Laptop with Malware

[Joshen]

Lets try again :-)

Hello
We have a Laptop that is mainly used by my wife.
Lately the computer freezes from time to time, sometime it continues after a while, and sometimes a reset is needed. It seams slow and infected by something. Tried some scanner and it seams to report malwares.

I dont think any cleaning program have been used but im not the only one using it

As we have another computer on the same net i hope you can help me taking a quick look at that later as well.


If i have missed some infomation you need, please let me now.
Thanks
//Joshen




DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
Run by TOJ at 16:55:05 on 2012-11-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.1725 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://vbb.timantti.com/regal20/configurator/default.aspx?locale=2
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/firefox
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=bOCtkLVEHd4J9hylyuvf_w&ind=2010121907&ptnrS=ZVfox000&si=&n=77d006b3&psa=&st=kwd&searchfor=
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - ExtSQL: 2012-10-27 09:46; en-GB@dictionaries.addons.mozilla.org; c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - ExtSQL: 2012-10-27 09:49; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 2012-11-17 11:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-27 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-16 44808]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-18 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-18 676936]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2010-12-19 28762]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
R2 UGS License Server (ugslmd);UGS License Server (ugslmd);c:\program files\ugs\ugslicensing\lmgrd.exe [2008-4-22 1372160]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-18 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== Created Last 30 ================
.
2012-11-18 17:15:34 -------- d-----w- c:\users\toj\appdata\local\VS Revo Group
2012-11-18 17:15:27 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-11-18 17:15:25 -------- d-----w- c:\program files\VS Revo Group
2012-11-18 17:00:43 -------- d-----w- c:\users\toj\appdata\roaming\Malwarebytes
2012-11-18 17:00:33 -------- d-----w- c:\programdata\Malwarebytes
2012-11-18 17:00:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-18 17:00:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-17 12:25:41 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{666ce97d-8e3b-4196-9111-58d84bd6d898}\offreg.dll
2012-11-17 10:18:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-16 21:32:54 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{666ce97d-8e3b-4196-9111-58d84bd6d898}\mpengine.dll
2012-11-16 05:00:22 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 05:00:21 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 05:00:21 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 04:59:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 04:59:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 04:59:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 04:59:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 04:59:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:59:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 04:59:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 17:24:36 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 17:24:36 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 17:24:35 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 17:24:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 17:24:35 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 17:24:35 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 17:24:35 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 17:24:35 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 17:24:25 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 17:24:06 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 17:23:58 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 17:23:58 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-27 07:49:23 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-27 07:49:20 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-27 07:49:15 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-27 07:48:38 41224 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M ====================
.
2012-11-17 10:18:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-08 19:30:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 19:30:12 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57:48 981504 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 15:20:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
============= FINISH: 16:55:53,61 ===============




aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 16:57:50
-----------------------------
16:57:50.900 OS Version: Windows 6.1.7601 Service Pack 1
16:57:50.900 Number of processors: 2 586 0x170A
16:57:50.903 ComputerName: MAGGIE2 UserName: TOJ
16:57:52.626 Initialize success
16:57:52.746 AVAST engine defs: 12111900
16:58:04.628 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:58:04.628 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
16:58:04.648 Disk 0 MBR read successfully
16:58:04.658 Disk 0 MBR scan
16:58:04.668 Disk 0 Windows 7 default MBR code
16:58:04.678 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
16:58:04.698 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228233 MB offset 20973568
16:58:04.698 Disk 0 scanning sectors +488394752
16:58:04.758 Disk 0 scanning C:\Windows\system32\drivers
16:58:15.776 Service scanning
16:58:41.128 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:58:49.492 Modules scanning
16:59:06.508 Disk 0 trace - called modules:
16:59:06.878 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys spwq.sys >>UNKNOWN [0x85554938]<<
16:59:06.898 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d42948]
16:59:06.928 3 CLASSPNP.SYS[8b99059e] -> nt!IofCallDriver -> [0x862d0698]
16:59:06.938 5 ACPI.sys[8b3c03d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862ad028]
16:59:08.608 AVAST engine scan C:\Windows
16:59:12.066 AVAST engine scan C:\Windows\system32
17:02:06.517 AVAST engine scan C:\Windows\system32\drivers
17:02:21.983 AVAST engine scan C:\Users\TOJ
17:08:28.876 AVAST engine scan C:\ProgramData
17:09:34.472 Scan finished successfully
17:09:48.016 Disk 0 MBR has been saved successfully to "C:\Users\TOJ\Desktop\MBR.dat"
17:09:48.026 The log file has been saved successfully to "C:\Users\TOJ\Desktop\aswMBR.txt"





FunWebProducts: [SBI $724750D4] Program directory (Bibliotek, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\

FunWebProducts: [SBI $A4654040] Program directory (Bibliotek, nothing done)
C:\Program Files\FunWebProducts\ScreenSaver\Images\

FunWebProducts: [SBI $7AEE25A5] Class ID (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}

FunWebProducts: [SBI $8CC75C5A] Settings (Registervärde, nothing done)
HKEY_USERS\S-1-5-21-1995726087-44847017-43282288-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}

FunWebProducts: [SBI $B71E4FFD] Program directory (Bibliotek, nothing done)
C:\Program Files\FunWebProducts\

FunWebProducts: [SBI $934664E3] Executable (Fil, nothing done)
C:\Windows\System32\f3PSSavr.scr
Properties.size=32768
Properties.md5=A82C8C631255FD5DE31E796EED8CDA49
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

FunWebProducts: [SBI $2B247FE8] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
Properties.size=86096
Properties.md5=E651BE4F6E4DCD99AA66EF80C5CDD28B
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

FunWebProducts: [SBI $4296F4A6] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
Properties.size=86078
Properties.md5=D460ECA5D4574507FF4DABCC2CBC5F2E
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

FunWebProducts: [SBI $51F213BA] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\

FunWebProducts: [SBI $9975C0B8] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\

FunWebProducts: [SBI $9AC0555D] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Avatar\

FunWebProducts: [SBI $87976B73] Program directory (Bibliotek, nothing done)
C:\Program Files\funwebproducts\ScreenSaver

MyWay.MyWebSearch: [SBI $39E631BB] Settings (Registernyckel, nothing done)
HKEY_USERS\S-1-5-21-1995726087-44847017-43282288-1003\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: [SBI $1D729FD1] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

MyWay.MyWebSearch: [SBI $B1C70274] Browser helper object (Registernyckel, nothing done)
HKEY_USERS\S-1-5-21-1995726087-44847017-43282288-1003\Software\MyWebSearch

MyWay.MyWebSearch: [SBI $91B56C2A] Class ID (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}

MyWay.MyWebSearch: [SBI $EABEA47E] Type library (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}

MyWay.MyWebSearch: [SBI $95E7D650] Type library (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}

MyWay.MyWebSearch: [SBI $DBE9DC78] Browser helper object (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\FocusInteractive

MyWay.MyWebSearch: [SBI $0AB712F8] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: [SBI $6CDD369B] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: [SBI $AC7657F9] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\MyWebSearch

MyWay.MyWebSearch: [SBI $51E6ABA2] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\

MyWay.MyWebSearch: [SBI $B836F058] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}

MyWay.MyWebSearch: [SBI $4A8ED495] Type library (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
Properties.size=89655
Properties.md5=140AB62FFB5E3991894AEAD1E105393D
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Properties.size=56438
Properties.md5=87B6FB1125216E8D7B293400B715FB8D
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Properties.size=66726
Properties.md5=E660C15170591EBE447F601DDC6163C1
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Properties.size=56688
Properties.md5=C13224330D67C961D2E3E4279A5BC1A6
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
Properties.size=330710
Properties.md5=B8F1A5EA13A9C3E6C2C8C28FA86ABD3E
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
Properties.size=301118
Properties.md5=FD8A7DE5CE05EDA235B4D29C0E64FBFF
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
Properties.size=71675
Properties.md5=EAD44A1AC4FD80104D1B4814CE3582E1
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
Properties.size=106998
Properties.md5=43182F0E08638C0FFB08B33D7876B340
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
Properties.size=129559
Properties.md5=1A47783E119A96A3597DA38717FB9E59
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
Properties.size=272367
Properties.md5=72876A9D1BA63B025CF73A5EB622569E
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
Properties.size=122747
Properties.md5=46DD0C9F0820FE10E0DB7D2DC5B18E2F
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
Properties.size=43287
Properties.md5=4C64C9C48FAFB1CE394BAD985A1A1CA6
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
Properties.size=155471
Properties.md5=256AC64A886E9E60E56CE07A0F5C6808
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
Properties.size=149817
Properties.md5=648274DCDAE169827E769628379D342A
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
Properties.size=243509
Properties.md5=D9E3A3AEB53C0B0E1A4F6987D1995F0B
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
Properties.size=113081
Properties.md5=14DF54094BF76DBE5D71DB552DFB2633
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0ACED923] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S
Properties.size=132691
Properties.md5=0B908DA08C94A96D21804A6FD866518A
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $2CFDFB02] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
Properties.size=305
Properties.md5=BC3475B177749B81BFAB5D21091786B5
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $2CFDFB02] Data (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
Properties.size=16
Properties.md5=3AB2A38E4DC5A3DF24564D639021C8B0
Properties.filedate=1292761401
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
Properties.size=7406
Properties.md5=089EFCEA98317E0D0DC0543BE2EDA81F
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
Properties.size=7406
Properties.md5=141581A8DE0D46FB85F25A89DA38284C
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
Properties.size=10134
Properties.md5=24E6DA5796608E7DAD1011EC432B1666
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
Properties.size=7406
Properties.md5=2327AE7F0BAC7814F0870CED67420AAC
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
Properties.size=7406
Properties.md5=7429E321AC5058790EA073CD55F7328F
Properties.filedate=1292761400
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $0888C8CD] Picture (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
Properties.size=12782
Properties.md5=EC6393D63343AF0856E5DCBD16C182BC
Properties.filedate=1292761401
Properties.filedatetext=2010-12-19 13:23:20

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL
Properties.size=28776
Properties.md5=F79220B730D91FBF4D8C94BA91C1A857
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
Properties.size=16501
Properties.md5=4F0AE2BC1861832947E4A872E2D02BA2
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
Properties.size=16479
Properties.md5=D3CEDDEF152C4060992562F2E740D179
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
Properties.size=155738
Properties.md5=24CDF2C595324C7F1AB402701322B376
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
Properties.size=32768
Properties.md5=D9FD5A34E06E66EDD50A88CDB2D2FC4B
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $E4947DDB] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
Properties.size=28762
Properties.md5=48D50D679D28E5C4BF5A67664CC56B41
Properties.filedate=1292761398
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
Properties.size=139264
Properties.md5=ACB88F31279E312F633B24F48F8C0808
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
Properties.size=278610
Properties.md5=807D3213938A474995CC69EB73E86DE9
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
Properties.size=77906
Properties.md5=220BC041CDD85E4409A88CD46306D60D
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
Properties.size=32856
Properties.md5=8EE956AEE18F2459D5EC5AC53E2314D9
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
Properties.size=32768
Properties.md5=A82C8C631255FD5DE31E796EED8CDA49
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $49AC1975] Library (Fil, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
Properties.size=24576
Properties.md5=C4FF418909D55A7744B04774A83135C9
Properties.filedate=1292761397
Properties.filedatetext=2010-12-19 13:23:17

MyWay.MyWebSearch: [SBI $F06432E0] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\1.bin

MyWay.MyWebSearch: [SBI $C771B898] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MyWebSearchService

MyWay.MyWebSearch: [SBI $9C66098D] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MyWebSearchService

MyWay.MyWebSearch: [SBI $1E9D2A89] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Game\

MyWay.MyWebSearch: [SBI $6B75E445] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\History\

MyWay.MyWebSearch: [SBI $D182749E] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\icons\

MyWay.MyWebSearch: [SBI $4A5017B0] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Message\

MyWay.MyWebSearch: [SBI $EBAA84FB] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Notifier\

MyWay.MyWebSearch: [SBI $9DB56617] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar\Settings\

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Avatar

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Game

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\History

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\icons

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Message

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Notifier

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Overlay

MyWay.MyWebSearch: [SBI $FE5C4FC1] Program directory (Bibliotek, nothing done)
C:\Program Files\MYWEBSEARCH\bar\Settings

MyWay.MyWebSearch: [SBI $78882F84] Program directory (Bibliotek, nothing done)
C:\Program Files\MyWebSearch\bar

MyWay.MyWebSearch: [SBI $9185AE0B] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

MyWay.MyWebSearch: [SBI $798DEFC6] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7}

MyWay.MyWebSearch: [SBI $17EB816E] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

MyWay.MyWebSearch: [SBI $E6CF97BD] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}

MyWay.MyWebSearch: [SBI $84A88F8E] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}

MyWay.MyWebSearch: [SBI $2E0CB34B] Class ID (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

MyWay.MyWebSearch: [SBI $93F63F8F] Settings (Registervärde, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\m3ffxtbr@mywebsearch.com

MyWay.MyWebSearch: [SBI $33173CA4] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin

FunWebProducts: [SBI $C9EF9978] Settings (Registernyckel, nothing done)
HKEY_LOCAL_MACHINE\Software\Fun Web Products

FunWebProducts: [SBI $EABD1904] Settings (Registervärde, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts

MyWebSearch: [SBI $A020D1EF] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

MyWebSearch: [SBI $28E3F240] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

MyWebSearch: [SBI $EB0F98F9] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

MyWebSearch: [SBI $1FBE02BC] Interface (Registernyckel, nothing done)
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

MyWebSearch: [SBI $2657A585] Settings (Registervärde, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers

MediaPlex: Tracking cookie (Internet Explorer: TOJ) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: TOJ) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-11-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[Jack&Jill]

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

[Joshen]

Nice to hear from you im ready to get started to try and solve this strange issue

[Jack&Jill]

Hello Joshen ,

Is this a work computer? There are some programs that will only exist on corporate computers on board.

Please take a look at this:
http://forums.spybot.info/showpost.p...12&postcount=5

[Joshen]

No, what should that be?

We have used during some educations (might have installed something then, but that should have been removed) and taken some work home (but no programs that i can remember)

Its my wifes play computer mainly

[Jack&Jill]

Hello Joshen ,

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

• Please observe and follow these Forum Rules.
• Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
• Please read the instructions carefully and follow them closely, in the order they are presented to you.
• If you have any doubts or problems during the fix, please stop and ask.
• All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
• Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
• Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
• Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
• If you do not reply within 3 days, this topic will be closed.

--------------------

Validate Windows

• Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
• Double click on MGADiag.exe to run it.
• Click Continue.
• The program will run. It takes a while to finish the diagnosis, please be patient.
• Once done, click on Copy.
• Open Notepad and paste the contents in. Save this file and post it in your next reply.

--------------------

Check for additional security risks

• Please download CKScanner© by askey127 and save to your desktop. Click here.
• Double click on CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
• Post the contents of ckfiles.txt in your reply, it is located on your desktop.
• Please run the program only once.

--------------------

Remove P2P software

• IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
  
  Vuze
  
  
• Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
• Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
• Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
• Please remove them before we continue with fixing your computer.

Please run DDS and post both logs.

--------------------

Please post back:
1. MGADiag result
2. CKScanner log
3. fresh DDS logs