Laptop with Malware

**Joshen** · 2012-12-04, 05:34

The laptop actually freezed again yesterday for a good 10 seconds. Not sure if you can help me to find the issue, but we have removed the big problems by removing the bad programs already.
Its a lot better now anyway

**Jack&Jill** · 2012-12-05, 01:05

Hello Joshen

,

There still an unwanted entry in Firefox.

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=bOCtkLVEHd4J9hylyuvf_w&ind=2010121907&ptnrS=ZVfox000&si=&n=77d006b3&psa=&st=kwd&searchfor=

Please remove it by resetting Firefox as outlined here.

--------------------

Correct a registry key

Open Notepad. Copy and paste the following text into it:
Code:
```
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
```
Note: Copy exactly everything in the code box. Make sure there is no empty lines at the beginning, and have one empty line at the end of the codes.
Save it as Fix.reg on the desktop. Make sure the Save as type: is All Files (*.*).
Right click on Fix.reg and select Run as administrator. When it asks you to merge the information to the registry, click Yes.

--------------------

Besides those, I am not seeing anything from the DDS log. What were you doing when the freeze occurred?

A few approaches we could take include:

Disable Windows Defender real-time protection.

Go to Start > All Programs > Windows Defender, or you can access it from the Control Panel.
Click on Tools at the top.
Under Settings, click on Options.
Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
Under Real-time protection, uncheck Use real-time protection (recommended) box. Scroll down if you do not see it.
Click on the Save button at the bottom right hand corner and close the window.

Avast is already covering the antispyware portion of the computer's security, so you don't need Windows Defender.

Next, open Windows Explorer, then right click on C:\. Select Properties, change to the Tools tab, and click on Check now.... Proceed accordingly.

--------------------

Please post back:
1. fresh DDS log
2. when the freeze occurred?
3. an update if there is any improvements after the fews steps taken

**Joshen** · 2012-12-05, 06:04

DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
Run by TOJ at 6:01:44 on 2012-12-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.2046 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\j7e01a9x.default-1354682357637\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2012-10-27 19:42; {AB2CE124-6272-4b12-94A9-7303C7397BD1}; c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - ExtSQL: 2012-11-17 03:17; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-11-17 11:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-05 05:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\toj\appdata\roaming\mozilla\firefox\profiles\j7e01a9x.default-1354682357637\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-27 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-16 44808]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2012-12-04 20:24:52 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a8c4e53-10e2-4fdf-9117-983ff207c402}\mpengine.dll
2012-12-01 15:15:10 -------- d-----w- c:\program files\ESET
2012-11-29 04:36:47 -------- d-----w- C:\MGADiagToolOutput
2012-11-19 16:11:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-19 16:11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-18 17:15:34 -------- d-----w- c:\users\toj\appdata\local\VS Revo Group
2012-11-18 17:15:27 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-11-18 17:15:25 -------- d-----w- c:\program files\VS Revo Group
2012-11-18 17:00:43 -------- d-----w- c:\users\toj\appdata\roaming\Malwarebytes
2012-11-18 17:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-11-17 10:18:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 05:00:22 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 05:00:21 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 05:00:21 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:59:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:59:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:59:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:59:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:59:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:59:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:59:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 17:24:36 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 17:24:36 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 17:24:35 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 17:24:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 17:24:35 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 17:24:35 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 17:24:35 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 17:24:35 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 17:24:25 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 17:24:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 17:23:58 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 17:23:58 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
.
==================== Find3M ====================
.
2012-11-21 19:40:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-21 19:40:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-17 10:18:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 16:59:28 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 6:03:00,36 ===============

**Joshen** · 2012-12-05, 06:38

Previously if could happen at any time.
The best way was to look at a video or something similar with the WMP.
No we only get this issue when looking at something that is on another computer by wifi.

The issue is that we cant remember to have that problem a year ago, thats the part that seems strange. And if the issue is on the wifi section its really not a lot you can do to help me.

**Jack&Jill** · 2012-12-05, 16:55

Hello Joshen

,

It could be a resource issue. I will just take a look if I can spot anything.

Please download MiniToolBox© by farbar and save it to your desktop. Click here.

Double click on MiniToolBox.exe to run it.
Please check (tick) the following options:
- Flush DNS
- List last 10 Event Viewer Errors
- List devices, and select Only Problems
- List Users, Partitions and Memory size.
- List Minidump Files
Click on the GO button. A log will open.
Please post the contents of this log. It can also be found on the desktop as Result.txt.

--------------------

Please post back:
1. MiniToolBox result

**Joshen** · 2012-12-06, 05:36

MiniToolBox by Farbar Version: 25-11-2012
Ran by TOJ (administrator) on 06-12-2012 at 05:34:01
Running from "C:\Users\TOJ\Desktop\DatorRensning\Program"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

IP-konfiguration f”r Windows

DNS-matcharens cacheminne har rensats.

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/05/2012 05:58:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2012 08:06:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2012 11:07:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 10:13:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2012 10:27:42 AM) (Source: Application Hang) (User: )
Description: Programmet wmplayer.exe, version 12.0.7601.17514, avslutades eftersom det slutade att samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 11a8

Starttid: 01cdca6673df842d

Avslutningstid: 6289

Programsökväg: C:\Program Files\Windows Media Player\wmplayer.exe

Rapport-ID: 53359747-36e2-11e2-85fc-00238bec4beb

Error: (11/23/2012 05:47:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2012 08:37:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2012 09:50:11 PM) (Source: Application Hang) (User: )
Description: Programmet wmplayer.exe, version 12.0.7601.17514, avslutades eftersom det slutade att samverka med Windows. Ytterligare information kan finnas i problemhistoriken på kontrollpanelen för Åtgärdscentret och lösningar.

Process-ID: 5dc

Starttid: 01cdc75850497d19

Avslutningstid: 77

Programsökväg: C:\Program Files\Windows Media Player\wmplayer.exe

Rapport-ID: d938ccd3-3353-11e2-a0fd-00238bec4beb

Error: (11/19/2012 06:42:25 PM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för assemblyIdentity1. Det finns ett fel i manifest- eller principfilen assemblyIdentity2 på rad assemblyIdentity3.
Värdet * i attributet language i elementet assemblyIdentity är felaktigt.

Error: (11/19/2012 06:42:14 PM) (Source: SideBySide) (User: )
Description: Det gick inte att skapa aktiveringskontext för assemblyIdentity1. Det finns ett fel i manifest- eller principfilen assemblyIdentity2 på rad assemblyIdentity3.
Värdet * i attributet language i elementet assemblyIdentity är felaktigt.

System errors:
=============
Error: (12/05/2012 05:59:51 AM) (Source: DCOM) (User: NT instans)
Description: programspecifikLokalStarta{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT instansSYSTEMS-1-5-18LocalHost (med LRPC)

Error: (12/05/2012 05:58:21 AM) (Source: Service Control Manager) (User: )
Description: Tjänsten Unigraphics Plot Server (ugiipqd) kunde inte startas på grund av följande fel:
%%2

Error: (12/05/2012 05:57:57 AM) (Source: Service Control Manager) (User: )
Description: Tjänsten Mobile Partner. OUC kunde inte startas på grund av följande fel:
%%1053

Error: (12/05/2012 05:57:57 AM) (Source: Service Control Manager) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Mobile Partner. OUC skulle ansluta.

Error: (12/04/2012 08:50:53 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten Tjänsten Google Update (gupdate) avslutades oväntat. Detta har skett 1 gånger.

Error: (12/04/2012 05:26:05 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (12/02/2012 08:07:08 PM) (Source: DCOM) (User: NT instans)
Description: programspecifikLokalStarta{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT instansSYSTEMS-1-5-18LocalHost (med LRPC)

Error: (12/02/2012 08:06:03 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten Unigraphics Plot Server (ugiipqd) kunde inte startas på grund av följande fel:
%%2

Error: (12/02/2012 08:05:57 PM) (Source: Service Control Manager) (User: )
Description: Tjänsten Mobile Partner. OUC kunde inte startas på grund av följande fel:
%%1053

Error: (12/02/2012 08:05:57 PM) (Source: Service Control Manager) (User: )
Description: En timeout (30000 ms) inträffade vid väntan på att tjänsten Mobile Partner. OUC skulle ansluta.

Microsoft Office Sessions:
=========================
Error: (12/05/2012 05:58:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2012 08:06:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2012 11:07:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/28/2012 10:13:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/25/2012 10:27:42 AM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.1751411a801cdca6673df842d6289C:\Program Files\Windows Media Player\wmplayer.exe53359747-36e2-11e2-85fc-00238bec4beb

Error: (11/23/2012 05:47:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2012 08:37:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2012 09:50:11 PM) (Source: Application Hang)(User: )
Description: wmplayer.exe12.0.7601.175145dc01cdc75850497d1977C:\Program Files\Windows Media Player\wmplayer.exed938ccd3-3353-11e2-a0fd-00238bec4beb

Error: (11/19/2012 06:42:25 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (11/19/2012 06:42:14 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

CodeIntegrity Errors:
===================================
Date: 2010-01-16 20:16:10.747
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-16 20:16:10.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-16 20:16:10.415
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-16 20:16:10.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Alwil Software\Avast4\Setup\INF\aswSP.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.905
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.827
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.749
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:46:32.687
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2009-10-25 00:31:21.008
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Acer\Acer ePower Management\SysHook.dll because the set of per-page image hashes could not be found on the system.

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3066.93 MB
Available physical RAM: 1919.77 MB
Total Pagefile: 6132.15 MB
Available Pagefile: 4919.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.48 MB

========================= Partitions: =====================================

1 Drive c: (Maggie) (Fixed) (Total:222.88 GB) (Free:140.81 GB) NTFS

========================= Users: ========================================

Anv„ndarkonton f”r \\MAGGIE2

Administrat”r G„st LogMeInRemoteUser
TOJ
Kommandot har utf”rts.

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

**Jack&Jill** · 2012-12-06, 23:57

Hello Joshen

,

Nothing much I can see, so I guess that's the best I could help you with. If you would like to check further, you can visit some of these tech sites:
WhattheTech
Bleeping Computer
Tech Support Forum

--------------------

Congratulations, you are All Clear to go. Glad to hear everything is good and running

. If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

Delete all the downloaded tools we used and any logs on your desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows 7 to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows Vista System Restore Guide for some detail explanations. For Windows 7, it is similar to the Vista guide.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.

6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

7. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

8. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

9. Also look up:
Computer Security - a short guide to staying safer online
PC Safety and Security - What Do I Need? By Glaswegian
How to prevent malware: By miekiemoes
So how did I get infected in the first place? By Tony Klein
Microsoft Online Safety

Stay safe.

Your donation helps in improving Spybot-S&D!

**Joshen** · 2012-12-08, 11:28

A big thank you, i have installed some of the recomended programs and will take a closer look at the rest of them.
Once again, a big thank you! you all do a great job!

**Jack&Jill** · 2012-12-08, 17:17

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read:
Your donation helps in improving Spybot-S&D!

Thread: Laptop with Malware

Thread Tools

Display

Posting Permissions