Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » December 8th, 2009, 11:57 pm

I get a pop up whenever I log in to PC What does this mean?
C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL
The specified module could not be found
I am currently using web root as an anti virus program, also since the pc is still new I'm running norton anti virus on a 60 day trial basis, of which 9 days remain. I thought this was more than enough to keep me protected. I'm running on Windows Vista 32 bit and my desktop is a compaq presario CQ5110F PC


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:18 PM, on 12/8/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] "c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] "rundll32" C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPADVISOR] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItup Free\SpeedItUp.exe" -MINI
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.nexusradio.com
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Custo ... anager.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.co ... Detect.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12326 bytes
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm
Advertisement
Register to Remove

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby MWR 3 day Mod » December 13th, 2009, 1:11 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » December 14th, 2009, 8:03 pm

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.
  • Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
  • Perform all instructions in the order given.
  • Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
  • The instructions assume you are using an account with administrator privileges.
  • Do not run any other tools to remove malware while we are working.
  • Post all responses in a reply to this topic - Please do not start a new topic.
  • If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
  • If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated. :)


Installed Program List

It would be helpful to see a list of programs installed on your computer.

  • Please start Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager... under System Tools

You will see a list of programs installed on your computer.
Please click the Save List... button and specify where you would like to save the list.
Once you click Save, the list will open in Notepad. Simply copy and paste the entire contents of Notepad in your next post.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » December 15th, 2009, 12:05 pm

Also, I should mention I had a program called zwicky, which was installed as a plug in to my browsers. I no longer see it on either browser and I didn't uninstall it (although I meant to, I just never got around to it)

Also, I was unclear whether to post this as a reply or as a new topic with link attached , so I posted it twice. Please excuse.

7-Zip 4.57
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe AIR
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92EX Soft Modem
Any Video Converter 3.0.1
Ask.com Toolbar
Belkin Wireless USB Utility
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
CyberLink DVD Suite Deluxe
Default Manager
DVDFab Platinum 3.0.1.3
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart DVD
HP Recovery Manager RSS
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Java(TM) 6 Update 17
LabelPrint
LabelPrint
LightScribe System Software
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Live Search Toolbar
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Groove MUI (English) 2010 (Beta)
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2010 (Beta)
Microsoft Office Mondo 2010
Microsoft Office Mondo 2010 (Beta)
Microsoft Office MondoOnly MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project MUI (English) 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
Microsoft Office Visio MUI (English) 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
My Web Search (My Web Face)
Norton Internet Security
Norton Internet Security
Norton Security Scan
NVIDIA Drivers
PictureMover
Power2Go
Power2Go
PowerDirector
PowerDirector
Python 2.6 pywin32-212
Python 2.6.1
Realtek High Definition Audio Driver
Spy Sweeper Core
The Witcher Enhanced Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Usenet.nl
VLC media player 1.0.3
Webroot Internet Security Essentials
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » December 17th, 2009, 3:31 pm

Hi Merlin1963,

Post all responses in a reply to this topic - Please do not start a new topic.

Please read my original welcome post again.

Did you purchase Webroot Internet Security Essentials or is it a trial?
In the instructions below, I am assuming you no longer want Norton. If that is not so, do not follow the portion of the instructions regarding Norton.

Also, did you want the ASK toolbar that came with Webroot? It is considered a borderline program and if you do not want it I suggest you uninstall it.

For Windows Vista, please use right-click and select Run as administrator instead of double-click to run all the tools I ask you to, or they may not work properly.


Uninstall Programs

Click Start button
Type appwiz.cpl and press Enter to open Programs and Features
For each of the programs listed below, right-click them in the list and click Uninstall

Ask.com Toolbar <- if not wanted
My Web Search (My Web Face)
Norton Internet Security
Norton Security Scan
<- uninstall the two Norton programs if unwanted


Perform this Norton Cleanup step only if Norton is unwanted.

Norton Cleanup

  • Click Here to download the Norton Removal Tool and save it to your desktop.
  • Double click on Norton_Removal_Tool.exe to start the tool.
    NOTE: To run the tool in Vista, right-click Norton_Removal_Tool.exe and select Run as Administrator.
  • Follow program prompts, to remove the Norton product.
  • Reboot your computer


HijackThis

You have a site in the Trusted Zone. This basically gives the site complete access to your computer's settings and I strongly suggest you remove it. Check the last line in HijackThis fix below if you choose to remove the site from the Trusted Zone.

  • Start HijackThis by right-clicking the HijackThis shortcut and selecting Run as Administrator
  • Select Do a system scan only
  • Place a check next to the lines listed below and Close all windows except for HijackThis
  • Click Fix checked:
    NOTE: Some entries may no longer exist because of the previous actions.

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [MyWebSearch Plugin] "rundll32" C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRfox000
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O15 - Trusted Zone: http://www.nexusradio.com
<- Check this one if you choose to remove it from the Trusted Zone.

Close HijackThis then reboot the computer

After rebooting, continue with the following.


Delete Files and Folders

In Explorer (right-click Start button, left-click Explore), navigate to and delete the following folder

C:\Program Files\MyWebSearch


DDS Scan

  • Please download DDS by sUBS from one of these links and save it to your desktop
    Link1 | Link 2
  • Double-click the file to start the scan
  • If you get a User Account Control popup, click Allow
  • A black window will open and run the scan
  • When it finishes, two logs will automatically open with Notepad (DDS.txt and Attach.txt)
  • Save the logs to the desktop using Save As... and post the contents of both in your next reply


Please reply with the DDS logs and info requested on Webroot.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » December 18th, 2009, 4:36 am

Ok, I wasn't able to do everything as you requested. Firstly you told me to right click and run as administrator, but you didn't mention where. I tried right clicking on the desktop, the task bar, the start button... that didn't work, so I right clicked on "run" which also produced nothing... so then I just typed appwiz.cpl in the run dialog box got to the uninstall programs window, right clicked all over that, including on the the selected programs mentioned, all I got was the uninstall option, so the bottom line is I don't know how to "run as administrator." I should mention that although I have windows vista a friend of mine some time ago, helped me select "classic view" because I was having trouble finding things in my computer. Also on my desktop I have shortcuts to computer, network, control panel, and a download shortcut, 'cause I'm a dummy. So... this is who your dealing with. A true computer illiterate nerd. So, please... Don't assume I know anything 'cause I don't.
I was able to uninstall the two Nortons, and then I installed the Norton Removal tool and ran it perfectly (a removal tool to remove what you've already removed? What?! What is that all about? Never mind.)
However, the "Ask.com Toolbar", and "My Web Search (My Web Face)" are another matter entirely (probably for lack of "administrative running" I'm guessing). When I tried to uninstall "Ask.com Toolbar" I get the following error message:

Error 1720. There is a problem With this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action vb_IS_FF_OPEN_UNINSTALL script error -2146828235. Microsoft VBScript runtime error: File not found Line 87. Colun 2.

And when I try to uninstall "My Web Search (My Web Face)" I get this error message:

C:\Progra~1\MYWEBS~1\bar\3.bin\mwsbar.dll
The specified module could not be found

So then I got desperate and went into control panel thinking that was the way to go into administrator mode. I went into administrative tools, clicked system configuration and unchecked "My websearch email plugin" "Command" C:\ PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe at "Location" HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

And then unchecked SpeedItUpEx "Command" C:\Program Files\SpeedItUp Free\SpeedItUp.exe" -MINI Located at: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Thinking that would do the trick because it seems to me those two files are related 'cause if memory serves they were downloaded on the same day and then I tried again to uninstall the two remaining programs with still no effect. I can check them back if you want.

I know the instructions say to ask and not guess but there is a reason why I did. Both last time and this time I wasn't able to save the logs on my desktop as instructed and word pad couldn't even find the last log even though it was right there plain as day. Both in both cases I was able to copy and save the logs as windows word documents and by copying and pasting, that's how I was able to post. So, I thought I'd see if I get lucky again. Anyway like I said, I can check them back if you want. They're still there, unchecked.

I'm starting to get desperate and really, really, really nervous and scared, 'cause the computer is running more slowly every day. And my internet connection runs slower still. It's taken me a 1/2 hr just to log on to this page. I'm getting worried that by the time you reply, I won't be able to log on at all. Please help. I know your doing your best, and without you I would have no hope at all since I'm unemployed and can't afford to take it to a shop. But if there's anything you can do to expedite this matter before my computer spontaneously explodes or something :lol:

Anyway, thanks for all your help.
Sincerely,
Merlin

Here are those logs you requested, and remember please, instruct me as you would to a child. I am not at all computer save.

DDS (Ver_09-12-01.01) - NTFSx86
Run by merlin at 0:16:32.38 on Fri 12/18/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1835 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agrsmsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\merlin\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0552.0\msneshellx.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0552.0\msneshellx.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [HPADVISOR] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [hpsysdrv] "c:\program files\hewlett-packard\hp odometer\hpsysdrv.exe"
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Custo ... anager.CAB
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.co ... Detect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mi1933~1\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\merlin\appdata\roaming\mozilla\firefox\profiles\uqqqdl6r.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/|http://www.searchs ... home&id=97
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\users\merlin\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2009-10-18 102224]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-10-18 1201640]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-8-21 4639136]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-8-21 30510960]
S3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-2-2 20848]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]

=============== Created Last 30 ================

2009-12-18 03:56:44 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 03:33:25 0 d-----w- c:\users\merlin\appdata\roaming\AnvSoft
2009-12-13 03:33:17 0 d-----w- c:\program files\AnvSoft
2009-12-11 13:01:55 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 13:01:52 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-11 13:01:52 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 11:52:41 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 03:34:12 0 d-----w- c:\program files\Trend Micro
2009-12-05 22:43:54 28672 ----a-w- c:\windows\system32\f3PSSavr.scr
2009-12-04 18:21:11 0 d-----w- c:\windows\system32\vi-VN
2009-12-04 18:21:11 0 d-----w- c:\windows\system32\eu-ES
2009-12-04 18:21:11 0 d-----w- c:\windows\system32\ca-ES
2009-12-04 18:02:10 0 d-----w- c:\windows\system32\EventProviders
2009-12-04 17:52:08 57667 ----a-w- c:\windows\system32\ieuinit.inf
2009-12-03 03:45:05 0 d-----w- c:\program files\VideoLAN
2009-12-02 01:11:48 362 ----a-w- c:\users\merlin\Downloads - Shortcut (2).lnk
2009-12-02 01:11:16 362 ----a-w- c:\users\merlin\Downloads - Shortcut.lnk
2009-11-29 18:15:03 600 ----a-w- c:\users\merlin\PUTTY.RND
2009-11-29 18:13:19 0 ----a-w- c:\windows\system32\file.ext
2009-11-29 01:18:02 0 d-----w- c:\programdata\Adobe Systems
2009-11-29 01:17:07 0 d-----w- c:\program files\common files\Adobe Systems Shared
2009-11-29 00:50:39 0 d-----w- c:\windows\system32\Adobe
2009-11-28 01:55:28 39 ----a-w- c:\windows\vbaddin.ini
2009-11-28 01:51:39 0 d-----w- c:\program files\Microsoft Visual Studio .NET 2008
2009-11-28 01:51:39 0 d-----w- c:\program files\Microsoft Visual Studio .NET 2005
2009-11-28 01:51:04 0 d-----w- c:\program files\Microsoft Synchronization Services
2009-11-28 01:49:45 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-28 01:47:48 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-28 01:45:54 0 d-----w- c:\program files\Microsoft Analysis Services
2009-11-28 00:48:26 0 d-----w- c:\users\merlin\appdata\roaming\Usenet.nl
2009-11-28 00:48:13 0 d-----w- c:\program files\Usenet.nl
2009-11-26 09:34:58 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 10:25:29 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 10:25:29 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-23 15:33:58 0 d-----w- c:\users\merlin\appdata\roaming\WinBatch
2009-11-21 13:54:05 0 d-----w- c:\programdata\LightScribe

==================== Find3M ====================

2009-12-18 03:54:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-18 03:54:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-18 03:54:35 143360 ----a-w- c:\windows\inf\infstor.dat
2009-12-04 18:21:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-04 18:12:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-12-03 23:36:00 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-11-27 21:50:51 81920 ----a-w- c:\users\merlin\appdata\roaming\ezpinst.exe
2009-11-27 21:50:51 47360 ----a-w- c:\users\merlin\appdata\roaming\pcouffin.sys
2009-11-21 14:43:44 102224 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-06 20:19:42 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 17:00:36 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 17:00:36 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 17:00:34 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-02 18:48:02 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-27 13:55:25 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-22 09:27:23 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-22 09:27:22 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-18 20:55:09 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:17:19.53 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/18/2009 1:01:16 AM
System Uptime: 12/17/2009 11:31:08 PM (1 hours ago)

Motherboard: PEGATRON CORPORATION | | NARRA5
Processor: AMD Athlon(tm) 7550 Dual-Core Processor | Socket AM2 | 2500/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 287 GiB total, 183.927 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.59 GiB free.
E: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

7-Zip 4.57
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92EX Soft Modem
Any Video Converter 3.0.1
Ask.com Toolbar
Belkin Wireless USB Utility
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
Default Manager
DirectX for Managed Code Update (Summer 2004)
DVDFab Platinum 3.0.1.3
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP Odometer
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Java(TM) 6 Update 17
LabelPrint
LightScribe System Software
Microsoft .NET Framework 3.5 SP1
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Groove MUI (English) 2010 (Beta)
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2010 (Beta)
Microsoft Office Mondo 2010
Microsoft Office Mondo 2010 (Beta)
Microsoft Office MondoOnly MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project MUI (English) 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)
Microsoft Office Visio MUI (English) 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
Mozilla Firefox (3.5.6)
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » December 18th, 2009, 11:43 am

Hi merlin1963,

Please be assured that there is nothing to be scared about. We will get your issues sorted out in due time. While I look at your logs, can you please answer my question about Webroot? Did you purchase it or is it a trial?

The My Web Search error is nothing to worry about.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » December 18th, 2009, 4:53 pm

I purchased web root. I took about an hour deliberating whether to go with that or Kaprinsky. In the end I decided on web root because it had a "winner of something or other" from PC Magazine on the box cover.
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » December 18th, 2009, 6:53 pm

Hello merlin1963,

Thanks for the info on Webroot. We will continue to seek out the cause of the slowdown.

Please do not make changes to your computer or attempt to fix things yourself as it makes it hard to diagnose the problem and could possibly make things worse.

Also, please get back to me if you are having problems executing the instructions and do not continue with them if so. I understand things are quite difficult for you now and even loading a webpage is not working as it should. Patience will be required for us to get this sorted out.


First, I need you to go back into System Configuration and restore the computer to Normal Startup.

  • Open the Control Panel
  • Double-click Administrative Tools
  • Double-click System Configuration
  • In the General Tab, select (tick) Normal Startup.
  • Click OK.
  • You should see a message saying that a restart is required to apply the changes.
  • Save any work and close all running programs.
  • Then click Restart.

NOTE: When Windows starts, there will likely be some error messages. Please do not worry about them and close the error message(s). Again, do not fret, the errors are expected and we will deal with them shortly.


Security Application Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 | Link 2

  • You should have a file called SecurityCheck or SecurityCheck.exe on your Desktop afterwards.
  • Right-click SecurityCheck and click Image Run as Administrator in the pop up menu.
  • A new window should open asking if you want to run the program, click Run
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply. (Copy all text then paste in a reply)


Scan with RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop. You should have a file called RSIT or RSIT.exe on your Desktop afterwards.
  • Right-click RSIT and click Image Run as Administrator in the pop up menu.
  • A new window should open asking if you want to run the program, click Run
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open...
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post. (Copy all the text in log.txt and paste it into a reply to this topic. Then repeat for info.txt)

Please include the contents of the SecurityCheck log (checkup.txt) and the contents of the two RSIT logs (log.txt and info.txt) in your next reply. Also, please inform me of how the computer is running now.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » December 18th, 2009, 11:08 pm

There were no error messages on startup, also (Hey!) I no longer get that annoying popup that started this whole mess in the first place. :cheers: PC is still running slower than ever though.

Please remember, the ask.com toolbar and My Web Search (My Web Face) are still there. I still don’t know how to go into administrator mode or whatever it is you asked me to do. (remember, I right clicked everywhere and couldn’t figure out how to do it?) So, maybe things are still running slow because of that. I don’t know.
Thank you,
Merlin1963


Here’s the requested info.

Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

Spy Sweeper Core
HijackThis 2.0.2
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

Logfile of random's system information tool 1.06 (written by random/random)
Run by merlin at 2009-12-18 21:20:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 188 GB (64%) free of 294 GB
Total RAM: 2942 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:51 PM, on 12/18/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Users\merlin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\merlin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] "c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPADVISOR] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItup Free\SpeedItUp.exe" -MINI
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Custo ... anager.CAB
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.co ... Detect.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10707 bytes

======Scheduled tasks folder======

C:\Windows\tasks\PCDRScheduledMaintenance.job
C:\Windows\tasks\wrSpySweeper_LE235E389FA7540F8BF94FFE877FC3355.job
C:\Windows\tasks\wrSpySweeper_LE86C0AE2941B4D2BA8ACF2447ED725AC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2009-08-21 4139912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-22 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL [2009-08-17 564624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-09 764296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-09 764296]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-24 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"hpsysdrv"=c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-08 13687328]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-08 92704]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016]
"UpdateP2GoShortCut"=c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"UpdateLBPShortCut"=c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"UpdatePDIRShortCut"=c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"UpdatePSTShortCut"=c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2009-02-02 210216]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"Microsoft Default Manager"=c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-06 224616]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"DVDAgent"=c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-09-09 1148200]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2009-08-17 85888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 6515784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-08-05 1644088]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2009-11-10 5244216]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-03-17 2387968]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"SpeedItUpEX"=C:\Program Files\SpeedItup Free\SpeedItUp.exe -MINI []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
PictureMover.lnk - C:\Program Files\PictureMover\Bin\PictureMover.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2009-08-21 4139912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e55f07c8-bba2-11de-9f19-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-18 21:20:45 ----D---- C:\rsit
2009-12-17 22:56:44 ----N---- C:\Windows\system32\MpSigStub.exe
2009-12-12 22:33:25 ----D---- C:\Users\merlin\AppData\Roaming\AnvSoft
2009-12-12 22:33:17 ----D---- C:\Program Files\AnvSoft
2009-12-11 08:01:55 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-11 08:01:52 ----A---- C:\Windows\system32\httpapi.dll
2009-12-11 06:54:38 ----A---- C:\Windows\system32\winhttp.dll
2009-12-11 06:54:23 ----A---- C:\Windows\system32\mshtml.dll
2009-12-11 06:54:22 ----A---- C:\Windows\system32\ieframe.dll
2009-12-11 06:54:21 ----A---- C:\Windows\system32\wininet.dll
2009-12-11 06:54:21 ----A---- C:\Windows\system32\urlmon.dll
2009-12-11 06:54:21 ----A---- C:\Windows\system32\iertutil.dll
2009-12-11 06:54:20 ----A---- C:\Windows\system32\occache.dll
2009-12-11 06:54:20 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-11 06:54:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-11 06:54:19 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-11 06:54:19 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-11 06:54:19 ----A---- C:\Windows\system32\ieui.dll
2009-12-11 06:54:19 ----A---- C:\Windows\system32\iepeers.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-11 06:54:18 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\iesetup.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\iernonce.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-11 06:52:41 ----A---- C:\Windows\system32\rastls.dll
2009-12-08 22:34:12 ----D---- C:\Program Files\Trend Micro
2009-12-04 13:21:11 ----D---- C:\Windows\system32\vi-VN
2009-12-04 13:21:11 ----D---- C:\Windows\system32\eu-ES
2009-12-04 13:21:11 ----D---- C:\Windows\system32\ca-ES
2009-12-04 13:02:10 ----D---- C:\Windows\system32\EventProviders
2009-12-04 13:02:06 ----A---- C:\Windows\system32\jscript.dll
2009-12-04 12:50:22 ----A---- C:\Windows\system32\mshtmled.dll
2009-12-04 12:50:21 ----A---- C:\Windows\system32\mshtmler.dll
2009-12-04 12:50:21 ----A---- C:\Windows\system32\icardie.dll
2009-12-04 12:50:21 ----A---- C:\Windows\system32\admparse.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\msls31.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\corpol.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\imgutil.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\ieakeng.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\dxtrans.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\dxtmsft.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\webcheck.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\msrating.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\licmgr10.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\inseng.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-04 12:50:17 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-12-04 12:50:17 ----A---- C:\Windows\system32\wextract.exe
2009-12-04 12:50:17 ----A---- C:\Windows\system32\mstime.dll
2009-12-04 12:50:17 ----A---- C:\Windows\system32\ieakui.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\vbscript.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\pngfilt.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\advpack.dll
2009-12-04 12:50:15 ----A---- C:\Windows\system32\url.dll
2009-12-04 12:50:13 ----A---- C:\Windows\system32\mshta.exe
2009-12-04 12:50:13 ----A---- C:\Windows\system32\iexpress.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\SetDepNx.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\PDMSetup.exe
2009-12-02 22:48:24 ----D---- C:\Users\merlin\AppData\Roaming\vlc
2009-12-02 22:45:05 ----D---- C:\Program Files\VideoLAN
2009-12-01 12:52:07 ----A---- C:\Windows\system32\javaws.exe
2009-12-01 12:52:07 ----A---- C:\Windows\system32\javaw.exe
2009-12-01 12:52:07 ----A---- C:\Windows\system32\java.exe
2009-11-28 20:18:02 ----D---- C:\ProgramData\Adobe Systems
2009-11-28 20:17:07 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-11-28 19:50:39 ----D---- C:\Windows\system32\Adobe
2009-11-27 20:55:28 ----A---- C:\Windows\vbaddin.ini
2009-11-27 20:51:39 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2008
2009-11-27 20:51:39 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2005
2009-11-27 20:51:04 ----D---- C:\Program Files\Microsoft Synchronization Services
2009-11-27 20:50:56 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-27 20:49:45 ----D---- C:\Program Files\Microsoft.NET
2009-11-27 20:49:45 ----D---- C:\Program Files\Microsoft Sync Framework
2009-11-27 20:49:45 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-11-27 20:47:48 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-11-27 20:45:54 ----D---- C:\Program Files\Microsoft Analysis Services
2009-11-27 19:48:26 ----D---- C:\Users\merlin\AppData\Roaming\Usenet.nl
2009-11-27 19:48:13 ----D---- C:\Program Files\Usenet.nl
2009-11-26 04:34:58 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 05:25:29 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 05:25:29 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 10:39:04 ----A---- C:\FINIS_IT.TXT
2009-11-23 10:33:58 ----D---- C:\Users\merlin\AppData\Roaming\WinBatch
2009-11-21 08:54:05 ----D---- C:\ProgramData\LightScribe

======List of files/folders modified in the last 1 months======

2009-12-18 21:20:51 ----D---- C:\Windows\Prefetch
2009-12-18 21:20:47 ----D---- C:\Windows\Temp
2009-12-18 20:47:26 ----D---- C:\Windows\System32
2009-12-18 20:47:26 ----D---- C:\Windows\inf
2009-12-18 20:47:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-18 02:13:15 ----SD---- C:\ProgramData\Microsoft
2009-12-18 00:10:14 ----RD---- C:\Program Files
2009-12-18 00:10:11 ----D---- C:\ProgramData\Symantec
2009-12-18 00:08:52 ----SHD---- C:\System Volume Information
2009-12-18 00:07:42 ----SHD---- C:\Windows\Installer
2009-12-17 23:18:12 ----D---- C:\Windows\system32\catroot2
2009-12-17 23:08:17 ----D---- C:\Program Files\Common Files
2009-12-17 23:06:31 ----SD---- C:\Windows\Downloaded Program Files
2009-12-17 22:55:32 ----D---- C:\Windows\system32\drivers
2009-12-17 22:55:32 ----D---- C:\ProgramData\Norton
2009-12-17 22:55:28 ----D---- C:\Windows\Tasks
2009-12-17 22:54:36 ----D---- C:\Windows\system32\catroot
2009-12-17 13:54:42 ----D---- C:\Windows\Minidump
2009-12-17 13:54:38 ----D---- C:\Windows
2009-12-16 21:32:54 ----D---- C:\Program Files\Mozilla Firefox
2009-12-15 21:22:31 ----D---- C:\Users\merlin\AppData\Roaming\Vso
2009-12-11 10:10:19 ----D---- C:\Windows\rescache
2009-12-11 09:51:30 ----D---- C:\Windows\system32\migration
2009-12-11 09:51:29 ----D---- C:\Program Files\Internet Explorer
2009-12-11 09:51:27 ----D---- C:\Windows\system32\en-US
2009-12-11 08:03:28 ----D---- C:\Windows\winsxs
2009-12-07 09:19:23 ----SD---- C:\Users\merlin\AppData\Roaming\Microsoft
2009-12-06 06:01:40 ----D---- C:\ProgramData\Webroot
2009-12-05 03:58:10 ----D---- C:\Windows\Microsoft.NET
2009-12-05 03:57:55 ----RSD---- C:\Windows\assembly
2009-12-05 00:20:26 ----HD---- C:\Program Files\Temp
2009-12-04 13:28:31 ----D---- C:\ProgramData\NVIDIA
2009-12-04 13:27:36 ----SHD---- C:\Boot
2009-12-04 13:24:45 ----HD---- C:\ProgramData
2009-12-04 13:21:29 ----D---- C:\Program Files\Windows Mail
2009-12-04 13:21:29 ----D---- C:\Program Files\Windows Calendar
2009-12-04 13:21:29 ----D---- C:\Program Files\Movie Maker
2009-12-04 13:21:28 ----D---- C:\Windows\servicing
2009-12-04 13:21:28 ----D---- C:\Windows\ehome
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Sidebar
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Media Player
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Journal
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Defender
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Collaboration
2009-12-04 13:21:28 ----D---- C:\Program Files\Common Files\System
2009-12-04 13:21:26 ----D---- C:\Windows\system32\XPSViewer
2009-12-04 13:21:26 ----D---- C:\Windows\system32\sk-SK
2009-12-04 13:21:26 ----D---- C:\Windows\system32\lv-LV
2009-12-04 13:21:26 ----D---- C:\Windows\system32\ko-KR
2009-12-04 13:21:26 ----D---- C:\Windows\system32\hr-HR
2009-12-04 13:21:26 ----D---- C:\Windows\system32\et-EE
2009-12-04 13:21:26 ----D---- C:\Windows\system32\da-DK
2009-12-04 13:21:26 ----D---- C:\Windows\IME
2009-12-04 13:21:25 ----D---- C:\Windows\system32\oobe
2009-12-04 13:21:25 ----D---- C:\Windows\system32\it-IT
2009-12-04 13:21:25 ----D---- C:\Windows\system32\el-GR
2009-12-04 13:21:25 ----D---- C:\Windows\system32\de-DE
2009-12-04 13:21:24 ----D---- C:\Windows\system32\zh-TW
2009-12-04 13:21:24 ----D---- C:\Windows\system32\zh-CN
2009-12-04 13:21:24 ----D---- C:\Windows\system32\uk-UA
2009-12-04 13:21:24 ----D---- C:\Windows\system32\tr-TR
2009-12-04 13:21:24 ----D---- C:\Windows\system32\th-TH
2009-12-04 13:21:24 ----D---- C:\Windows\system32\sv-SE
2009-12-04 13:21:24 ----D---- C:\Windows\system32\sr-Latn-CS
2009-12-04 13:21:24 ----D---- C:\Windows\system32\SLUI
2009-12-04 13:21:24 ----D---- C:\Windows\system32\sl-SI
2009-12-04 13:21:24 ----D---- C:\Windows\system32\setup
2009-12-04 13:21:24 ----D---- C:\Windows\system32\ru-RU
2009-12-04 13:21:24 ----D---- C:\Windows\system32\ro-RO
2009-12-04 13:21:24 ----D---- C:\Windows\system32\pt-PT
2009-12-04 13:21:24 ----D---- C:\Windows\system32\pl-PL
2009-12-04 13:21:24 ----D---- C:\Windows\system32\manifeststore
2009-12-04 13:21:24 ----D---- C:\Windows\system32\ja-JP
2009-12-04 13:21:24 ----D---- C:\Windows\system32\hu-HU
2009-12-04 13:21:24 ----D---- C:\Windows\system32\he-IL
2009-12-04 13:21:24 ----D---- C:\Windows\system32\fr-FR
2009-12-04 13:21:24 ----D---- C:\Windows\system32\fi-FI
2009-12-04 13:21:24 ----D---- C:\Windows\system32\es-ES
2009-12-04 13:21:24 ----D---- C:\Windows\system32\en
2009-12-04 13:21:24 ----D---- C:\Windows\system32\cs-CZ
2009-12-04 13:21:24 ----D---- C:\Windows\system32\bg-BG
2009-12-04 13:21:24 ----D---- C:\Windows\system32\AdvancedInstallers
2009-12-04 13:21:23 ----D---- C:\Windows\system32\wbem
2009-12-04 13:21:23 ----D---- C:\Windows\system32\nl-NL
2009-12-04 13:21:23 ----D---- C:\Windows\system32\nb-NO
2009-12-04 13:21:23 ----D---- C:\Windows\system32\lt-LT
2009-12-04 13:21:23 ----D---- C:\Windows\system32\ar-SA
2009-12-04 13:21:22 ----D---- C:\Windows\system32\pt-BR
2009-12-04 13:21:22 ----D---- C:\Windows\system32\migwiz
2009-12-04 13:21:14 ----RSD---- C:\Windows\Fonts
2009-12-04 13:21:14 ----D---- C:\Windows\AppPatch
2009-12-04 13:21:11 ----D---- C:\Windows\system32\Boot
2009-12-04 13:19:47 ----D---- C:\Windows\system32\RTCOM
2009-12-04 12:53:41 ----D---- C:\Windows\PolicyDefinitions
2009-12-03 18:38:51 ----D---- C:\Windows\system32\Tasks
2009-12-03 18:36:00 ----A---- C:\Windows\DIFxAPI.dll
2009-12-01 15:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-12-01 12:51:58 ----D---- C:\Program Files\Java
2009-11-29 18:35:45 ----HD---- C:\Windows\system32\GroupPolicy
2009-11-28 20:19:16 ----D---- C:\Users\merlin\AppData\Roaming\Adobe
2009-11-28 20:16:47 ----D---- C:\Program Files\Common Files\Adobe
2009-11-28 20:13:49 ----D---- C:\ProgramData\Adobe
2009-11-28 20:13:48 ----D---- C:\Program Files\Adobe
2009-11-27 20:57:32 ----D---- C:\ProgramData\Microsoft Help
2009-11-27 20:52:55 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-27 20:52:31 ----D---- C:\Program Files\MSBuild
2009-11-27 20:51:03 ----D---- C:\Windows\ShellNew
2009-11-27 20:49:50 ----D---- C:\Program Files\Microsoft Office
2009-11-27 20:46:19 ----A---- C:\Windows\win.ini
2009-11-27 16:53:58 ----D---- C:\Program Files\DVDFab Platinum 3
2009-11-27 16:50:51 ----A---- C:\Users\merlin\AppData\Roaming\ezpinst.exe
2009-11-23 10:46:45 ----HD---- C:\hp
2009-11-23 10:46:21 ----D---- C:\ProgramData\Hewlett-Packard
2009-11-23 10:45:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-23 10:44:33 ----D---- C:\Program Files\Hewlett-Packard
2009-11-23 10:44:06 ----D---- C:\ProgramData\Temp
2009-11-23 10:38:18 ----RD---- C:\Program Files\Online Services
2009-11-23 10:37:38 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 pwipf6;Privacyware Filter Driver; C:\Windows\system32\DRIVERS\pwipf6.sys [2009-11-21 102224]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-22 279712]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-22 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-01-20 1205312]
R3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-03-08 7764960]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-10-27 47360]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-02-02 20848]
S3 rcmirror;rcmirror; C:\Windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2008-11-12 133152]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2008-05-22 15360]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-08 207392]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-11-21 1201640]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-08-21 4639136]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-28 72704]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [2008-12-08 242424]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-22 182768]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2009-08-21 30510960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-08-21 149352]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-12-18 21:20:53

======Uninstall list======

-->"C:\Program Files\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"
-->"C:\Program Files\HP Games\4 Elements\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled Twist\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Bus Driver\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Farm Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\The Hidden Object Game Show\Uninstall.exe"
-->"C:\Program Files\HP Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files\HP Games\World of Goo\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems PCI-SV92EX Soft Modem-->C:\Windows\agrsmdel
Any Video Converter 3.0.1-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
Ask.com Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Belkin Wireless USB Utility-->C:\Program Files\InstallShield Installation Information\{A6359CCF-215D-43D9-8366-479D231F2A72}\setup.exe -runfromtemp -l0x0409
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
Default Manager-->MsiExec.exe /I{AE469025-08BA-4B2A-915D-CC7765132419}
DVDFab Platinum 3.0.1.3-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor for Windows\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{0295F89F-F698-4101-9A7D-49F407EC2D82}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B84739A3-F943-47E4-95D8-96381EF5AC48}\setup.exe" -l0x9 -removeonly
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{784BEA84-FA66-4B19-BB80-7B545F248AC6}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Live Search Toolbar-->c:\Program Files\MSN\Toolbar\3.0.0552.0\OEMSetup.exe /Uninstall
Microsoft Live Search Toolbar-->MsiExec.exe /X{25A9983D-4BE4-4B25-B66A-1434ECB926A7}
Microsoft Office Access MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office InfoPath MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0044-0409-0000-0000000FF1CE}
Microsoft Office Mondo 2010 (Beta)-->MsiExec.exe /X{20140000-000F-0000-0000-0000000FF1CE}
Microsoft Office Mondo 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall MONDO /dll OSETUP.DLL
Microsoft Office MondoOnly MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0102-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010 (Beta)-->MsiExec.exe /X{20140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0017-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0054-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
My Web Search (My Web Face)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsbar.dll,O
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PictureMover-->MsiExec.exe /X{1896E712-2B3D-45eb-BCE9-542742A51032}
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.6 pywin32-212-->"C:\program files\Python\Removepywin32.exe" -u "C:\program files\Python\pywin32-wininst.log"
Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
The Witcher Enhanced Edition-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Usenet.nl-->"C:\Program Files\Usenet.nl\unins000.exe"
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Webroot Internet Security Essentials-->"C:\Program Files\Webroot\WebrootSecurity\unins001.exe" /Log="C:\Users\merlin\AppData\Local\Temp\Uninstall.txt"
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) [2009-12-17]
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRfox000 [2009-12-17]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab [2009-12-17]
O15 - Trusted Zone: http://www.nexusradio.com [2009-12-17]
O4 - HKLM\..\Run: [MyWebSearch Plugin] "rundll32" C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF [2009-12-17]
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe" [2009-12-17]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-12-17]
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h [2009-12-17]
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) [2009-12-17]

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11567
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11535
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11530
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11527
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11523
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: merlin-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 822
Source Name: Microsoft-Windows-WMI
Time Written: 20091018054057.000000-000
Event Type: Error
User:

Computer Name: merlin-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 796
Source Name: Microsoft-Windows-WMI
Time Written: 20091018053242.000000-000
Event Type: Error
User:

Computer Name: merlin-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {91bd61cb-2475-4bbc-a819-a9ad70ccb58f}
Record Number: 744
Source Name: VSS
Time Written: 20091018052201.000000-000
Event Type: Error
User:

Computer Name: merlin-PC
Event Code: 0
Message: The remote name could not be resolved: 'www.rssx.hp.com' at System.Net.HttpWebRequest.GetResponse()
at TotalCareSetup.Common.InternetDetector.HttpUtility.GetIsNetworkUseful()
Record Number: 415
Source Name: Network not useful. Exception. HP AdvisorUpdate
Time Written: 20091018051645.000000-000
Event Type: Error
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 316
Source Name: Microsoft-Windows-Search
Time Written: 20091018050117.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: WIN-NBORAZN3YX1
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-NBORAZN3YX1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x264
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 233
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.979936-000
Event Type: Audit Success
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 232
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.823936-000
Event Type: Audit Success
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-NBORAZN3YX1$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x264
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 231
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.823936-000
Event Type: Audit Success
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-NBORAZN3YX1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x264
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 230
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.823936-000
Event Type: Audit Success
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1162322507-2519668355-3147520138-500
Account Name: Administrator
Domain Name: WIN-NBORAZN3YX1
Logon ID: 0x2ed2d
Record Number: 229
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090518205503.381136-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Presario
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

-----------------EOF-----------------



Please remember, the ask.com toolbar and My Web Search (My Web Face) are still there. I still don’t know how to go into administrator mode or whatever it is you asked me to do. (remember, I right clicked everywhere and couldn’t figure out how to do it?) So, maybe things are still running slow because of that. I don’t know.
Thank you,
Merlin1963
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » December 19th, 2009, 4:28 pm

Hi merlin1963,

We will get the My Web Search and Ask Toolbar taken care of soon. First, I want explain something a bit and ask a question so we can determine if the computer is having other issues.

There are several user accounts on your computer. One is "merlin", the one you use. Another is "administrator". When you right-click a program and click "Run as administrator", you are telling Windows to run the program using the administrator account instead of the one you are logged into (merlin). It is not a mode you enter per se. We do this to make sure the tools run correctly. When you right-click a program icon on your desktop, do you see the menu option circled in red in this picture?

Image
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » December 19th, 2009, 7:13 pm

Yes, thank you for that explanation. I went back just now to apwizz.cpl to search for the option again. It still doesn't appear there but it does appear on every program icon on the desk top. Also, things have started to run much closer to normal as of late. Not exactly, but I do see an improvement, thanks. Please continue. :cyclopsani:
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » December 19th, 2009, 11:30 pm

Hi merlin1963,

The right-click and "Run as administrator" only works for program files and shortcuts to program files. Appwiz.cpl command is just another way to get to "Programs and Features" in the Control Panel. You cannot right-click a command and run it as adminstrator so don't worrry about that. (Also, if you have the classic view for the start menu, you would have to click Run... in the start menu to run appwiz.cpl)

From now on, I will explicitly say if you need to right-click and use "Run as administrator" for a specific tool.

Let's continue.


TFC (Temp File Cleaner)

  • Click here to download TFC by OldTimer and save it to your desktop.
    NOTE: Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

Note: TFC should not take longer than a couple of minutes.


Download and Run Malwarebytes' Anti-Malware

Please download the free version of Malwarebytes' Anti-Malware and save to a convenient location.
Double-click the mbam-setup.exe file that you download to start the installation
Go through the install screens and before you click finish ensure that these two check boxes are checked.
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware

The program will then check for updates. If you have a firewall installed and it throws up a warning, please allow Malwarebytes through.
  • Once it checks for and gets any updates tick Perform quick scan
  • Click Scan
  • When it finishes, click OK in the window that pops up and then click Show Results in the main window
  • Ensure that all items are checked and click Remove Selected.
  • When the removal is complete, a logfile will open. Please copy and paste the entire contents of the logfile in your next reply. See NOTE below
  • If necessary, the logfile can also be accessed by running Malwarebytes' and clicking the Log tab. Double-click the current log to open it.
NOTE: If Malwarebytes' encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let it proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent Malwarebytes' from removing all the malware.


If MalwareBytes' does not need to reboot, please go ahead and reboot the computer.


Scan with RSIT

We need to delete the rsit folder so that both logs will be produced.

First, open Explorer (right-click Start button and click Explore)
Navigate to C: and delete the folder C:\rsit.

  • RSIT should still be on your desktop, if it is not, download it from here and save RSIT.exe to you Desktop
  • Right-click RSIT.exe and click Run as administrator to run RSIT
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open...
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
Please reply with the contents of the Malwarebytes' log, the RSIT logs and tell me how the computer is running after performing the instructions. :)
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » December 21st, 2009, 5:18 pm

Perhaps I don't know what you mean by, "Navigate to C: and delete the folder C:\rsit." When I right click explorer I get a window divided in two, on the left in a column are a bunch of folders, in the middle is a file marked programs. In it are more yellow files marked "Accessories", Administrative Tools", "Browser Plus". "Maintenance", and, "Start up". Then there's a couple of program files underneath that. Cyberlink DVD Suite, IE, Windows Mail, and Windows Media Explorer. Above, to the right is a search field. When I type C:\rsit I get nothing, Search can't find it.
On the left hand side though, in that column of folders if I go to "Downloads" I can see it there. Is this what you want me to delete? The icon for Rsit on the desktop is a true icon and not one of those shortcut icons with the arrow pointing to the distance. If I use advanced search, and I just type "rsit", a yellow bar appears informing me, "searches might be slow in non indexed locations: C:\ D:\ Click to add to index." (Do I want to do this)? In the main window I then see two icons. The main icon that the column marked folders states is on the Desktop (C:\Users... and a yellow folder that the column states just C:\ If I double click that folder it opens up to 3 document files, Info, Log, and Log2. You want me to delete that whole folder by right clicking and selecting delete?

Sorry if I'm being a little stupid here. Thanks for your time.

TFC is on my desktop as instructed and Malwarebytes' Anti-Malware is in the downloads file. I haven't done anything with them yet as I'll wait for further instruction on the above matter before I continue.

On a side note, the computer is running faster now (I think I mentioned this before) but not back to normal. Lately as I've been watching movies on Netflix using Mozilla Firefox 5.0 I've been getting a lot of system crashes. I can watch about 40 min. or so of video before the whole thing crashes. Is this expected?

Thank you for your help
Merlin1963 :x3:
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » December 22nd, 2009, 9:23 am

Hi merlin1963,

Thanks for asking for clarification.

On the left hand side though, in that column of folders if I go to "Downloads" I can see it there. Is this what you want me to delete?

That is not it. You did find the correct one though. See below.

The icon for Rsit on the desktop is a true icon and not one of those shortcut icons with the arrow pointing to the distance. If I use advanced search, and I just type "rsit", a yellow bar appears informing me, "searches might be slow in non indexed locations: C:\ D:\ Click to add to index." (Do I want to do this)?

Windows is asking if you want to add those drives to the search index. "By default, Windows Search indexes only the contents of each user's "Documents" and "Favorites" folders, the "Public" folder, and the default mail store on their PC." - source. See that link for more information on what search indexing is and how it works. You should not add the D: drive to the index. And I suggest you not add the C: drive either but it will not hurt. If you do, please wait until we are done cleaning your computer.

In the main window I then see two icons. The main icon that the column marked folders states is on the Desktop (C:\Users... and a yellow folder that the column states just C:\ If I double click that folder it opens up to 3 document files, Info, Log, and Log2. You want me to delete that whole folder by right clicking and selecting delete?

You found it. It is the folder with log, log2 and info in it. Yes, delete the folder with those logs in it.

Also, please keep online activity to a minimum until we get the computer cleaned up. Cleaning may or may not make a difference streaming movies from Netflix.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 16 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware