Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » December 22nd, 2009, 12:12 pm

Thank you for the feedback, I was a little nervous proceeding without it. Here are the requested logs. As for how it's running, I'll have to let you know.

Today is my birthday!!

I'm forty something or other (don't ask, I don't keep count) in case you were wondering.

:bounce:


Malwarebytes' Anti-Malware 1.42
Database version: 3408
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

12/22/2009 10:29:41 AM
mbam-log-2009-12-22 (10-29-41).txt

Scan type: Quick Scan
Objects scanned: 100960
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 117
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\merlin\downloads\MyWebFaceSetup2.3.50.57.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\merlin\Favorites\Free Porn XXX Index - Pornhub, YouPorn, Tube8, RedTube Porn Tube Videos - XXXDEX.COM.url (Rogue.Link) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.06 (written by random/random)
Run by merlin at 2009-12-22 10:37:26
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 193 GB (66%) free of 294 GB
Total RAM: 2942 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:31 AM, on 12/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Users\merlin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\merlin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] "c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPADVISOR] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItup Free\SpeedItUp.exe" -MINI
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Custo ... anager.CAB
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.co ... Detect.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10714 bytes

======Scheduled tasks folder======

C:\Windows\tasks\PCDRScheduledMaintenance.job
C:\Windows\tasks\wrSpySweeper_LE235E389FA7540F8BF94FFE877FC3355.job
C:\Windows\tasks\wrSpySweeper_LE86C0AE2941B4D2BA8ACF2447ED725AC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2009-08-21 4139912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-22 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL [2009-08-17 564624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-09 764296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-09 764296]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-24 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"hpsysdrv"=c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-08 13687328]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-08 92704]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016]
"UpdateP2GoShortCut"=c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"UpdateLBPShortCut"=c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"UpdatePDIRShortCut"=c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"UpdatePSTShortCut"=c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2009-02-02 210216]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"Microsoft Default Manager"=c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-06 224616]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"DVDAgent"=c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-09-09 1148200]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2009-08-17 85888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-03 1394000]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 6515784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-08-05 1644088]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2009-11-10 5244216]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-03-17 2387968]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"SpeedItUpEX"=C:\Program Files\SpeedItup Free\SpeedItUp.exe -MINI []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
PictureMover.lnk - C:\Program Files\PictureMover\Bin\PictureMover.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2009-08-21 4139912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e55f07c8-bba2-11de-9f19-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-22 10:37:26 ----D---- C:\rsit
2009-12-22 10:19:25 ----D---- C:\Users\merlin\AppData\Roaming\Malwarebytes
2009-12-22 10:19:19 ----D---- C:\ProgramData\Malwarebytes
2009-12-22 10:19:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-17 22:56:44 ----N---- C:\Windows\system32\MpSigStub.exe
2009-12-12 22:33:25 ----D---- C:\Users\merlin\AppData\Roaming\AnvSoft
2009-12-12 22:33:17 ----D---- C:\Program Files\AnvSoft
2009-12-11 08:01:55 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-11 08:01:52 ----A---- C:\Windows\system32\httpapi.dll
2009-12-11 06:54:38 ----A---- C:\Windows\system32\winhttp.dll
2009-12-11 06:54:23 ----A---- C:\Windows\system32\mshtml.dll
2009-12-11 06:54:22 ----A---- C:\Windows\system32\ieframe.dll
2009-12-11 06:54:21 ----A---- C:\Windows\system32\wininet.dll
2009-12-11 06:54:21 ----A---- C:\Windows\system32\urlmon.dll
2009-12-11 06:54:21 ----A---- C:\Windows\system32\iertutil.dll
2009-12-11 06:54:20 ----A---- C:\Windows\system32\occache.dll
2009-12-11 06:54:20 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-11 06:54:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-11 06:54:19 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-11 06:54:19 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-11 06:54:19 ----A---- C:\Windows\system32\ieui.dll
2009-12-11 06:54:19 ----A---- C:\Windows\system32\iepeers.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-11 06:54:18 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\iesetup.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\iernonce.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-11 06:52:41 ----A---- C:\Windows\system32\rastls.dll
2009-12-08 22:34:12 ----D---- C:\Program Files\Trend Micro
2009-12-04 13:21:11 ----D---- C:\Windows\system32\vi-VN
2009-12-04 13:21:11 ----D---- C:\Windows\system32\eu-ES
2009-12-04 13:21:11 ----D---- C:\Windows\system32\ca-ES
2009-12-04 13:02:10 ----D---- C:\Windows\system32\EventProviders
2009-12-04 13:02:06 ----A---- C:\Windows\system32\jscript.dll
2009-12-04 12:50:22 ----A---- C:\Windows\system32\mshtmled.dll
2009-12-04 12:50:21 ----A---- C:\Windows\system32\mshtmler.dll
2009-12-04 12:50:21 ----A---- C:\Windows\system32\icardie.dll
2009-12-04 12:50:21 ----A---- C:\Windows\system32\admparse.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\msls31.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\corpol.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\imgutil.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\ieakeng.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\dxtrans.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\dxtmsft.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\webcheck.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\msrating.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\licmgr10.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\inseng.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-04 12:50:17 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-12-04 12:50:17 ----A---- C:\Windows\system32\wextract.exe
2009-12-04 12:50:17 ----A---- C:\Windows\system32\mstime.dll
2009-12-04 12:50:17 ----A---- C:\Windows\system32\ieakui.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\vbscript.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\pngfilt.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\advpack.dll
2009-12-04 12:50:15 ----A---- C:\Windows\system32\url.dll
2009-12-04 12:50:13 ----A---- C:\Windows\system32\mshta.exe
2009-12-04 12:50:13 ----A---- C:\Windows\system32\iexpress.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\SetDepNx.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\PDMSetup.exe
2009-12-02 22:48:24 ----D---- C:\Users\merlin\AppData\Roaming\vlc
2009-12-02 22:45:05 ----D---- C:\Program Files\VideoLAN
2009-12-01 12:52:07 ----A---- C:\Windows\system32\javaws.exe
2009-12-01 12:52:07 ----A---- C:\Windows\system32\javaw.exe
2009-12-01 12:52:07 ----A---- C:\Windows\system32\java.exe
2009-11-28 20:18:02 ----D---- C:\ProgramData\Adobe Systems
2009-11-28 20:17:07 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-11-28 19:50:39 ----D---- C:\Windows\system32\Adobe
2009-11-27 20:55:28 ----A---- C:\Windows\vbaddin.ini
2009-11-27 20:51:39 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2008
2009-11-27 20:51:39 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2005
2009-11-27 20:51:04 ----D---- C:\Program Files\Microsoft Synchronization Services
2009-11-27 20:50:56 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-27 20:49:45 ----D---- C:\Program Files\Microsoft.NET
2009-11-27 20:49:45 ----D---- C:\Program Files\Microsoft Sync Framework
2009-11-27 20:49:45 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-11-27 20:47:48 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-11-27 20:45:54 ----D---- C:\Program Files\Microsoft Analysis Services
2009-11-27 19:48:26 ----D---- C:\Users\merlin\AppData\Roaming\Usenet.nl
2009-11-27 19:48:13 ----D---- C:\Program Files\Usenet.nl
2009-11-26 04:34:58 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 05:25:29 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 05:25:29 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 10:39:04 ----A---- C:\FINIS_IT.TXT
2009-11-23 10:33:58 ----D---- C:\Users\merlin\AppData\Roaming\WinBatch

======List of files/folders modified in the last 1 months======

2009-12-22 10:37:31 ----D---- C:\Windows\Temp
2009-12-22 10:36:14 ----D---- C:\Windows\System32
2009-12-22 10:36:14 ----D---- C:\Windows\inf
2009-12-22 10:36:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-22 10:31:32 ----D---- C:\Windows\system32\drivers
2009-12-22 10:30:38 ----D---- C:\Windows\Resources
2009-12-22 10:29:41 ----RD---- C:\Program Files
2009-12-22 10:29:35 ----D---- C:\Windows\Prefetch
2009-12-22 10:19:19 ----HD---- C:\ProgramData
2009-12-22 09:18:04 ----SHD---- C:\System Volume Information
2009-12-22 09:06:52 ----D---- C:\Windows\system32\catroot2
2009-12-21 22:32:02 ----D---- C:\Windows\Minidump
2009-12-21 22:31:58 ----D---- C:\Windows
2009-12-21 20:19:04 ----D---- C:\Users\merlin\AppData\Roaming\Vso
2009-12-18 02:13:15 ----SD---- C:\ProgramData\Microsoft
2009-12-18 00:10:11 ----D---- C:\ProgramData\Symantec
2009-12-18 00:07:42 ----SHD---- C:\Windows\Installer
2009-12-17 23:08:17 ----D---- C:\Program Files\Common Files
2009-12-17 23:06:31 ----SD---- C:\Windows\Downloaded Program Files
2009-12-17 22:55:32 ----D---- C:\ProgramData\Norton
2009-12-17 22:55:28 ----D---- C:\Windows\Tasks
2009-12-17 22:54:36 ----D---- C:\Windows\system32\catroot
2009-12-16 21:32:54 ----D---- C:\Program Files\Mozilla Firefox
2009-12-11 10:10:19 ----D---- C:\Windows\rescache
2009-12-11 09:51:30 ----D---- C:\Windows\system32\migration
2009-12-11 09:51:29 ----D---- C:\Program Files\Internet Explorer
2009-12-11 09:51:27 ----D---- C:\Windows\system32\en-US
2009-12-11 08:03:28 ----D---- C:\Windows\winsxs
2009-12-07 09:19:23 ----SD---- C:\Users\merlin\AppData\Roaming\Microsoft
2009-12-06 06:01:40 ----D---- C:\ProgramData\Webroot
2009-12-05 03:58:10 ----D---- C:\Windows\Microsoft.NET
2009-12-05 03:57:55 ----RSD---- C:\Windows\assembly
2009-12-05 00:20:26 ----HD---- C:\Program Files\Temp
2009-12-04 13:28:31 ----D---- C:\ProgramData\NVIDIA
2009-12-04 13:27:36 ----SHD---- C:\Boot
2009-12-04 13:21:29 ----D---- C:\Program Files\Windows Mail
2009-12-04 13:21:29 ----D---- C:\Program Files\Windows Calendar
2009-12-04 13:21:29 ----D---- C:\Program Files\Movie Maker
2009-12-04 13:21:28 ----D---- C:\Windows\servicing
2009-12-04 13:21:28 ----D---- C:\Windows\ehome
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Sidebar
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Media Player
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Journal
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Defender
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Collaboration
2009-12-04 13:21:28 ----D---- C:\Program Files\Common Files\System
2009-12-04 13:21:26 ----D---- C:\Windows\system32\XPSViewer
2009-12-04 13:21:26 ----D---- C:\Windows\system32\sk-SK
2009-12-04 13:21:26 ----D---- C:\Windows\system32\lv-LV
2009-12-04 13:21:26 ----D---- C:\Windows\system32\ko-KR
2009-12-04 13:21:26 ----D---- C:\Windows\system32\hr-HR
2009-12-04 13:21:26 ----D---- C:\Windows\system32\et-EE
2009-12-04 13:21:26 ----D---- C:\Windows\system32\da-DK
2009-12-04 13:21:26 ----D---- C:\Windows\IME
2009-12-04 13:21:25 ----D---- C:\Windows\system32\oobe
2009-12-04 13:21:25 ----D---- C:\Windows\system32\it-IT
2009-12-04 13:21:25 ----D---- C:\Windows\system32\el-GR
2009-12-04 13:21:25 ----D---- C:\Windows\system32\de-DE
2009-12-04 13:21:24 ----D---- C:\Windows\system32\zh-TW
2009-12-04 13:21:24 ----D---- C:\Windows\system32\zh-CN
2009-12-04 13:21:24 ----D---- C:\Windows\system32\uk-UA
2009-12-04 13:21:24 ----D---- C:\Windows\system32\tr-TR
2009-12-04 13:21:24 ----D---- C:\Windows\system32\th-TH
2009-12-04 13:21:24 ----D---- C:\Windows\system32\sv-SE
2009-12-04 13:21:24 ----D---- C:\Windows\system32\sr-Latn-CS
2009-12-04 13:21:24 ----D---- C:\Windows\system32\SLUI
2009-12-04 13:21:24 ----D---- C:\Windows\system32\sl-SI
2009-12-04 13:21:24 ----D---- C:\Windows\system32\setup
2009-12-04 13:21:24 ----D---- C:\Windows\system32\ru-RU
2009-12-04 13:21:24 ----D---- C:\Windows\system32\ro-RO
2009-12-04 13:21:24 ----D---- C:\Windows\system32\pt-PT
2009-12-04 13:21:24 ----D---- C:\Windows\system32\pl-PL
2009-12-04 13:21:24 ----D---- C:\Windows\system32\manifeststore
2009-12-04 13:21:24 ----D---- C:\Windows\system32\ja-JP
2009-12-04 13:21:24 ----D---- C:\Windows\system32\hu-HU
2009-12-04 13:21:24 ----D---- C:\Windows\system32\he-IL
2009-12-04 13:21:24 ----D---- C:\Windows\system32\fr-FR
2009-12-04 13:21:24 ----D---- C:\Windows\system32\fi-FI
2009-12-04 13:21:24 ----D---- C:\Windows\system32\es-ES
2009-12-04 13:21:24 ----D---- C:\Windows\system32\en
2009-12-04 13:21:24 ----D---- C:\Windows\system32\cs-CZ
2009-12-04 13:21:24 ----D---- C:\Windows\system32\bg-BG
2009-12-04 13:21:24 ----D---- C:\Windows\system32\AdvancedInstallers
2009-12-04 13:21:23 ----D---- C:\Windows\system32\wbem
2009-12-04 13:21:23 ----D---- C:\Windows\system32\nl-NL
2009-12-04 13:21:23 ----D---- C:\Windows\system32\nb-NO
2009-12-04 13:21:23 ----D---- C:\Windows\system32\lt-LT
2009-12-04 13:21:23 ----D---- C:\Windows\system32\ar-SA
2009-12-04 13:21:22 ----D---- C:\Windows\system32\pt-BR
2009-12-04 13:21:22 ----D---- C:\Windows\system32\migwiz
2009-12-04 13:21:14 ----RSD---- C:\Windows\Fonts
2009-12-04 13:21:14 ----D---- C:\Windows\AppPatch
2009-12-04 13:21:11 ----D---- C:\Windows\system32\Boot
2009-12-04 13:19:47 ----D---- C:\Windows\system32\RTCOM
2009-12-04 12:53:41 ----D---- C:\Windows\PolicyDefinitions
2009-12-03 18:38:51 ----D---- C:\Windows\system32\Tasks
2009-12-03 18:36:00 ----A---- C:\Windows\DIFxAPI.dll
2009-12-01 15:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-12-01 12:51:58 ----D---- C:\Program Files\Java
2009-11-29 18:35:45 ----HD---- C:\Windows\system32\GroupPolicy
2009-11-28 20:19:16 ----D---- C:\Users\merlin\AppData\Roaming\Adobe
2009-11-28 20:16:47 ----D---- C:\Program Files\Common Files\Adobe
2009-11-28 20:13:49 ----D---- C:\ProgramData\Adobe
2009-11-28 20:13:48 ----D---- C:\Program Files\Adobe
2009-11-27 20:57:32 ----D---- C:\ProgramData\Microsoft Help
2009-11-27 20:52:55 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-27 20:52:31 ----D---- C:\Program Files\MSBuild
2009-11-27 20:51:03 ----D---- C:\Windows\ShellNew
2009-11-27 20:49:50 ----D---- C:\Program Files\Microsoft Office
2009-11-27 20:46:19 ----A---- C:\Windows\win.ini
2009-11-27 16:53:58 ----D---- C:\Program Files\DVDFab Platinum 3
2009-11-27 16:50:51 ----A---- C:\Users\merlin\AppData\Roaming\ezpinst.exe
2009-11-24 07:34:25 ----D---- C:\ProgramData\LightScribe
2009-11-23 10:46:45 ----HD---- C:\hp
2009-11-23 10:46:21 ----D---- C:\ProgramData\Hewlett-Packard
2009-11-23 10:45:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-23 10:44:33 ----D---- C:\Program Files\Hewlett-Packard
2009-11-23 10:44:06 ----D---- C:\ProgramData\Temp
2009-11-23 10:38:18 ----RD---- C:\Program Files\Online Services
2009-11-23 10:37:38 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 pwipf6;Privacyware Filter Driver; C:\Windows\system32\DRIVERS\pwipf6.sys [2009-11-21 102224]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-22 279712]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-22 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-01-20 1205312]
R3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-03-08 7764960]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-10-27 47360]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-02-02 20848]
S3 rcmirror;rcmirror; C:\Windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2008-11-12 133152]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2008-05-22 15360]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-08 207392]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-11-21 1201640]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-08-21 4639136]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-28 72704]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [2008-12-08 242424]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-22 182768]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2009-08-21 30510960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-08-21 149352]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-12-22 10:37:32

======Uninstall list======

-->"C:\Program Files\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"
-->"C:\Program Files\HP Games\4 Elements\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled Twist\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Bus Driver\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Farm Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\The Hidden Object Game Show\Uninstall.exe"
-->"C:\Program Files\HP Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files\HP Games\World of Goo\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems PCI-SV92EX Soft Modem-->C:\Windows\agrsmdel
Any Video Converter 3.0.1-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
Ask.com Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Belkin Wireless USB Utility-->C:\Program Files\InstallShield Installation Information\{A6359CCF-215D-43D9-8366-479D231F2A72}\setup.exe -runfromtemp -l0x0409
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
Default Manager-->MsiExec.exe /I{AE469025-08BA-4B2A-915D-CC7765132419}
DVDFab Platinum 3.0.1.3-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor for Windows\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{0295F89F-F698-4101-9A7D-49F407EC2D82}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B84739A3-F943-47E4-95D8-96381EF5AC48}\setup.exe" -l0x9 -removeonly
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{784BEA84-FA66-4B19-BB80-7B545F248AC6}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Live Search Toolbar-->c:\Program Files\MSN\Toolbar\3.0.0552.0\OEMSetup.exe /Uninstall
Microsoft Live Search Toolbar-->MsiExec.exe /X{25A9983D-4BE4-4B25-B66A-1434ECB926A7}
Microsoft Office Access MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office InfoPath MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0044-0409-0000-0000000FF1CE}
Microsoft Office Mondo 2010 (Beta)-->MsiExec.exe /X{20140000-000F-0000-0000-0000000FF1CE}
Microsoft Office Mondo 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall MONDO /dll OSETUP.DLL
Microsoft Office MondoOnly MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0102-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010 (Beta)-->MsiExec.exe /X{20140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0017-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0054-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PictureMover-->MsiExec.exe /X{1896E712-2B3D-45eb-BCE9-542742A51032}
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.6 pywin32-212-->"C:\program files\Python\Removepywin32.exe" -u "C:\program files\Python\pywin32-wininst.log"
Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
The Witcher Enhanced Edition-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Usenet.nl-->"C:\Program Files\Usenet.nl\unins000.exe"
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Webroot Internet Security Essentials-->"C:\Program Files\Webroot\WebrootSecurity\unins001.exe" /Log="C:\Users\merlin\AppData\Local\Temp\Uninstall.txt"
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) [2009-12-17]
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=GRfox000 [2009-12-17]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab [2009-12-17]
O15 - Trusted Zone: http://www.nexusradio.com [2009-12-17]
O4 - HKLM\..\Run: [MyWebSearch Plugin] "rundll32" C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF [2009-12-17]
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe" [2009-12-17]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-12-17]
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h [2009-12-17]
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) [2009-12-17]

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB967723(Security Update) into Install Requested(Install Requested) state
Record Number: 13280
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018061630.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB967723(Security Update) into Install Requested(Install Requested) state
Record Number: 13279
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018061630.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB967723(Security Update) into Install Requested(Install Requested) state
Record Number: 13229
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018061630.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB967723(Security Update) into Install Requested(Install Requested) state
Record Number: 13225
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018061630.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB967723(Security Update) into Install Requested(Install Requested) state
Record Number: 13219
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018061630.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: merlin-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 822
Source Name: Microsoft-Windows-WMI
Time Written: 20091018054057.000000-000
Event Type: Error
User:

Computer Name: merlin-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 796
Source Name: Microsoft-Windows-WMI
Time Written: 20091018053242.000000-000
Event Type: Error
User:

Computer Name: merlin-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {91bd61cb-2475-4bbc-a819-a9ad70ccb58f}
Record Number: 744
Source Name: VSS
Time Written: 20091018052201.000000-000
Event Type: Error
User:

Computer Name: merlin-PC
Event Code: 0
Message: The remote name could not be resolved: 'www.rssx.hp.com' at System.Net.HttpWebRequest.GetResponse()
at TotalCareSetup.Common.InternetDetector.HttpUtility.GetIsNetworkUseful()
Record Number: 415
Source Name: Network not useful. Exception. HP AdvisorUpdate
Time Written: 20091018051645.000000-000
Event Type: Error
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 316
Source Name: Microsoft-Windows-Search
Time Written: 20091018050117.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: WIN-NBORAZN3YX1
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-NBORAZN3YX1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x264
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 233
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.979936-000
Event Type: Audit Success
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 232
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.823936-000
Event Type: Audit Success
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-NBORAZN3YX1$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x264
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 231
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.823936-000
Event Type: Audit Success
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-NBORAZN3YX1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x264
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 230
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.823936-000
Event Type: Audit Success
User:

Computer Name: WIN-NBORAZN3YX1
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1162322507-2519668355-3147520138-500
Account Name: Administrator
Domain Name: WIN-NBORAZN3YX1
Logon ID: 0x2ed2d
Record Number: 229
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090518205503.381136-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Presario
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

-----------------EOF-----------------
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm
Advertisement
Register to Remove

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » December 27th, 2009, 12:30 am

Hi merlin1963,

A belated Happy Birthday! Hope you had a great day.

Let's try to clean up the Ask Toolbar if you still do not want it.


Disable Windows Defender

Windows Defender needs to be disabled to prevent interference with other tools we use.

  • Click Start button, click All Programs, click Image Windows Defender to start the program.
  • Click Tools at top center of window to open Tools and Settings
  • Under Settings, Click Options
  • Scroll down to Administrator Options
  • Under Administrator options, uncheck Use Windows Defender then click Save
  • If Windows asks for your permission, click Continue
  • Click Close at the warning.


HijackThis

Right-click HijackThis icon as click Run as administrator to start HijackThis
Select Do a system scan only
Place a check next to the lines listed below and Close all windows except for HijackThis
Click Fix checked:

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript


Close HijackThis


Delete Files and Folders

Double-click My Computer and navigate to and delete the following folder

C:\Program Files\Ask.com


CCleaner

Click here to download CCleaner and save it to your desktop.

  • Double-click ccsetup***_slim.exe (*** is the version number) to start the installation.
  • Click Run at the security warning.
  • Select language and click OK
  • Click Next at the welcome screen
  • Click I Agree at the license agreement
  • Click Next to install to default location
  • Select the options you want and then click Install
  • Leave "Run CCleaner" checled and click Finish when the installation is complete
  • CCleaner will start. Click Tools at the left
  • Select Uninstall if not selected.
  • Highlight Ask.com Toolbar in the installed programs list and click Delete entry.
  • Click OK at the warning.

NOTE: Do NOT use the Registry tool in the left pane in CCleaner unless you are an expert on the Windows Registry.
Removing certain registry entries can render your computer inoperable!

Reboot your computer and afterward please create a new HijackThis log and post it in your next reply.
Also, let me know how the computer is running and if Firefox has the Ask toolbar as well.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » December 27th, 2009, 7:09 pm

Hi!When I tried to delete the Ask.com icon I got an error message that read "cannot delete MSI installer." Is this a real problem? Because since it came with the Webroot anti virus program, I'm fairly certain there's nothing malicious intented in its installation. I could be wrong though. What do I know? Anyway, it's not on my taskbar or anywhere in the window when I open up Internet Explorer or Firefox, so...

Computer seems to be running about the same, way faster than it was when I first asked for help, but not as fast as it had been oh, say, a few weeks earlier? I have a role playing game I love to play (The Witcher - I tend to gravitate towards role playing, and strategy games) and lately it takes forever to do a game save. Sometimes it'll just get stuck (program not responding).

So, other than streaming video, that's the other lead indicator that everything is not running according to Hoyle (running normal).

Hey!
Guess what?
I just got my Windows 7 upgrade (don't worry, I'm not going to install until I get the all clear). I didn't mention it before because there was a mix up and it looked for a while as if I wasn't going to get it, but it arrived in the mail on Saturday.

So...
I guess Now would be a good time to mention that I got my Windows 7 upgrade and I want to install it..? Can I install it now dad? Can I, can I, can I? Huh? Huh? Huh? Is that the bathroom? I need to go to the bathroom...

Merlin1963
:occasion9:

Oh! And a very belated Merry Christmas to you and yours. Or happy holidays. Or "Hey, I hope at least you got extra time off", day!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:52 PM, on 12/27/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] "c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPADVISOR] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItup Free\SpeedItUp.exe" -MINI
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Custo ... anager.CAB
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) - https://www.hpwindows7upgrade.arvato.co ... Detect.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10448 bytes
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » December 29th, 2009, 12:46 am

Hi Merlin1963,

Happy holidays to you and yours.

Hi!When I tried to delete the Ask.com icon I got an error message that read "cannot delete MSI installer." Is this a real problem?


No, it's not a real problem. It is not malicious and the entry in Programs and Features shouldn't be a problem.

Before you go upgrading Windows let's check a couple of things to see if we can rule out some possible causes of the performance issue.


Check Hard Disk For Errors

  • Please open Notepad. (click Start button > Programs > Accessories > Notepad
    OR Click Start button, click Run..., type notepad and press enter)
  • Click Format in the menu bar and ensure Word Wrap is not checked.
  • Then, copy the entire contents of the code box below and paste it into Notepad.

    Code: Select all
    @Echo off
    cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
    del %0

  • Click File and Save As...
  • Save the file to your Desktop as "runme.bat" (You must include the quotes!)
  • Locate runme.bat (or runme) on your Desktop
  • Right-click runme.bat and click Run as administrator to execute the batch file
  • A blank command window will open on your desktop, then close in a few minutes. This is normal.
  • A text file named checkhd.txt (or checkhd) should appear on your Desktop. Please post the contents of this file in your next reply.


Scan with GMER

Click here to download GMER Rootkit Scanner and save it to your desktop.
  • Right-click the randomly named GMER file and click Run as administrator. If asked to allow gmer driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following boxes:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All
  • Then click the Scan button and wait for it to finish
  • Once done click on the Save.. button at lower right, and in the File name area, type in "Gmer.txt" (include the quotes or it will save as a .log file)
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Please post the contents of gmer.txt and checkhd.txt in your next reply.
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby merlin1963 » January 1st, 2010, 10:08 am

Happy New Year!!! :occasion9:

May you find the strength to stick to all your new year resolutions, the compassion to forgive yourself if you don't. May you find fortune and glory; your one true love; the luck of the Irish, and good health throughout the year!

Thanks for all your help these past few weeks.
Merlin1963

P.S. My New Year's resolution is to quit smoking. Wish me luck. :king:

The type of the file system is NTFS.
Volume label is COMPAQ.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1294 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
22751 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

300736768 KB total disk space.
116274364 KB in 130945 files.
71032 KB in 22752 indexes.
0 KB in bad sectors.
285344 KB in use by the system.
65536 KB occupied by the log file.
184106028 KB available on disk.

4096 bytes in each allocation unit.
75184192 total allocation units on disk.
46026507 allocation units available on disk.




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-01 08:40:11
Windows 6.0.6002 Service Pack 2
Running: fyenv4cn.exe; Driver: C:\Users\merlin\AppData\Local\Temp\agryypod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwAdjustPrivilegesToken [0x8EE15F00]
SSDT 8447D938 ZwAllocateVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwConnectPort [0x8EE16400]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateFile [0x8EE14D60]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateKey [0x8EE15BC0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreatePort [0x8EE16760]
SSDT 85229EE0 ZwCreateProcess
SSDT 844751B0 ZwCreateProcessEx
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateThread [0x8EE16A60]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDebugActiveProcess [0x8EE156D0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteKey [0x8EE13920]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteValueKey [0x8EE13A80]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeviceIoControlFile [0x8EE157D0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenFile [0x8EE14FF0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenProcess [0x8EE13C40]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenSection [0x8EE15260]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenThread [0x8EE15DC0]
SSDT 8447D9B0 ZwQueueApcThread
SSDT 8447D848 ZwReadVirtualMemory
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwResumeThread [0x8EE13EB0]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSecureConnectPort [0x8EE165B0]
SSDT 8447E5B8 ZwSetContextThread
SSDT 85229118 ZwSetInformationProcess
SSDT 8447E630 ZwSetInformationThread
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSetValueKey [0x8EE13780]
SSDT 8447A690 ZwSuspendProcess
SSDT 8447E540 ZwSuspendThread
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateProcess [0x8EE13670]
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateThread [0x8EE13D90]
SSDT 8447D8C0 ZwWriteVirtualMemory
SSDT 8447D758 ZwCreateThreadEx
SSDT \SystemRoot\system32\DRIVERS\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateUserProcess [0x8EE13F60]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (http://www.webroot.com))
AttachedDevice \Driver\tdx \Device\Tcp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
AttachedDevice \Driver\tdx \Device\Udp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

---- EOF - GMER 1.0.15 ----
merlin1963
Active Member
 
Posts: 13
Joined: December 8th, 2009, 5:53 pm

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » January 1st, 2010, 10:58 pm

Hi merlin1963,

Happy New Year and good luck with your resolution.


Could the performance issue have started after you installed Webroot Internet Security Essentials?

We can try one more scan to make as sure as possible that your computer is clean.

ESET Online Scanner

NOTE: You will need to disable your Anti-Virus
To disable Webroot Internet Security Essentials
  • Locate and right-click Webroot Image icon and click Shut Down.
  • Confirm at the warning popup by clicking Shut Down.

Vista users: You will need to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


After the scan is finished, Start Webroot Internet Security Essentials through a Desktop shortcut or the Start Menu (Start > All Programs > Webroot > Webroot Internet Security Essentials > Webroot Internet Security Essentials) or reboot the computer.


Defragment Hard Drive

You may need to defrag the hard drive following the directions found in this post:
How to Defrag your Hard Drive
which is part of the topic What to do if your Computer's running slowly which you may want to read to discover ways to improve performance. (We have cleaned the temp folders with TFC, feel free to keep TFC and run it on occasion to clean clutter from the temp folders.)

Please ask any questions about the instructions if needed and post the ESET log in your next reply. :)
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby shinybeast » January 5th, 2010, 1:04 am

Hello merlin1963,

  • Do you still need help?
  • Do you need more time?
  • Are you having problems understanding or performing the instructions?
Please let me know how things are going otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!
User avatar
shinybeast
Retired Graduate
 
Posts: 1187
Joined: October 29th, 2008, 6:56 pm
Location: -5 hrs GMT (EST)

Re: C\Progra~1\MYWEBS~1\bar\3.bin\M3PLUGIN.

Unread postby Dakeyras » January 6th, 2010, 8:32 am

Due to lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware