Laptop with Malware

**Joshen** · 2012-11-19, 22:08

Lets try again :-)

Hello
We have a Laptop that is mainly used by my wife.
Lately the computer freezes from time to time, sometime it continues after a while, and sometimes a reset is needed. It seams slow and infected by something. Tried some scanner and it seams to report malwares.

I dont think any cleaning program have been used but im not the only one using it

As we have another computer on the same net i hope you can help me taking a quick look at that later as well.

If i have missed some infomation you need, please let me now.
Thanks
//Joshen

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
Run by TOJ at 16:55:05 on 2012-11-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.1725 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://vbb.timantti.com/regal20/configurator/default.aspx?locale=2
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/firefox
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=bOCtkLVEHd4J9hylyuvf_w&ind=2010121907&ptnrS=ZVfox000&si=&n=77d006b3&psa=&st=kwd&searchfor=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2012-10-27 09:46; en-GB@dictionaries.addons.mozilla.org; c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - ExtSQL: 2012-10-27 09:49; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-11-17 11:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-27 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-16 44808]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-18 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-18 676936]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-12-19 28762]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
R2 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\ugs\ugslicensing\lmgrd.exe [2008-4-22 1372160]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-18 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2012-11-18 17:15:34 -------- d-----w- c:\users\toj\appdata\local\VS Revo Group
2012-11-18 17:15:27 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-11-18 17:15:25 -------- d-----w- c:\program files\VS Revo Group
2012-11-18 17:00:43 -------- d-----w- c:\users\toj\appdata\roaming\Malwarebytes
2012-11-18 17:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-11-18 17:00:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-18 17:00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-17 12:25:41 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{666ce97d-8e3b-4196-9111-58d84bd6d898}\offreg.dll
2012-11-17 10:18:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 21:32:54 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{666ce97d-8e3b-4196-9111-58d84bd6d898}\mpengine.dll
2012-11-16 05:00:22 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 05:00:21 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 05:00:21 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:59:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:59:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:59:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:59:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:59:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:59:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:59:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 17:24:36 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 17:24:36 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 17:24:35 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 17:24:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 17:24:35 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 17:24:35 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 17:24:35 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 17:24:35 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 17:24:25 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 17:24:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 17:23:58 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 17:23:58 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-27 07:49:23 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-27 07:49:20 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-27 07:49:15 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-27 07:48:38 41224 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2012-11-17 10:18:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 19:30:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 19:30:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57:48 981504 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 15:20:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
============= FINISH: 16:55:53,61 ===============

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 16:57:50
-----------------------------
16:57:50.900 OS Version: Windows 6.1.7601 Service Pack 1
16:57:50.900 Number of processors: 2 586 0x170A
16:57:50.903 ComputerName: MAGGIE2 UserName: TOJ
16:57:52.626 Initialize success
16:57:52.746 AVAST engine defs: 12111900
16:58:04.628 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:58:04.628 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
16:58:04.648 Disk 0 MBR read successfully
16:58:04.658 Disk 0 MBR scan
16:58:04.668 Disk 0 Windows 7 default MBR code
16:58:04.678 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
16:58:04.698 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228233 MB offset 20973568
16:58:04.698 Disk 0 scanning sectors +488394752
16:58:04.758 Disk 0 scanning C:\Windows\system32\drivers
16:58:15.776 Service scanning
16:58:41.128 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:58:49.492 Modules scanning
16:59:06.508 Disk 0 trace - called modules:
16:59:06.878 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spwq.sys >>UNKNOWN [0x85554938]<<
16:59:06.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d42948]
16:59:06.928 3 CLASSPNP.SYS[8b99059e] -> nt!IofCallDriver -> [0x862d0698]
16:59:06.938 5 ACPI.sys[8b3c03d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862ad028]
16:59:08.608 AVAST engine scan C:\Windows
16:59:12.066 AVAST engine scan C:\Windows\system32
17:02:06.517 AVAST engine scan C:\Windows\system32\drivers
17:02:21.983 AVAST engine scan C:\Users\TOJ
17:08:28.876 AVAST engine scan C:\ProgramData
17:09:34.472 Scan finished successfully
17:09:48.016 Disk 0 MBR has been saved successfully to "C:\Users\TOJ\Desktop\MBR.dat"
17:09:48.026 The log file has been saved successfully to "C:\Users\TOJ\Desktop\aswMBR.txt"

FunWebProducts: [SBI $724750D4] Program directory (Bibliotek, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\

FunWebProducts: [SBI $A4654040] Program directory (Bibliotek, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\Images\

FunWebProducts: [SBI $7AEE25A5] Class ID (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

FunWebProducts: [SBI $8CC75C5A] Settings (Registervärde, nothing done)
HKEY_USERS\S-1-5-21-1995726087-44847017-43282288-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}

FunWebProducts: [SBI $B71E4FFD] Program directory (Bibliotek, nothing done)
C:\Program Files\FunWebProducts\

FunWebProducts: [SBI $934664E3] Executable (Fil, nothing done)
C:\Windows\System32\f3PSSavr.scr
Properties.size=32768
Properties.md5=A82C8C631255FD5DE31E796EED8CDA49
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

FunWebProducts: [SBI $2B247FE8] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
Properties.size=86096
Properties.md5=E651BE4F6E4DCD99AA66EF80C5CDD28B
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

FunWebProducts: [SBI $4296F4A6] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
Properties.size=86078
Properties.md5=D460ECA5D4574507FF4DABCC2CBC5F2E
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

FunWebProducts: [SBI $51F213BA] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\

FunWebProducts: [SBI $9975C0B8] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\

FunWebProducts: [SBI $9AC0555D] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Avatar\

FunWebProducts: [SBI $87976B73] Program directory (Bibliotek, nothing done)
C:\Program Files\funwebproducts\ScreenSaver

MyWay.MyWebSearch: [SBI $39E631BB] Settings (Registernyckel, nothing done)
HKEY_USERS\S-1-5-21-1995726087-44847017-43282288-1003\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: [SBI $1D729FD1] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: [SBI $B1C70274] Browser helper object (Registernyckel, nothing done)
HKEY_USERS\S-1-5-21-1995726087-44847017-43282288-1003\Software\MyWebSearch

MyWay.MyWebSearch: [SBI $91B56C2A] Class ID (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}

MyWay.MyWebSearch: [SBI $EABEA47E] Type library (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}

MyWay.MyWebSearch: [SBI $95E7D650] Type library (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}

MyWay.MyWebSearch: [SBI $DBE9DC78] Browser helper object (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\FocusInteractive

MyWay.MyWebSearch: [SBI $0AB712F8] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: [SBI $6CDD369B] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: [SBI $AC7657F9] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\MyWebSearch

MyWay.MyWebSearch: [SBI $51E6ABA2] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\

MyWay.MyWebSearch: [SBI $B836F058] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

MyWay.MyWebSearch: [SBI $4A8ED495] Type library (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
Properties.size=89655
Properties.md5=140AB62FFB5E3991894AEAD1E105393D
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Properties.size=56438
Properties.md5=87B6FB1125216E8D7B293400B715FB8D
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Properties.size=66726
Properties.md5=E660C15170591EBE447F601DDC6163C1
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Properties.size=56688
Properties.md5=C13224330D67C961D2E3E4279A5BC1A6
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
Properties.size=330710
Properties.md5=B8F1A5EA13A9C3E6C2C8C28FA86ABD3E
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
Properties.size=301118
Properties.md5=FD8A7DE5CE05EDA235B4D29C0E64FBFF
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
Properties.size=71675
Properties.md5=EAD44A1AC4FD80104D1B4814CE3582E1
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
Properties.size=106998
Properties.md5=43182F0E08638C0FFB08B33D7876B340
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
Properties.size=129559
Properties.md5=1A47783E119A96A3597DA38717FB9E59
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
Properties.size=272367
Properties.md5=72876A9D1BA63B025CF73A5EB622569E
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
Properties.size=122747
Properties.md5=46DD0C9F0820FE10E0DB7D2DC5B18E2F
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
Properties.size=43287
Properties.md5=4C64C9C48FAFB1CE394BAD985A1A1CA6
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
Properties.size=155471
Properties.md5=256AC64A886E9E60E56CE07A0F5C6808
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
Properties.size=149817
Properties.md5=648274DCDAE169827E769628379D342A
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
Properties.size=243509
Properties.md5=D9E3A3AEB53C0B0E1A4F6987D1995F0B
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
Properties.size=113081
Properties.md5=14DF54094BF76DBE5D71DB552DFB2633
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S
Properties.size=132691
Properties.md5=0B908DA08C94A96D21804A6FD866518A
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $2CFDFB02] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
Properties.size=305
Properties.md5=BC3475B177749B81BFAB5D21091786B5
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $2CFDFB02] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
Properties.size=16
Properties.md5=3AB2A38E4DC5A3DF24564D639021C8B0
Properties.filedate=1292761401
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
Properties.size=7406
Properties.md5=089EFCEA98317E0D0DC0543BE2EDA81F
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
Properties.size=7406
Properties.md5=141581A8DE0D46FB85F25A89DA38284C
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
Properties.size=10134
Properties.md5=24E6DA5796608E7DAD1011EC432B1666
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
Properties.size=7406
Properties.md5=2327AE7F0BAC7814F0870CED67420AAC
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
Properties.size=7406
Properties.md5=7429E321AC5058790EA073CD55F7328F
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
Properties.size=12782
Properties.md5=EC6393D63343AF0856E5DCBD16C182BC
Properties.filedate=1292761401
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL
Properties.size=28776
Properties.md5=F79220B730D91FBF4D8C94BA91C1A857
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
Properties.size=16501
Properties.md5=4F0AE2BC1861832947E4A872E2D02BA2
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
Properties.size=16479
Properties.md5=D3CEDDEF152C4060992562F2E740D179
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
Properties.size=155738
Properties.md5=24CDF2C595324C7F1AB402701322B376
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
Properties.size=32768
Properties.md5=D9FD5A34E06E66EDD50A88CDB2D2FC4B
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
Properties.size=28762
Properties.md5=48D50D679D28E5C4BF5A67664CC56B41
Properties.filedate=1292761398
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
Properties.size=139264
Properties.md5=ACB88F31279E312F633B24F48F8C0808
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
Properties.size=278610
Properties.md5=807D3213938A474995CC69EB73E86DE9
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
Properties.size=77906
Properties.md5=220BC041CDD85E4409A88CD46306D60D
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
Properties.size=32856
Properties.md5=8EE956AEE18F2459D5EC5AC53E2314D9
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
Properties.size=32768
Properties.md5=A82C8C631255FD5DE31E796EED8CDA49
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
Properties.size=24576
Properties.md5=C4FF418909D55A7744B04774A83135C9
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $F06432E0] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin

MyWay.MyWebSearch: [SBI $C771B898] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MyWebSearchService

MyWay.MyWebSearch: [SBI $9C66098D] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MyWebSearchService

MyWay.MyWebSearch: [SBI $1E9D2A89] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Game\

MyWay.MyWebSearch: [SBI $6B75E445] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\History\

MyWay.MyWebSearch: [SBI $D182749E] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\icons\

MyWay.MyWebSearch: [SBI $4A5017B0] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Message\

MyWay.MyWebSearch: [SBI $EBAA84FB] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\

MyWay.MyWebSearch: [SBI $9DB56617] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Settings\

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Avatar

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Game

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\History

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\icons

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Message

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Notifier

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Overlay

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Settings

MyWay.MyWebSearch: [SBI $78882F84] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar

MyWay.MyWebSearch: [SBI $9185AE0B] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

MyWay.MyWebSearch: [SBI $798DEFC6] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}

MyWay.MyWebSearch: [SBI $17EB816E] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

MyWay.MyWebSearch: [SBI $E6CF97BD] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}

MyWay.MyWebSearch: [SBI $84A88F8E] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}

MyWay.MyWebSearch: [SBI $2E0CB34B] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

MyWay.MyWebSearch: [SBI $93F63F8F] Settings (Registervärde, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\m3ffxtbr@mywebsearch.com

MyWay.MyWebSearch: [SBI $33173CA4] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin

FunWebProducts: [SBI $C9EF9978] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Fun Web Products

FunWebProducts: [SBI $EABD1904] Settings (Registervärde, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts

MyWebSearch: [SBI $A020D1EF] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

MyWebSearch: [SBI $28E3F240] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

MyWebSearch: [SBI $EB0F98F9] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

MyWebSearch: [SBI $1FBE02BC] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

MyWebSearch: [SBI $2657A585] Settings (Registervärde, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers

MediaPlex: Tracking cookie (Internet Explorer: TOJ) (Cookie, nothing done)

MediaPlex: Tracking cookie (Internet Explorer: TOJ) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-11-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

**Jack&Jill** · 2012-11-28, 16:26

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

**Joshen** · 2012-11-28, 16:54

Nice to hear from you im ready to get started to try and solve this strange issue

**Jack&Jill** · 2012-11-28, 17:07

Hello Joshen

,

Is this a work computer? There are some programs that will only exist on corporate computers on board.

Please take a look at this:
http://forums.spybot.info/showpost.p...12&postcount=5

**Joshen** · 2012-11-28, 21:29

No, what should that be?

We have used during some educations (might have installed something then, but that should have been removed) and taken some work home (but no programs that i can remember)

Its my wifes play computer mainly

**Jack&Jill** · 2012-11-29, 00:18

Hello Joshen

,

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules.
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.

--------------------

Validate Windows

Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

--------------------

Check for additional security risks

Please download CKScanner© by askey127 and save to your desktop. Click here.
Double click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
Post the contents of ckfiles.txt in your reply, it is located on your desktop.
Please run the program only once.

--------------------

Remove P2P software

IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Vuze
Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
Please remove them before we continue with fixing your computer.

Please run DDS and post both logs.

--------------------

Please post back:
1. MGADiag result
2. CKScanner log
3. fresh DDS logs

**Joshen** · 2012-11-29, 05:54

MGAdiag

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-G6VBJ-KGM24-DHW4D
Windows Product Key Hash: OZsuH2dLMQXMid+AojAXnNYJtVs=
Windows Product ID: 00359-OEM-8882216-66698
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {3B781C0A-90FC-4859-84E4-A9DB61D0B467}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3B781C0A-90FC-4859-84E4-A9DB61D0B467}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-DHW4D</PKey><PID>00359-OEM-8882216-66698</PID><PIDType>3</PIDType><SID>S-1-5-21-1995726087-44847017-43282288</SID><SYSTEM><Manufacturer>Acer </Manufacturer><Model>Extensa 5635ZG </Model></SYSTEM><BIOS><Manufacturer>Phoenix</Manufacturer><Version>V0.3213</Version><SMBIOSVersion major="2" minor="5"/><Date>20090507000000.000000+000</Date></BIOS><HWID>F43C3807018400F8</HWID><UserLCID>041D</UserLCID><SystemLCID>041D</SystemLCID><TimeZone>Västeuropa, normaltid(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{9011041D-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73978-640-0000106-57489</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Programlicenstjänstens version: 6.1.7601.17514

Namn: Windows(R) 7, HomePremium edition
Beskrivning: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Aktiverings-ID: 9f83d90f-a151-4665-ae69-30b3f63ec659
Program-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Utökat produkt-ID: 00359-00176-822-166698-02-1053-7600.0000-0362010
Installations-ID: 019876965465426642979405437426752822054996249593873752
URL till processorcertifikatet: http://go.microsoft.com/fwlink/?LinkID=88338
URL till datorcertifikatet: http://go.microsoft.com/fwlink/?LinkID=88339
URL till användningslicensen: http://go.microsoft.com/fwlink/?LinkID=88341
URL till produktnyckelcertifikat: http://go.microsoft.com/fwlink/?LinkID=88340
Ofullständig produktnyckel: DHW4D
Licenstillstånd: Licensierad
Återstående antal Windows-omaktiveringar: 5
Betrodd tid: 2012-11-29 05:36:40

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:23:2012 18:46
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAIAAAABAAAAAwABAAEAeqg40E7qeqYgOmg1znAwm4CGUrEcQ0bK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC ACRSYS ACRPRDCT
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci

CKscanner

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.IANAGH
----- EOF -----

DDS
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
Run by TOJ at 5:50:55 on 2012-11-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.1842 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\UGS\UGSLicensing\lmgrd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\UGS\UGSLicensing\ugslmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://vbb.timantti.com/regal20/configurator/default.aspx?locale=2
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/firefox
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=bOCtkLVEHd4J9hylyuvf_w&ind=2010121907&ptnrS=ZVfox000&si=&n=77d006b3&psa=&st=kwd&searchfor=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2012-10-27 09:46; en-GB@dictionaries.addons.mozilla.org; c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - ExtSQL: 2012-10-27 09:49; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-11-17 11:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-27 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-16 44808]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-12-19 28762]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
R2 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\ugs\ugslicensing\lmgrd.exe [2008-4-22 1372160]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2012-11-29 04:36:47 -------- d-----w- C:\MGADiagToolOutput
2012-11-27 19:36:57 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c5264b3-c600-43b3-9bd5-c3dcf5a1be19}\mpengine.dll
2012-11-19 16:11:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-19 16:11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-18 17:15:34 -------- d-----w- c:\users\toj\appdata\local\VS Revo Group
2012-11-18 17:15:27 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-11-18 17:15:25 -------- d-----w- c:\program files\VS Revo Group
2012-11-18 17:00:43 -------- d-----w- c:\users\toj\appdata\roaming\Malwarebytes
2012-11-18 17:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 10:18:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 05:00:22 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 05:00:21 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 05:00:21 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:59:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:59:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:59:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:59:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:59:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:59:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:59:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 17:24:36 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 17:24:36 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 17:24:35 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 17:24:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 17:24:35 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 17:24:35 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 17:24:35 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 17:24:35 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 17:24:25 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 17:24:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 17:23:58 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 17:23:58 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
==================== Find3M ====================
.
2012-11-21 19:40:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 19:40:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-17 10:18:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59:28 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
============= FINISH: 5:51:32,54 ===============

**Jack&Jill** · 2012-11-29, 14:05

Hello Joshen

,

The Microsoft Office Professional Edition 2003 on your computer is a non-genuine copy. It was installed with a now blocked Volume Licensing Key (VLK) that was valid and only available to corporations, education entities and government agencies. VLKs are blocked by Microsoft at the request and consent of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, Microsoft may have blocked the key if it notices a pattern of misuse, that is more installations using that key than authorized.
A VL Product Key is non-transferable to individuals.

Please read the fourth post of the Forum Rules.

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
If there are more such new findings after this, the topic will also be closed.

You may return to the seller to demand for a replacement with a genuine copy or get a full refund. As an alternative, you can also try OpenOffice.

Post back a new MGADiag result when you are done.

**Joshen** · 2012-11-30, 00:16

That was news for me, but i dident install it when it was done a long time ago. Removed it as requested, will install open office later when we are done here :-)
(have it already on some others units)

**Jack&Jill** · 2012-11-30, 16:13

Hello Joshen

,

. Thank you for complying to the forum rules.

If you are not using this, please uninstall it:
Viewpoint Media Player

You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.

--------------------

Scan with RogueKiller

Click on the blue button with arrow pointing downwards to the right of Mirror:.
Allow the download if prompted by your security software and please close all your programs.
Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
Wait for PreScan to finish, then click on Scan. Accept the EULA if prompted.
Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
Please copy and paste the contents of that log in your next reply.

--------------------

Please post back:
1. the previous MBAM
2. RogueKiller log

Thread: Laptop with Malware

Thread Tools

Display

Laptop with Malware

Posting Permissions