [SBI $798DEFC6] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}

MyWay.MyWebSearch: [SBI $17EB816E] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

MyWay.MyWebSearch: [SBI $E6CF97BD] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}

MyWay.MyWebSearch: [SBI $84A88F8E] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}

MyWay.MyWebSearch: [SBI $2E0CB34B] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

MyWay.MyWebSearch: [SBI $93F63F8F] Settings (Registervärde, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\m3ffxtbr@mywebsearch.com

MyWay.MyWebSearch: [SBI $33173CA4] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin

FunWebProducts: [SBI $C9EF9978] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Fun Web Products

FunWebProducts: [SBI $EABD1904] Settings (Registervärde, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts

MyWebSearch: [SBI $A020D1EF] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

MyWebSearch: [SBI $28E3F240] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

MyWebSearch: [SBI $EB0F98F9] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

MyWebSearch: [SBI $1FBE02BC] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

MyWebSearch: [SBI $2657A585] Settings (Registervärde, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers

MediaPlex: Tracking cookie (Internet Explorer: TOJ) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: TOJ) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-11-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Jack&Jill
2012-11-28, 17:26
Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

Joshen
2012-11-28, 17:54
Nice to hear from you im ready to get started to try and solve this strange issue

Jack&Jill
2012-11-28, 18:07
Hello Joshen :),

Is this a work computer? There are some programs that will only exist on corporate computers on board.

Please take a look at this:
http://forums.spybot.info/showpost.php?p=25712&postcount=5

Joshen
2012-11-28, 22:29
No, what should that be?

We have used during some educations (might have installed something then, but that should have been removed) and taken some work home (but no programs that i can remember)

Its my wifes play computer mainly :)

Jack&Jill
2012-11-29, 01:18
Hello Joshen :),

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.

--------------------

Validate Windows

Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here. (http://go.microsoft.com/fwlink/?linkid=52012)
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

--------------------

Check for additional security risks

Please download CKScanner© by askey127 and save to your desktop. Click here. (http://downloads.malwareremoval.com/CKScanner.exe)
Double click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.
Please run the program only once.

--------------------

Remove P2P software

IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Vuze


Please read the Guidelines for P2P Programs (http://forums.spybot.info/showthread.php?t=282) where we explain why it's not a good idea to have them.
Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
Please remove them before we continue with fixing your computer.

Please run DDS and post both logs.

--------------------

Please post back:
1. MGADiag result
2. CKScanner log
3. fresh DDS logs

Joshen
2012-11-29, 06:54
MGAdiag

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-G6VBJ-KGM24-DHW4D
Windows Product Key Hash: OZsuH2dLMQXMid+AojAXnNYJtVs=
Windows Product ID: 00359-OEM-8882216-66698
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {3B781C0A-90FC-4859-84E4-A9DB61D0B467}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3B781C0A-90FC-4859-84E4-A9DB61D0B467}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DHW4D</PKey><PID>00359-OEM-8882216-66698</PID><PIDType>3</PIDType><SID>S-1-5-21-1995726087-44847017-43282288</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Extensa 5635ZG </Model></SYSTEM><BIOS><Manufacturer>Phoenix</Manufacturer><Version>V0.3213</Version><SMBIOSVersion major="2" minor="5"/><Date>20090507000000.000000+000</Date></BIOS><HWID>F43C3807018400F8</HWID><UserLCID>041D</UserLCID><SystemLCID>041D</SystemLCID><TimeZone>Västeuropa, normaltid(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{9011041D-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73978-640-0000106-57489</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Programlicenstjänstens version: 6.1.7601.17514

Namn: Windows(R) 7, HomePremium edition
Beskrivning: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Aktiverings-ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
Program-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Utökat produkt-ID: 00359-00176-822-166698-02-1053-7600.0000-0362010
Installations-ID: 019876965465426642979405437426752822054996249593873752
URL till processorcertifikatet: http://go.microsoft.com/fwlink/?LinkID=88338
URL till datorcertifikatet: http://go.microsoft.com/fwlink/?LinkID=88339
URL till användningslicensen: http://go.microsoft.com/fwlink/?LinkID=88341
URL till produktnyckelcertifikat: http://go.microsoft.com/fwlink/?LinkID=88340
Ofullständig produktnyckel: DHW4D
Licenstillstånd: Licensierad
Återstående antal Windows-omaktiveringar: 5
Betrodd tid: 2012-11-29 05:36:40

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:23:2012 18:46
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAIAAAABAAAAAwABAAEAeqg40E7qeqYgOmg1znAwm4CGUrEcQ0bK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC ACRSYS ACRPRDCT
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci



CKscanner

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.IANAGH
----- EOF -----


DDS
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
Run by TOJ at 5:50:55 on 2012-11-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.1842 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\UGS\UGSLicensing\ugslmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://vbb.timantti.com/regal20/configurator/default.aspx?locale=2
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/firefox
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=bOCtkLVEHd4J9hylyuvf_w&ind=2010121907&ptnrS=ZVfox000&si=&n=77d006b3&psa=&st=kwd&searchfor=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2012-10-27 09:46; en-GB@dictionaries.addons.mozilla.org; c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - ExtSQL: 2012-10-27 09:49; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-11-17 11:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-27 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-16 44808]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-12-19 28762]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
R2 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\ugs\ugslicensing\lmgrd.exe [2008-4-22 1372160]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2012-11-29 04:36:47 -------- d-----w- C:\MGADiagToolOutput
2012-11-27 19:36:57 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c5264b3-c600-43b3-9bd5-c3dcf5a1be19}\mpengine.dll
2012-11-19 16:11:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-19 16:11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-18 17:15:34 -------- d-----w- c:\users\toj\appdata\local\VS Revo Group
2012-11-18 17:15:27 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-11-18 17:15:25 -------- d-----w- c:\program files\VS Revo Group
2012-11-18 17:00:43 -------- d-----w- c:\users\toj\appdata\roaming\Malwarebytes
2012-11-18 17:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 10:18:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 05:00:22 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 05:00:21 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 05:00:21 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:59:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:59:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:59:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:59:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:59:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:59:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:59:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 17:24:36 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 17:24:36 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 17:24:35 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 17:24:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 17:24:35 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 17:24:35 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 17:24:35 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 17:24:35 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 17:24:25 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 17:24:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 17:23:58 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 17:23:58 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
==================== Find3M ====================
.
2012-11-21 19:40:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 19:40:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-17 10:18:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59:28 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
============= FINISH: 5:51:32,54 ===============

Jack&Jill
2012-11-29, 15:05
Hello Joshen :),

The Microsoft Office Professional Edition 2003 on your computer is a non-genuine copy. It was installed with a now blocked Volume Licensing Key (VLK) that was valid and only available to corporations, education entities and government agencies. VLKs are blocked by Microsoft at the request and consent of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, Microsoft may have blocked the key if it notices a pattern of misuse, that is more installations using that key than authorized.
A VL Product Key is non-transferable to individuals.

Please read the fourth post (http://forums.spybot.info/showpost.php?p=25290&postcount=4) of the Forum Rules (http://forums.spybot.info/showthread.php?t=288).

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
If there are more such new findings after this, the topic will also be closed.

You may return to the seller to demand for a replacement with a genuine copy or get a full refund. As an alternative, you can also try OpenOffice (http://www.openoffice.org/).

Post back a new MGADiag result when you are done.

Joshen
2012-11-30, 01:16
That was news for me, but i dident install it when it was done a long time ago. Removed it as requested, will install open office later when we are done here :-)
(have it already on some others units)

Jack&Jill
2012-11-30, 17:13
Hello Joshen :),

:bigthumb:. Thank you for complying to the forum rules.

If you are not using this, please uninstall it:
Viewpoint Media Player


You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.

--------------------

Scan with RogueKiller

Please download RogueKiller© by Tigzy and save it to your desktop. Click here. (http://tigzy.geekstogo.com/roguekiller.php)
Click on the blue button with arrow pointing downwards to the right of Mirror:.
Allow the download if prompted by your security software and please close all your programs.
Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan. Accept the EULA if prompted.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.

--------------------

Please post back:
1. the previous MBAM
2. RogueKiller log

Joshen
2012-12-01, 01:14
Removed Viewpoint Media Player

Cant find a logfile for MBAM, not sure if it have been run, tell me if you want me to run it

-------------------------------------------------------------------

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : TOJ [Admin rights]
Mode : Scan -- Date : 12/01/2012 00:07:55

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] ouc.exe -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe -> KILLED [TermProc]
[SUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc]
[SUSP PATH] PLFSetI.exe -- C:\Windows\PLFSetI.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : PLFSetI (C:\Windows\PLFSetI.exe) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer (80.251.201.177 80.251.201.178) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer (80.251.201.177 80.251.201.178) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
--- User ---
[MBR] 69f0e29f0fa680e3f4c1eff4b871c2fb
[BSP] 0c08f6f11995d37a674b242a676a9a8c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 228233 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12012012_02d0007.txt >>
RKreport[1]_S_12012012_02d0007.txt

Jack&Jill
2012-12-01, 03:35
Hello Joshen :),

I want you to update MBAM and run a scan.

Open MBAM and click on the Update tab, then Check for Updates.
When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Please post back:
1. MBAM report

Joshen
2012-12-01, 10:36
Scanning in progress.
For future usage, is MBAM a good and useful tool that should be used on a regular basics? There are a lot of these programs out there. Is the free version good enough or would you recommend to by the full one?
Will post the results as soon as its done!:rockon:

Joshen
2012-12-01, 12:04
Result as requested

Malwarebytes Anti-Malware (Testversion) 1.65.1.1000
www.malwarebytes.org

Databasversion: v2012.12.01.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
TOJ :: MAGGIE2 [administratör]

Skydd: Inaktiverad

2012-12-01 09:20:06
mbam-log-2012-12-01 (09-20-06).txt

Skanningstyp: Fullständig skanning (C:\|)
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 319797
Förfluten tid: 1 timme(ar), 21 minut(er), 27 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 27
HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (PUP.MyWebSearch) -> Sattes i karantän och togs bort.

Upptäckta registervärden: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Sattes i karantän och togs bort.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Sattes i karantän och togs bort.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin -> Sattes i karantän och togs bort.

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 15
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Ta bort vid nästa datorstart.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Ta bort vid nästa datorstart.
C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Ta bort vid nästa datorstart.
C:\Program Files\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Sattes i karantän och togs bort.

Upptäckta filer: 50
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (PUP.MyWebSearch) -> Ta bort vid nästa datorstart.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Program Files\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Sattes i karantän och togs bort.

(klar)

Jack&Jill
2012-12-01, 15:39
Hello Joshen :),

I have the full version of MBAM. It offers real time protection and is a good security program to have. The free version does not have the real time protection. Alternatively, you can also consider Spybot 2.0 (http://www.safer-networking.org/). Well, I will provide some recommendations related to security programs when we are done.

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. ESET result
2. how is the computer now?

Joshen
2012-12-01, 19:13
Scan resulted in

C:\Users\TOJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7850180f-46ea7c8b a variant of Java/Exploit.Agent.NDH trojan


About the status, i will try it for 24h and come back with a verdict.
The freezing can occur at any time.
It worse when we use files on the net at home, but we will try that to tomorrow evening and get back to you.

Thanks a lot for your help so far :santa:

Jack&Jill
2012-12-02, 09:07
Hello Joshen :),

I am glad to help out.

This file is located in the Java cache:
C:\Users\TOJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7850180f-46ea7c8b

You can clear it off by going to Start > Control Panel, then open Java. If the View by: settings is Category, you need to click on Programs first to access Java.

On the Java Control Panel, click on Settings... under the Temporary Internet Files title, follow by Delete Files....

--------------------

While you are checking if the computer is OK, continue with the below steps.

Please download ATF (Atribune Temp File) Cleaner© by Atribune from one of the links below and save it to your desktop.

Link 1 (http://majorgeeks.com/ATF_Cleaner_d4949.html)
Link 2 (http://download.cnet.com/ATF-Cleaner/3000-18512_4-89432.html)

Run ATF Cleaner

Exit all browsers.
Double-click ATF Cleaner.exe to open it.
Click Run if prompted.
At the bottom of the list, check (tick) Select All.
Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
Then click the Empty Selected button.
Firefox:
Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

--------------------

Please post back:
1. how is the computer now?

Joshen
2012-12-03, 06:37
It seams to be a lot better, we had some freezing when looking at a movie over the local net but i increased the video buffer from 10 to 20 sec and not it seams to work fine. :bigthumb:

I think your help have done it :thanks:

Jack&Jill
2012-12-03, 07:13
Hello Joshen :),

Good to hear that.

Please run DDS again and post back fresh logs.

Joshen
2012-12-03, 13:00
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
Run by TOJ at 11:57:38 on 2012-12-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.1884 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://vbb.timantti.com/regal20/configurator/default.aspx?locale=2
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/firefox
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=bOCtkLVEHd4J9hylyuvf_w&ind=2010121907&ptnrS=ZVfox000&si=&n=77d006b3&psa=&st=kwd&searchfor=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2012-10-27 09:46; en-GB@dictionaries.addons.mozilla.org; c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - ExtSQL: 2012-10-27 09:49; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-11-17 11:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-27 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-16 44808]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-30 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-30 676936]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-30 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2012-12-02 19:22:23 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d839f5fb-8111-4e34-9277-14440beff14d}\offreg.dll
2012-12-01 15:15:10 -------- d-----w- c:\program files\ESET
2012-11-30 23:12:13 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d839f5fb-8111-4e34-9277-14440beff14d}\mpengine.dll
2012-11-30 22:58:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 22:58:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-29 04:36:47 -------- d-----w- C:\MGADiagToolOutput
2012-11-19 16:11:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-19 16:11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-18 17:15:34 -------- d-----w- c:\users\toj\appdata\local\VS Revo Group
2012-11-18 17:15:27 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-11-18 17:15:25 -------- d-----w- c:\program files\VS Revo Group
2012-11-18 17:00:43 -------- d-----w- c:\users\toj\appdata\roaming\Malwarebytes
2012-11-18 17:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 10:18:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 05:00:22 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 05:00:21 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 05:00:21 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:59:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:59:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:59:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:59:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:59:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:59:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:59:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 17:24:36 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 17:24:36 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 17:24:35 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 17:24:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 17:24:35 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 17:24:35 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 17:24:35 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 17:24:35 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 17:24:25 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 17:24:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 17:23:58 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 17:23:58 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
==================== Find3M ====================
.
2012-11-21 19:40:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 19:40:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-17 10:18:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59:28 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 11:58:24,91 ===============

Joshen
2012-12-04, 06:34
The laptop actually freezed again yesterday for a good 10 seconds. Not sure if you can help me to find the issue, but we have removed the big problems by removing the bad programs already.
Its a lot better now anyway

Jack&Jill
2012-12-05, 02:05
Hello Joshen :),

There still an unwanted entry in Firefox.

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=bOCtkLVEHd4J9hylyuvf_w&ind=2010121907&ptnrS=ZVfox000&si=&n=77d006b3&psa=&st=kwd&searchfor=

Please remove it by resetting Firefox as outlined here (http://www.malwareremoval.com/forum/viewtopic.php?p=590266#p590266).

--------------------

Correct a registry key

Open Notepad. Copy and paste the following text into it:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03F998B2-0E00-11D3-A498-00104B6EB52E}]

Note: Copy exactly everything in the code box. Make sure there is no empty lines at the beginning, and have one empty line at the end of the codes.
Save it as Fix.reg on the desktop. Make sure the Save as type: is All Files (*.*).
Right click on Fix.reg and select Run as administrator. When it asks you to merge the information to the registry, click Yes.

--------------------

Besides those, I am not seeing anything from the DDS log. What were you doing when the freeze occurred?

A few approaches we could take include:

Disable Windows Defender real-time protection.
Go to Start > All Programs > Windows Defender, or you can access it from the Control Panel.
Click on Tools at the top.
Under Settings, click on Options.
Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
Under Real-time protection, uncheck Use real-time protection (recommended) box. Scroll down if you do not see it.
Click on the Save button at the bottom right hand corner and close the window.

Avast is already covering the antispyware portion of the computer's security, so you don't need Windows Defender.

Next, open Windows Explorer, then right click on C:\. Select Properties, change to the Tools tab, and click on Check now.... Proceed accordingly.

--------------------

Please post back:
1. fresh DDS log
2. when the freeze occurred?
3. an update if there is any improvements after the fews steps taken

Joshen
2012-12-05, 07:04
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
Run by TOJ at 6:01:44 on 2012-12-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.2046 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\j7e01a9x.default-1354682357637\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2012-10-27 19:42; {AB2CE124-6272-4b12-94A9-7303C7397BD1}; c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - ExtSQL: 2012-11-17 03:17; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-11-17 11:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-05 05:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\toj\appdata\roaming\mozilla\firefox\profiles\j7e01a9x.default-1354682357637\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-27 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-16 44808]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2012-12-04 20:24:52 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a8c4e53-10e2-4fdf-9117-983ff207c402}\mpengine.dll
2012-12-01 15:15:10 -------- d-----w- c:\program files\ESET
2012-11-29 04:36:47 -------- d-----w- C:\MGADiagToolOutput
2012-11-19 16:11:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-19 16:11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-18 17:15:34 -------- d-----w- c:\users\toj\appdata\local\VS Revo Group
2012-11-18 17:15:27 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-11-18 17:15:25 -------- d-----w- c:\program files\VS Revo Group
2012-11-18 17:00:43 -------- d-----w- c:\users\toj\appdata\roaming\Malwarebytes
2012-11-18 17:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 10:18:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 05:00:22 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 05:00:21 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 05:00:21 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:59:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:59:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:59:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:59:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:59:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:59:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:59:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 17:24:36 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 17:24:36 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 17:24:35 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 17:24:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 17:24:35 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 17:24:35 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 17:24:35 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 17:24:35 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 17:24:25 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 17:24:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 17:23:58 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 17:23:58 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
==================== Find3M ====================
.
2012-11-21 19:40:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 19:40:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-17 10:18:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59:28 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 6:03:00,36 ===============

Joshen
2012-12-05, 07:38
Previously if could happen at any time.
The best way was to look at a video or something similar with the WMP.
No we only get this issue when looking at something that is on another computer by wifi.

The issue is that we cant remember to have that problem a year ago, thats the part that seems strange. And if the issue is on the wifi section its really not a lot you can do to help me.

Jack&Jill
2012-12-05, 17:55
Hello Joshen :),

It could be a resource issue. I will just take a look if I can spot anything.

Please download MiniToolBox© by farbar and save it to your desktop. Click here. (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe)

Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:
Flush DNS
List last 10 Event Viewer Errors
List devices, and select Only Problems
List Users, Partitions and Memory size.
List Minidump Files
Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.

--------------------

Please post back:
1. MiniToolBox result

Joshen
2012-12-06, 06:36
MiniToolBox by Farbar Version: 25-11-2012
Ran by TOJ (administrator) on 06-12-2012 at 05:34:01
Running from "C:\Users\TOJ\Desktop\DatorRensning\Program"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

IP-konfiguration f”r Windows

DNS-matcharens cacheminne har rensats.

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/05/2012 05:58:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2012 08:06:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2012 11:07:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 10:13:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2012 10:27:42 AM) (Source: Application Hang) (User: )
Description: Programmet wmplayer.exe, version 12.0.7601.17514, avslutades eftersom det slutade att samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 11a8

Starttid: 01cdca6673df842d

Avslutningstid: 6289

Programsökväg: C:\Program Files\Windows Media Player\wmplayer.exe

Rapport-ID: 53359747-36e2-11e2-85fc-00238bec4beb

Error: (11/23/2012 05:47:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2012 08:37:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2012 09:50:11 PM) (Source: Application Hang) (User: )
Description: Programmet wmplayer.exe, version 12.0.7601.17514, avslutades eftersom det slutade att samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 5dc

Starttid: 01cdc75850497d19

Avslutningstid: 77

Programsökväg: C:\Program Files\Windows Media Player\wmplayer.exe

Rapport-ID: d938ccd3-3353-11e2-a0fd-00238bec4beb

Error: (11/19/2012 06:42:25 PM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för assemblyIdentity1. Det finns ett fel i manifest- eller principfilen assemblyIdentity2 på rad assemblyIdentity3.
Värdet * i attributet language i elementet assemblyIdentity är felaktigt.

Error: (11/19/2012 06:42:14 PM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för assemblyIdentity1. Det finns ett fel i manifest- eller principfilen assemblyIdentity2 på rad assemblyIdentity3.
Värdet * i attributet language i elementet assemblyIdentity är felaktigt.


System errors:
=============
Error: (12/05/2012 05:59:51 AM) (Source: DCOM) (User: NT instans)
Description: programspecifikLokalStarta{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT instansSYSTEMS-1-5-18LocalHost (med LRPC)

Error: (12/05/2012 05:58:21 AM) (Source: Service Control Manager) (User: )
Description: Tjänsten Unigraphics Plot Server (ugiipqd) kunde inte startas på grund av följande fel:
%%2

Error: (12/05/2012 05:57:57 AM) (Source: Service Control Manager) (User: )
Description: Tjänsten Mobile Partner. OUC kunde inte startas på grund av följande fel:
%%1053

Error: (12/05/2012 05:57:57 AM) (Source: Service Control Manager) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Mobile Partner. OUC skulle ansluta.

Error: (12/04/2012 08:50:53 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten Tjänsten Google Update (gupdate) avslutades oväntat. Detta har skett 1 gånger.

Error: (12/04/2012 05:26:05 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (12/02/2012 08:07:08 PM) (Source: DCOM) (User: NT instans)
Description: programspecifikLokalStarta{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT instansSYSTEMS-1-5-18LocalHost (med LRPC)

Error: (12/02/2012 08:06:03 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten Unigraphics Plot Server (ugiipqd) kunde inte startas på grund av följande fel:
%%2

Error: (12/02/2012 08:05:57 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten Mobile Partner. OUC kunde inte startas på grund av följande fel:
%%1053

Error: (12/02/2012 08:05:57 PM) (Source: Service Control Manager) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Mobile Partner. OUC skulle ansluta.


Microsoft Office Sessions:
=========================
Error: (12/05/2012 05:58:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2012 08:06:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2012 11:07:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 10:13:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2012 10:27:42 AM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.1751411a801cdca6673df842d6289C:\Program Files\Windows Media Player\wmplayer.exe53359747-36e2-11e2-85fc-00238bec4beb

Error: (11/23/2012 05:47:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2012 08:37:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2012 09:50:11 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.175145dc01cdc75850497d1977C:\Program Files\Windows Media Player\wmplayer.exed938ccd3-3353-11e2-a0fd-00238bec4beb

Error: (11/19/2012 06:42:25 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (11/19/2012 06:42:14 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8


CodeIntegrity Errors:
===================================
Date: 2010-01-16 20:16:10.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-16 20:16:10.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-16 20:16:10.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-16 20:16:10.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.905
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.827
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.749
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:31:21.008
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.


========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3066.93 MB
Available physical RAM: 1919.77 MB
Total Pagefile: 6132.15 MB
Available Pagefile: 4919.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.48 MB

========================= Partitions: =====================================

1 Drive c: (Maggie) (Fixed) (Total:222.88 GB) (Free:140.81 GB) NTFS

========================= Users: ========================================

Anv„ndarkonton f”r \\MAGGIE2

Administrat”r G„st LogMeInRemoteUser
TOJ
Kommandot har utf”rts.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Jack&Jill
2012-12-07, 00:57
Hello Joshen :),

Nothing much I can see, so I guess that's the best I could help you with. If you would like to check further, you can visit some of these tech sites:
WhattheTech (http://forums.whatthetech.com/index.php?)
Bleeping Computer (http://www.bleepingcomputer.com/forums/)
Tech Support Forum (http://www.techsupportforum.com/forums/)

--------------------

Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

Delete all the downloaded tools we used and any logs on your desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows 7 (http://windows.microsoft.com/en-us/windows7/Turn-automatic-updating-on-or-off) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/windows-vista-system-restore-guide/) for some detail explanations. For Windows 7, it is similar to the Vista guide.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications.

6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.

7. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.

8. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.

9. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)

Stay safe.

Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)

Joshen
2012-12-08, 12:28
A big thank you, i have installed some of the recomended programs and will take a closer look at the rest of them.
Once again, a big thank you! you all do a great job!
:laugh::santa::eek::2thumb::bighug:

Jack&Jill
2012-12-08, 18:17
As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read:
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)