windows logs on with the wrong way

W

wesley9946

Member
hello,

since a few days our PC is doing weird.
when i start and/or log on Windows (automatically) it should be view the Desktop right?
but after the logon My Documents will be opened an there's no Desktop and i will have to open the Desktop manually (Ctrl+Alt+Delete>Start Task Manager>in task manager New Task...>explorer.exe>Enter)


any solutions are welcome


greets wesley9946

OS: Windows 7 Home Premium 32bit
 
You either have malware on your system or somehow the system has corrupted itself. Did you install any new hardware or software before this happened? You can do a couple things here. Either scan your system with malwarebytes and if it don't come up with anything, then do a system restore back to a day when it was working fine. To do malwarebytes, do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.



Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
here's the log file:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database Version: v2012.07.13.02

Windows 7 x86 Service Pack 1 NTFS
Internet Explorer 9.0.8112.16421
Hemar-Imprint :: HEMAR-PRINT-PC [Administrator]

13-7-2012 10:20:04
mbam-log-2012-07-13 (10-26-23). ​​txt

Scan type: Quick Scan
Enabled scanning options: Memory | Startup Items | Register | Files and Folders | Heuristics / Tools | Heuristics / Shuriken | PUP | PUM
Disabled scanning options: P2P
Objects scanned: 212638
Elapsed time: 6 minutes / minutes, 3 second (s)

Memory Processes detected: 0
(No malicious items detected)

Memory Modules detected: 0
(No malicious items detected)

Memory Modules detected: 172
HKLM \ SYSTEM \ CurrentControlSet \ Services \ MyWebSearchService (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {14d02517-c8be-4735-A344-3c8366c77aa0} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {14D02517-C8BE-4735-A344-3C8366C77AA0} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {14D02517-C8BE-4735-A344-3C8366C77AA0} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {14D02517-C8BE-4735-A344-3C8366C77AA0} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {00A6FAF1-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {07B18EA0-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {07B18EAA-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ MyWebSearch bar Uninstall (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {af94b35c-3ac5-4030-9f9c-15fb4e3dc339} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {AF94B35C-3AC5-4030-9F9C-15FB4E3DC339} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {AF94B35C-3AC5-4030-9F9C-15FB4E3DC339} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ Uninstall MyWebFace_5abar (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {b1df253a-9e7a-480d-b6a5-7a435b520dbb} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {B1DF253A-9E7A-480D-B6A5-7A435B520DBB} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {B1DF253A-9E7A-480D-B6A5-7A435B520DBB} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {B1DF253A-9E7A-480D-B6A5-7A435B520DBB} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearchToolBar.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearchToolBar.SettingsPlugin (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {1093995A-BA37-41D2-836E-091067C4AD17} (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.IECookiesManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.IECookiesManager (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.DataControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.DataControl (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {E47CAEE0-deea-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.HTMLMenu.2 (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.HTMLMenu (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {3E720452-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {3E720450-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {3E720451-B472-4954-B7AA-33069EB53906} (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.HTMLPanel (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {53CED2D0-5E9A-4761-9005-648404E6F7E5} (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearchToolBar.ToolbarPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearchToolBar.ToolbarPlugin (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {8E6F1830-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.PopSwatterSettingsControl.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.PopSwatterSettingsControl (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {84DA4FDF-A1CF-4195-8688-3E961F505983} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {8E6F1832-9607-4440-8530-13BE7C4B1D14} (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.PopSwatterBarButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.PopSwatterBarButton (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {938AA51A-996C-4884-98CE-80DD16A5C9DA} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {29D67D3C-509A-4544-903F-C8C1B8236554} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.HTMLMenu.1 (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> No action taken.
HKCR \ ScreenSaverControl.ScreenSaverInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ ScreenSaverControl.ScreenSaverInstaller (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {A4730EBE-43A6-9776-443rd-36915D323AD3} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {A9571378-68A1-443d-B082-284F960C6D17} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.OutlookAddin.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {B813095C-81C0-4E40-AA14-67520372B987} (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.KillerObjManager.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.KillerObjManager (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.HistoryKillerScheduler.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.HistoryKillerScheduler (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken.
HKCR \ gencrawler_gc.GenCrawler (Trojan.Downloader) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken.
HKCR \ CLSID \ {CFF4CE82-3AA2-451F-9B77-7165605FB835} (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.HistorySwatterControlBar.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ FunWebProducts.HistorySwatterControlBar (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {D9FFFB27-D62A-4D64-8CEC-1FF006528805} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {E79DFBCA-5697-94E5-4fbd-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {E79DFBC0-5697-94E5-4FBD-5B2A9C7C1612} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {72EE7F04-15BD-4845-A005-D6711144D86A} (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.ChatSessionPlugin.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.ChatSessionPlugin (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ Typelib \ {D518921A-4A03-9873-425th-B9A71756821E} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> No action taken.
HKCR \ Typelib \ {F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ Search Copes \ {56256A51-B582-467th-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Search Copes \ {56256A51-B582-467th-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Low Rights \ Elevation Policy \ {59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Low Rights \ Elevation Policy \ {68AF847F-6E91-9B68-45dd-D6A12C30E5D7} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Low Rights \ Elevation Policy \ {9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Low Rights \ Elevation Policy \ {D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Low Rights \ Elevation Policy \ {DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Low Rights \ Elevation Policy \ {F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.MultipleButton (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.MultipleButton.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.SkinLauncher (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.SkinLauncher.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.SkinLauncherSettings (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.SkinLauncherSettings.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.UrlAlertButton (PUP.MyWebSearch) -> No action taken.
HKCR \ MyWebSearch.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Focus Interactive (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Fun Web Products (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ MyWebSearch (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Low Rights \ RunDll32Policy \ f3ScrCtr.dll (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Multimedia \ WMPlayer \ Schemes \ f3pss (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Office \ Outlook \ Addins \ MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Office \ Word \ Addins \ MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {819FFE22-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {819FFE20-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {819FFE21-35C7-4925-8CDA-4E0E2DB94302} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {03A37CA0-AC78-48C3-B061-E82D3644CCBE} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {65F1815B-26A0-4AA8-A973-1598F6D646F6} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {AFB130D4-7DD2-41EB-A9AD-4C90414657F4} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (PUP.MyWebSearch) -> No action taken.
HKCR \ TypeLib \ {8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (PUP.MyWebSearch) -> No action taken.
HKCR \ Interface \ {01947140-417F-46B6-8751-A3A2B8345E1A} (PUP.MyWebSearch) -> No action taken.
(PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (PUP.MyWebSearch) -> No action taken.
HKCR \ CLSID \ {D858DAFC-9573-4811-B323-7011A3AA7E61} (PUP.MyWebSearch) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
HKCR \ CLSID \ {00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
HKCR \ CLSID \ {07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
HKCR \ TypeLib \ {07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
HKCR \ Interface \ {07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ MyWebSearch bar Uninstall (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Settings \ {07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.

Registry Values ​​detected: 9
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser | {AF94B35C-3AC5-4030-9F9C-15FB4E3DC339} (PUP.MyWebSearch) -> Data: \ ³ "Å ¯: 0 @ Yoe? UN = A9 -> No action undertaken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar | {AF94B35C-3AC5-4030-9F9C-15FB4E3DC339} (PUP.MyWebSearch) -> Data -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ URLSearchHooks | {00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Data -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar | {07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data -> No action taken.
FINDER \ EXTENSIONS \ GENCRAWLER_GC.DLL (Trojan.Downloader) -> Data: 1 -> No action taken.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ URLSearchHooks \ {00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar \ {07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows Media \ WMSDK \ Sources | f3PopularScreensavers (PUP.MyWebSearch) -> Data: C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3SCRCTR.DLL -> No action taken.
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Internet Settings \ User Agent \ Post Platform | FunWebProducts (PUP.MyWebSearch) -> Data -> No action taken.

Registry Data detected: 1
HKLM \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon | Shell (Hijack.Shell) -> Bad: (Explorer.exe C: \ WINDOWS \ Config \ csrss.exe) Good: (Explorer.exe) -> No action taken .

Files detected: 38
C: \ Users \ Hemar-Imprint \ AppData \ Roaming \ Your Protection (Rogue.YourProtection) -> No action taken.
C: \ Program Files \ FunWebProducts (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 1.BIN (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 1.BIN \ chrome (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 2.bin (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 2.bin \ chrome (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 3.bin (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 3.bin \ chrome (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 4.bin (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 4.bin \ chrome (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 5.bin (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 5.bin \ chrome (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 6.bin (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ Installr \ 6.bin \ chrome (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ ScreenSaver (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ FunWebProducts \ ScreenSaver \ Images (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 1.BIN (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 1.BIN \ ThirdPartyInstallers (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 2.bin (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 2.bin \ ThirdPartyInstallers (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ chrome (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ ThirdPartyInstallers (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Avatar (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Game (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Gen1 (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ History (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ icons (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ IE9Mesg (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ jsifb (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Message (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Overlay (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Settings (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ wbnotify (PUP.MyWebSearch) -> No action taken.

Files detected: 87
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ MWSSVC.EXE (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebFace_5a \ bar \ 1.BIN \ 5aSrcAs.dll (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ MWSSRCAS.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ MWSBAR.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebFace_5a \ bar \ 1.BIN \ 5abar.dll (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3HISTSW.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3DTACTL.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3HTMLMU.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3HTML.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3POPSWT.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3SKIN.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3CJPEG.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3SCRCTR.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3OUTLCN.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Users \ Hemar-Imprint \ AppData \ Roaming \ Media Finder \ Extensions \ gencrawler_gc.dll (Trojan.Downloader) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3HTTPCT.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3MSG.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3REPROX.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ MWSOEPLG.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Users \ Hemar-Imprint \ AppData \ Roaming \ cglogs.dat (Malware.Trace) -> No action taken.
C: \ Users \ Hemar-Imprint \ Favorites \ _favdata.dat (Malware.Trace) -> No action taken.
C: \ Users \ Hemar-Imprint \ AppData \ Roaming \ Your Protection \ about.ico (Rogue.YourProtection) -> No action taken.
C: \ Users \ Hemar-Imprint \ AppData \ Roaming \ Your Protection \ splash.mp3 (Rogue.YourProtection) -> No action taken.
C: \ Users \ Hemar-Imprint \ AppData \ Roaming \ Your Protection \ virus.mp3 (Rogue.YourProtection) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 2.bin \ F3REGHK.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ chrome.manifest (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3BKGERR.JPG (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3HKSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3IMSTUB.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3PSSAVR.SCR (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3REGHK.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3RESTUB.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3SCHMON.EXE (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3SPACER.WMV (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3WALLPP.DAT (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ F3WPHOOK.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ FWPBUDDY.PNG (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ install.rdf (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3AUXSTB.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3DLGHK.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3HIGHIN.EXE (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3IDLE.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3IEOVR.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3IMPIPE.EXE (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3MEDINT.EXE (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3PLUGIN.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3SKNLCR.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3SKPLAY.EXE (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3SLSRCH.EXE (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3SRCHMN.EXE (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ M3TPINST.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ MWSMLBTN.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ MWSOEMON.EXE (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ MWSOESTB.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ MWSUABTN.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ NPMYWEBS.DLL (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ 3.bin \ chrome \ M3FFXTBR.JAR (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Avatar \ COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Game \ CHECKERS.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Game \ CHESS.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Game \ REVERSI.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Gen1 \ COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ icons \ CM.ICO (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ icons \ MFC.ICO (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ icons \ PSS.ICO (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ icons \ SMILEY.ICO (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ icons \ WB.ICO (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ icons \ ZWINKY.ICO (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ IE9Mesg \ COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ jsifb \ COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Message \ COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ DOG.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ FISH.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ KUNGFU.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ LIFEGARD.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ MAID.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ MAILBOX.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ OPERA.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ ROBOT.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ SEDUCT.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Notifier \ SURFER.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Overlay \ COMMON.F3S (PUP.MyWebSearch) -> No action taken.
C: \ Program Files \ MyWebSearch \ bar \ Settings \ s_pid.dat (PUP.MyWebSearch) -> No action taken.
 
the Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:44, on 13-7-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\Dual Package.exe
C:\Program Files\LG Soft India Pvt Ltd\Dual Package\bin\TestDDCCI.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Hemar-Opdruk\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - (no file)
R3 - URLSearchHook: (no name) - {8040829d-1177-46e2-9157-8282438b79c7} - C:\Program Files\MyWebFace_5a\bar\1.bin\5aSrcAs.dll (file missing)
R3 - URLSearchHook: (no name) - {95324e44-4b0a-47a9-8f77-9c6415e51c29} - (no file)
R3 - URLSearchHook: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (file missing)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,"C:\Program Files\PC Speed Up\PCSpeedUpNotifier.exe",
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: IEWebHook - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Users\Hemar-Opdruk\AppData\Roaming\Media Finder\Extensions\IEPlugin32.dll
O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 - BHO: WiseConvert - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (file missing)
O2 - BHO: SmileBox EN - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: WiseConvert Toolbar - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - C:\Program Files\WiseConvert\prxtbWise.dll (file missing)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hemar-Opdruk\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - F:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - F:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - F:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O8 - Extra context menu item: Verzenden naar &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 13238 bytes
 
According to your malwarebytes log, you didn't click on the remove selected button to actually remove those infections. Did you click on the remove selected button? If not, please rerun malwarebyes and click on it so that it deletes those infections and then post a new hijackthis log.
 
You must log in or register to reply here.
Back
Top