« previous next »
Pages: [1]   Go Down

Author Topic: mywebsearch;-(  (Read 389 times)

0 Members and 1 Guest are viewing this topic.

Offline Ghost

  • LzD Friends
  • Sr. Member
  • *****
  • Posts: 277
mywebsearch;-(
« on: December 05, 2011, 10:02:30 PM »
hi all,
a friend says his laptop is running slow and it is.
info.txt logfile of random's system information tool 1.09 2011-12-05 17:26:06

======Uninstall list======

-->"C:\Program Files (x86)\Acer Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files (x86)\Acer Games\Web Link - Club Penguin\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}\setup.exe" -runfromtemp -l0x0409 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}\setup.exe" -runfromtemp -l0x0409  -removeonly
-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
18 Wheels of Steel - American Long Haul-->"C:\Program Files (x86)\Acer Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"
Acer Backup Manager-->C:\Program Files (x86)\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0409
Acer Crystal Eye webcam Ver:1.1.188.706-->"C:\Program Files (x86)\InstallShield Installation Information\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}\setup.exe" -runfromtemp -l0x0409  -removeonly
Acer ePower Management-->"C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x409 -removeonly
Acer eRecovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x409 -removeonly
Acer Game Console-->"C:\Program Files (x86)\Acer Games\Acer Game Console\Uninstall.exe"
Acer Games-->"C:\Program Files (x86)\Acer Games\Uninstall.exe"
Acer Registration-->C:\Program Files (x86)\Acer\Registration\Uninstall.exe
Acer ScreenSaver-->C:\Program Files (x86)\Acer\Screensaver\Uninstall.exe
Acer Updater-->"C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x409 -removeonly
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 9.4.5 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Agatha Christie - Death on the Nile-->"C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\Uninstall.exe"
Astrology.com-->rundll32 C:\PROGRA~2\ASTROL~2\bar\1.bin\t8unpat.dll,O
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Backup Manager Basic-->C:\Program Files (x86)\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x0409
Bejeweled 2 Deluxe-->"C:\Program Files (x86)\Acer Games\Bejeweled 2 Deluxe\Uninstall.exe"
Blackhawk Striker 2-->"C:\Program Files (x86)\Acer Games\Blackhawk Striker 2\Uninstall.exe"
Build-a-lot 2-->"C:\Program Files (x86)\Acer Games\Build-a-lot 2\Uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}
Chuzzle Deluxe-->"C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\Uninstall.exe"
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DictionaryBoss-->rundll32 C:\PROGRA~2\DICTIO~2\bar\1.bin\t8unpat.dll,O
Diner Dash 2 Restaurant Rescue-->"C:\Program Files (x86)\Acer Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
Dora's Carnival Adventure-->"C:\Program Files (x86)\Acer Games\Dora's Carnival Adventure\Uninstall.exe"
East-Tec Eraser 2008 Version 8.9-->"C:\Program Files (x86)\East-Tec Eraser 2008\unins000.exe"
eSobi v2-->C:\Program Files (x86)\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
FATE-->"C:\Program Files (x86)\Acer Games\FATE\Uninstall.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hunting Unlimited 2011-->"C:\Program Files (x86)\Acer Games\Hunting Unlimited 2011\uninstall\uninstaller.exe"
Identity Card-->C:\Program Files (x86)\Acer\Identity Card\Uninstall.exe
Inbox Toolbar-->"C:\Program Files (x86)\Inbox Toolbar\unins000.exe"
InstallIQ Updater-->MsiExec.exe /X{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
Jewel Quest - Heritage-->"C:\Program Files (x86)\Acer Games\Jewel Quest - Heritage\Uninstall.exe"
Jewel Quest Solitaire 2-->"C:\Program Files (x86)\Acer Games\Jewel Quest Solitaire 2\Uninstall.exe"
John Deere Drive Green-->"C:\Program Files (x86)\Acer Games\John Deere Drive Green\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
jv16 PowerTools 1.3-->"C:\Program Files (x86)\jv16 PowerTools\unins000.exe"
Launch Manager-->C:\Windows\UNINSTLMv4.EXE LMv4.UNI
LittlePDF 1.0.0.0-->C:\Program Files (x86)\LittlePDF\uninst.exe
Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Click-to-Run 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Starter 2010 - English-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mobile Broadband Generic Drivers-->MsiExec.exe /i{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}
Mozilla Firefox 8.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MyWinLocker Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}\setup.exe" -runfromtemp -l0x0409  -removeonly
MyWinLocker Suite-->MsiExec.exe /X{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}
MyWinLocker-->MsiExec.exe /X{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}
NTI Media Maker 9-->C:\Program Files (x86)\InstallShield Installation Information\{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}\setup.exe -runfromtemp -l0x0409
OpenOffice.org 3.2-->MsiExec.exe /I{5A13987D-55F4-4271-A40E-76AC9B1B38FD}
Penguins!-->"C:\Program Files (x86)\Acer Games\Penguins!\Uninstall.exe"
Plants vs. Zombies-->"C:\Program Files (x86)\Acer Games\Plants vs. Zombies\Uninstall.exe"
Polar Bowler-->"C:\Program Files (x86)\Acer Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files (x86)\Acer Games\Polar Golfer\Uninstall.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -removeonly
Registry Mechanic 5.0-->"C:\Program Files (x86)\Registry Mechanic\unins000.exe"
Revo Uninstaller 1.91-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Shredder-->MsiExec.exe /I{C2695E83-CF1D-43D1-84FE-B3BEC561012A}
SpywareBlaster 4.5-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files (x86)\SpywareGuard\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Virtual Villagers 4 - The Tree of Life-->"C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe"
Walgreens PictureMover-->MsiExec.exe /X{113DE59D-B57A-4075-9D4F-5803DFA69EB7}
Welcome Center-->C:\Program Files (x86)\Acer\Welcome Center\Uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows7FirewallControl (i386) 3.5.1.131-->"C:\Program Files (x86)\Windows7FirewallControl\unins000.exe"
Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Zuma's Revenge-->"C:\Program Files (x86)\Acer Games\Zuma's Revenge\Uninstall.exe"

======System event log======

Computer Name: Brian-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2160841).
Record Number: 31703
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20110122161833.522508-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Brian-PC
Event Code: 4
Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
Record Number: 31617
Source Name: k57nd60a
Time Written: 20110122161402.192029-000
Event Type: Warning
User:

Computer Name: Brian-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 31603
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20110122015407.883842-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Brian-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2160841).
Record Number: 31243
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20110121143902.863737-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Brian-PC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 for x64-based Systems (KB2160841).
Record Number: 31207
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20110120163824.871303-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Brian-PC
Event Code: 20227
Message: CoId={64524864-F293-431A-ACD3-5386E59E91E2}: The user Brian-PC\Brian dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Record Number: 1055
Source Name: RasClient
Time Written: 20101105071335.000000-000
Event Type: Error
User:

Computer Name: Brian-PC
Event Code: 20227
Message: CoId={8C4E6479-6B49-4494-9E9F-CB5152AC0BF1}: The user Brian-PC\Brian dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Record Number: 1051
Source Name: RasClient
Time Written: 20101105070805.000000-000
Event Type: Error
User:

Computer Name: Brian-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 984
Source Name: Microsoft-Windows-Search
Time Written: 20101106092212.000000-000
Event Type: Warning
User:

Computer Name: WIN-0RATSED9SVS
Event Code: 35
Message: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.
Record Number: 970
Source Name: SideBySide
Time Written: 20100813161748.000000-000
Event Type: Error
User:

Computer Name: WIN-0RATSED9SVS
Event Code: 35
Message: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.
Record Number: 969
Source Name: SideBySide
Time Written: 20100813161747.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: WIN-0RATSED9SVS
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-5-18
   Account Name:      WIN-0RATSED9SVS$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Logon Type:         5

New Logon:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x25c
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Workstation Name:   
   Source Network Address:   -
   Source Port:      -

Detailed Authentication Information:
   Logon Process:      Advapi 
   Authentication Package:   Negotiate
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 808
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100813161752.308935-000
Event Type: Audit Success
User:

Computer Name: WIN-0RATSED9SVS
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7

Privileges:      SeAssignPrimaryTokenPrivilege
         SeTcbPrivilege
         SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeAuditPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege
Record Number: 807
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100813161751.918934-000
Event Type: Audit Success
User:

Computer Name: WIN-0RATSED9SVS
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-5-18
   Account Name:      WIN-0RATSED9SVS$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Logon Type:         5

New Logon:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x25c
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Workstation Name:   
   Source Network Address:   -
   Source Port:      -

Detailed Authentication Information:
   Logon Process:      Advapi 
   Authentication Package:   Negotiate
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 806
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100813161751.918934-000
Event Type: Audit Success
User:

Computer Name: WIN-0RATSED9SVS
Event Code: 4738
Message: A user account was changed.

Subject:
   Security ID:      S-1-5-21-2574711164-1509574982-2184090652-500
   Account Name:      Administrator
   Account Domain:      WIN-0RATSED9SVS
   Logon ID:      0x24570

Target Account:
   Security ID:      S-1-5-21-2574711164-1509574982-2184090652-500
   Account Name:      Administrator
   Account Domain:      WIN-0RATSED9SVS

Changed Attributes:
   SAM Account Name:   -
   Display Name:      -
   User Principal Name:   -
   Home Directory:      -
   Home Drive:      -
   Script Path:      -
   Profile Path:      -
   User Workstations:   -
   Password Last Set:   -
   Account Expires:      -
   Primary Group ID:   -
   AllowedToDelegateTo:   -
   Old UAC Value:      0x211
   New UAC Value:      0x211
   User Account Control:   -
   User Parameters:   -
   SID History:      -
   Logon Hours:      -

Additional Information:
   Privileges:      -
Record Number: 805
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100813161748.440128-000
Event Type: Audit Success
User:

Computer Name: WIN-0RATSED9SVS
Event Code: 1102
Message: The audit log was cleared.
Subject:
   Security ID:   S-1-5-21-2574711164-1509574982-2184090652-500
   Account Name:   Administrator
   Domain Name:   WIN-0RATSED9SVS
   Logon ID:   0x24570
Record Number: 804
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100813161741.154916-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\EgisTec MyWinLocker\x86;C:\Program Files (x86)\EgisTec MyWinLocker\x64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0603

-----------------EOF-----------------
Logged
Linux Ubuntu 10.04.1
Scratch built
AMD Duel Core 2.8 gig Processor, 4 gig Ram
Registered Linux User #481143
Registered Machine #390361

Offline Ghost

  • LzD Friends
  • Sr. Member
  • *****
  • Posts: 277
part2
« Reply #1 on: December 05, 2011, 10:04:19 PM »
Logfile of random's system information tool 1.09 (written by random/random)
Run by Brian at 2011-12-05 17:55:17
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 245 GB (84%) free of 291 GB
Total RAM: 2811 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:55:20 PM, on 12/5/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files (x86)\SpywareGuard\sgmain.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Astrology_4a\bar\1.bin\4abrmon.exe
C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4brmon.exe
C:\Program Files (x86)\SpywareGuard\sgbhp.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Users\Brian\Desktop\RSIT(1).exe
C:\Program Files (x86)\trend micro\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5552&r=273611103425l04f4z1j5v47021243
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5552&r=273611103425l04f4z1j5v47021243
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80502&lng=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5552&r=273611103425l04f4z1j5v47021243
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
R3 - URLSearchHook: (no name) - {0d16fc21-2654-41b3-9b67-64ecfed1057a} - C:\Program Files (x86)\Astrology_4a\bar\1.bin\4aSrcAs.dll
R3 - URLSearchHook: (no name) - {e7472076-ff9d-4325-8eaf-613572008758} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll
O2 - BHO: Search Assistant BHO - {58376892-60e7-4f63-aca0-0f686af554d6} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll
O2 - BHO: Toolbar BHO - {6eb534fb-2001-45c4-b860-bc904865a379} - C:\PROGRA~2\DICTIO~2\bar\1.bin\v4bar.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Assistant BHO - {95269ec4-a21e-4b97-a5ee-82406d3809d3} - C:\Program Files (x86)\Astrology_4a\bar\1.bin\4aSrcAs.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O3 - Toolbar: Astrology.com - {ea184a40-b71a-4aa7-b3be-596349038fa0} - C:\Program Files (x86)\Astrology_4a\bar\1.bin\4abar.dll
O3 - Toolbar: DictionaryBoss - {3042df7a-e900-4389-9b94-923df0daa57e} - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Astrology_4a Browser Plugin Loader] C:\PROGRA~2\ASTROL~2\bar\1.bin\4abrmon.exe
O4 - HKLM\..\Run: [DictionaryBoss Browser Plugin Loader] C:\PROGRA~2\DICTIO~2\bar\1.bin\v4brmon.exe
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files (x86)\SpywareGuard\sgmain.exe
O4 - Global Startup: Walgreens PictureMover.lnk = C:\Program Files (x86)\Walgreens PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Astrology.comService (Astrology_4aService) - COMPANYVERS_NAME - C:\PROGRA~2\ASTROL~2\bar\1.bin\4abarsvc.exe
O23 - Service: DictionaryBossService - COMPANYVERS_NAME - C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows7FirewallService - Sphinx Software - C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12205 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\oi5cnw7g.default

prefs.js - "browser.startup.homepage" -  "http://www.yahoo.com"
prefs.js - "extensions.enabledItems" -  "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, inboxcomtoolbar@inbox.com:1.0.0.46, 4affxtbr@Astrology_4a.com:1.2, v4ffxtbr@DictionaryBoss.com:1.2, textlinks@epicplay.com:1.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" -  "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XQxdm014YYus&ptb=14F68B07-2712-42BB-B5EA-A147BDCDEA72&psa=&ind=2011112309&ptnrS=XQxdm014YYus&si=&st=kwd&n=77df2375&searchfor="

"4affxtbr@Astrology_4a.com"=C:\Program Files (x86)\Astrology_4a\bar\1.bin
"v4ffxtbr@DictionaryBoss.com"=C:\Program Files (x86)\DictionaryBoss\bar\1.bin


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Astrology_4a.com/Plugin]
"Description"=Astrology.com Toolbar Plugin
"Path"=C:\Program Files (x86)\Astrology_4a\bar\1.bin\NP4aStub.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@DictionaryBoss.com/Plugin]
"Description"=DictionaryBoss Plugin
"Path"=C:\Program Files (x86)\DictionaryBoss\bar\1.bin\NPv4Stub.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Motive.com/NpMotive,version=1.0]
"Description"=Motive Plugin
"Path"=C:\Program Files (x86)\Common Files\Motive\npMotive.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\npEpicPlayDisplayHost]
"Description"=EpicPlay Games Display Host Module
"Path"=C:\Program Files (x86)\EpicPlay\npEpicHost.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\oi5cnw7g.default\extensions\
inboxcomtoolbar@inbox.com
textlinks@epicplay.com

C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\oi5cnw7g.default\searchplugins\
Astrology_4a.xml
DictionaryBoss.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15 1392952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files (x86)\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58376892-60e7-4f63-aca0-0f686af554d6}]
Search Assistant BHO - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4SrcAs.dll [2011-10-03 62864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6eb534fb-2001-45c4-b860-bc904865a379}]
Toolbar BHO - C:\PROGRA~2\DICTIO~2\bar\1.bin\v4bar.dll [2011-10-03 669072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95269ec4-a21e-4b97-a5ee-82406d3809d3}]
Search Assistant BHO - C:\Program Files (x86)\Astrology_4a\bar\1.bin\4aSrcAs.dll [2011-10-03 62864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-01-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~2\INBOXT~1\Inbox.dll [2011-06-20 870920]
{ea184a40-b71a-4aa7-b3be-596349038fa0} - Astrology.com - C:\Program Files (x86)\Astrology_4a\bar\1.bin\4abar.dll [2011-10-03 669072]
{3042df7a-e900-4389-9b94-923df0daa57e} - DictionaryBoss - C:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4bar.dll [2011-10-03 669072]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2011-03-15 1392952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2010-05-26 337264]
"EgisUpdate"=C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2010-03-11 201584]
"EgisTecPMMUpdate"=C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2010-03-11 407920]
"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-05-24 265984]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-11 102400]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-06-22 968272]
"Windows7FirewallControl"=C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe [2010-04-09 753664]
"RegistryMechanic"= []
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-01-08 281768]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-07 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-29 937920]
"Astrology_4a Browser Plugin Loader"=C:\PROGRA~2\ASTROL~2\bar\1.bin\4abrmon.exe [2011-10-03 30096]
"DictionaryBoss Browser Plugin Loader"=C:\PROGRA~2\DICTIO~2\bar\1.bin\v4brmon.exe [2011-10-03 30096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"InstallIQUpdater"=C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe [2010-07-07 1008128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Walgreens PictureMover.lnk - C:\Program Files (x86)\Walgreens PictureMover\Bin\PictureMover.exe

C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files (x86)\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files (x86)\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"msacm.siren"=sirenacm.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-12-05 17:40:02 ----D---- C:\Windows\pss
2011-12-05 17:26:04 ----D---- C:\rsit
2011-12-05 17:22:07 ----D---- C:\Program Files (x86)\Trend Micro
2011-12-05 10:52:22 ----D---- C:\Users\Brian\AppData\Roaming\Malwarebytes
2011-12-05 10:52:14 ----D---- C:\ProgramData\Malwarebytes
2011-12-05 10:52:10 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-24 01:25:01 ----HD---- C:\Users\Brian\AppData\Roaming\ATI
2011-11-24 01:25:01 ----HD---- C:\ProgramData\ATI
2011-11-13 20:16:17 ----D---- C:\Users\Brian\AppData\Roaming\PictureMover
2011-11-13 20:16:05 ----HD---- C:\ProgramData\PictureMover
2011-11-13 19:20:45 ----D---- C:\ProgramData\Walgreens PictureMover
2011-11-13 19:20:44 ----D---- C:\Program Files (x86)\Walgreens PictureMover
2011-11-11 17:32:49 ----D---- C:\Program Files (x86)\EpicPlay

======List of files/folders modified in the last 1 month======

2011-12-05 17:55:19 ----HD---- C:\Windows\Temp
2011-12-05 17:41:01 ----D---- C:\Windows
2011-12-05 17:22:08 ----SHD---- C:\Windows\Installer
2011-12-05 17:22:08 ----SHD---- C:\Config.Msi
2011-12-05 17:22:07 ----SD---- C:\Users\Brian\AppData\Roaming\Microsoft
2011-12-05 17:22:07 ----RD---- C:\Program Files (x86)
2011-12-05 17:22:01 ----SHD---- C:\System Volume Information
2011-12-05 17:01:33 ----HD---- C:\Windows\Prefetch
2011-12-05 11:02:10 ----D---- C:\Windows\SysWOW64\drivers
2011-12-05 10:52:14 ----HD---- C:\ProgramData
2011-12-05 10:46:33 ----D---- C:\Windows\inf
2011-12-05 10:38:26 ----SD---- C:\ProgramData\Microsoft
2011-12-04 17:11:58 ----D---- C:\Windows\System32
2011-12-03 17:32:57 ----HD---- C:\Windows\debug
2011-12-03 13:45:55 ----D---- C:\Users\Brian\AppData\Roaming\SoftGrid Client
2011-12-03 12:50:56 ----D---- C:\Program Files (x86)\CCleaner
2011-12-03 12:23:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-12-03 11:57:36 ----D---- C:\Program Files (x86)\SpywareGuard
2011-12-03 11:55:19 ----AD---- C:\ProgramData\Temp
2011-12-03 11:51:19 ----D---- C:\Program Files (x86)\SpywareBlaster
2011-12-03 11:10:52 ----D---- C:\Windows\Tasks
2011-12-03 11:10:52 ----D---- C:\Windows\TAPI
2011-12-03 11:10:52 ----D---- C:\Windows\SysWOW64\wbem
2011-12-03 11:10:52 ----D---- C:\Windows\SysWOW64\RTCOM
2011-12-03 11:10:52 ----D---- C:\Windows\SysWOW64
2011-12-03 11:10:51 ----D---- C:\Windows\SysWOW64\Recovery
2011-12-03 11:10:51 ----D---- C:\Windows\SysWOW64\en-US
2011-12-03 11:10:51 ----D---- C:\Windows\SysWOW64\drivers\nti
2011-12-03 11:10:50 ----D---- C:\Windows\Setup
2011-12-03 11:10:50 ----D---- C:\Windows\security
2011-12-03 11:10:50 ----D---- C:\Windows\OEMTemp
2011-12-03 11:10:50 ----D---- C:\Windows\oem
2011-12-03 11:10:50 ----D---- C:\Windows\NAPP_Dism_Log
2011-12-03 11:10:50 ----D---- C:\Windows\Microsoft.NET
2011-12-03 11:10:40 ----RSD---- C:\Windows\Fonts
2011-12-03 11:10:40 ----RSD---- C:\Windows\assembly
2011-12-03 11:10:40 ----D---- C:\Windows\en
2011-12-03 11:10:40 ----D---- C:\Windows\ehome
2011-12-03 11:10:40 ----D---- C:\Windows\Downloaded Program Files
2011-12-03 11:10:40 ----D---- C:\Windows\Downloaded Installations
2011-12-03 11:10:40 ----AD---- C:\Windows\DeployWinRE2
2011-12-03 11:10:29 ----D---- C:\Users\Brian\AppData\Roaming\HU2011
2011-12-03 11:10:28 ----D---- C:\ProgramData\WildTangent
2011-12-03 11:10:27 ----D---- C:\ProgramData\OEM_E471269A730D
2011-12-03 11:10:27 ----D---- C:\ProgramData\oem
2011-12-03 11:10:25 ----D---- C:\ProgramData\Microsoft Help
2011-12-03 11:10:25 ----D---- C:\ProgramData\FLEXnet
2011-12-03 11:10:24 ----RD---- C:\Program Files
2011-12-03 11:10:21 ----D---- C:\Program Files (x86)\Yahoo!
2011-12-03 11:10:21 ----D---- C:\Program Files (x86)\Windows7FirewallControl
2011-12-03 11:10:21 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-12-03 11:10:21 ----D---- C:\Program Files (x86)\Windows Live
2011-12-03 11:10:19 ----D---- C:\Program Files (x86)\Registry Mechanic
2011-12-03 11:10:19 ----D---- C:\Program Files (x86)\Realtek
2011-12-03 11:10:16 ----D---- C:\Program Files (x86)\Novatel Wireless
2011-12-03 11:10:11 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-12-03 11:10:09 ----D---- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-12-03 11:10:08 ----D---- C:\Program Files (x86)\LittlePDF
2011-12-03 11:10:08 ----D---- C:\Program Files (x86)\Launch Manager
2011-12-03 11:10:08 ----D---- C:\Program Files (x86)\jv16 PowerTools
2011-12-03 11:10:08 ----D---- C:\Program Files (x86)\JRE
2011-12-03 11:10:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-12-03 11:10:05 ----D---- C:\Program Files (x86)\Inbox Toolbar
2011-12-03 11:10:04 ----D---- C:\Program Files (x86)\EgisTec Shredder
2011-12-03 11:10:04 ----D---- C:\Program Files (x86)\EgisTec MyWinLockerSuite
2011-12-03 11:10:04 ----D---- C:\Program Files (x86)\EgisTec MyWinLocker
2011-12-03 11:10:02 ----D---- C:\Program Files (x86)\EgisTec IPS
2011-12-03 11:10:02 ----D---- C:\Program Files (x86)\East-Tec Eraser 2008
2011-12-03 11:10:02 ----D---- C:\Program Files (x86)\CyberLink
2011-12-03 11:10:00 ----D---- C:\Program Files (x86)\Common Files\Motive
2011-12-03 11:10:00 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2011-12-03 11:09:59 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2011-12-03 11:09:59 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2011-12-03 11:09:59 ----D---- C:\Program Files (x86)\Common Files\CyberLink
2011-12-03 11:09:59 ----D---- C:\Program Files (x86)\Common Files\Adobe
2011-12-03 11:09:59 ----D---- C:\Program Files (x86)\Common Files
2011-12-03 11:09:58 ----D---- C:\Program Files (x86)\ATT-HSI
2011-12-03 11:09:54 ----D---- C:\Program Files (x86)\Acer Games
2011-12-03 11:09:54 ----D---- C:\Program Files (x86)\Acer
2011-12-03 11:09:44 ----HD---- C:\OEM
2011-12-03 11:08:29 ----D---- C:\Windows\registration
2011-12-03 11:08:26 ----D---- C:\Windows\Web
2011-12-03 11:08:26 ----D---- C:\Windows\Vss
2011-12-03 11:08:26 ----D---- C:\Windows\SysWOW64\winrm
2011-12-03 11:08:26 ----D---- C:\Windows\SysWOW64\WindowsPowerShell
2011-12-03 11:08:26 ----D---- C:\Windows\SysWOW64\wdi
2011-12-03 11:08:26 ----D---- C:\Windows\SysWOW64\WCN
2011-12-03 11:08:25 ----D---- C:\Windows\SysWOW64\spp
2011-12-03 11:08:25 ----D---- C:\Windows\SysWOW64\Speech
2011-12-03 11:08:25 ----D---- C:\Windows\SysWOW64\slmgr
2011-12-03 11:08:24 ----D---- C:\Windows\SysWOW64\Printing_Admin_Scripts
2011-12-03 11:08:24 ----D---- C:\Windows\SysWOW64\NetworkList
2011-12-03 11:08:24 ----D---- C:\Windows\SysWOW64\MUI
2011-12-03 11:08:24 ----D---- C:\Windows\SysWOW64\Msdtc
2011-12-03 11:08:24 ----D---- C:\Windows\SysWOW64\migwiz
2011-12-03 11:08:23 ----D---- C:\Windows\SysWOW64\migration
2011-12-03 11:08:23 ----D---- C:\Windows\SysWOW64\Macromed
2011-12-03 11:08:22 ----D---- C:\Windows\SysWOW64\InstallShield
2011-12-03 11:08:22 ----D---- C:\Windows\SysWOW64\IME
2011-12-03 11:08:22 ----D---- C:\Windows\SysWOW64\Dism
2011-12-03 11:08:20 ----D---- C:\Windows\SysWOW64\config
2011-12-03 11:08:20 ----D---- C:\Windows\SysWOW64\com
2011-12-03 11:08:06 ----D---- C:\Windows\Speech
2011-12-03 11:08:06 ----D---- C:\Windows\ServiceProfiles
2011-12-03 11:08:06 ----D---- C:\Windows\schemas
2011-12-03 11:08:06 ----D---- C:\Windows\Resources
2011-12-03 11:08:06 ----D---- C:\Windows\PolicyDefinitions
2011-12-03 11:08:06 ----D---- C:\Windows\PLA
2011-12-03 11:08:04 ----D---- C:\Windows\Performance
2011-12-03 11:04:49 ----D---- C:\Windows\IME
2011-12-03 11:04:49 ----D---- C:\Windows\Help
2011-12-03 11:04:49 ----D---- C:\Windows\Globalization
2011-12-03 11:04:36 ----D---- C:\Windows\Branding
2011-12-03 11:03:02 ----D---- C:\Windows\AppPatch
2011-12-03 11:03:02 ----D---- C:\Windows\AppCompat
2011-12-03 11:03:01 ----RD---- C:\Users
2011-12-03 11:02:49 ----D---- C:\Users\Brian\AppData\Roaming\OpenOffice.org
2011-12-03 11:02:49 ----D---- C:\Users\Brian\AppData\Roaming\Mozilla
2011-12-03 11:02:47 ----D---- C:\Users\Brian\AppData\Roaming\EAST Technologies
2011-12-03 11:02:47 ----D---- C:\Users\Brian\AppData\Roaming\Adobe
2011-12-03 11:01:00 ----D---- C:\ProgramData\W3i
2011-12-03 11:00:57 ----D---- C:\ProgramData\PC Tools
2011-12-03 11:00:39 ----D---- C:\ProgramData\McAfee
2011-12-03 11:00:39 ----D---- C:\ProgramData\HipSoft
2011-12-03 11:00:39 ----D---- C:\ProgramData\Google
2011-12-03 11:00:38 ----D---- C:\ProgramData\Avira
2011-12-03 11:00:38 ----D---- C:\ProgramData\Adobe
2011-12-03 11:00:38 ----D---- C:\ProgramData\Acer
2011-12-03 11:00:10 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-12-03 11:00:10 ----D---- C:\Program Files (x86)\Windows NT
2011-12-03 11:00:10 ----D---- C:\Program Files (x86)\Windows Media Player
2011-12-03 11:00:10 ----D---- C:\Program Files (x86)\Windows Mail
2011-12-03 10:59:51 ----D---- C:\Program Files (x86)\Windows Defender
2011-12-03 10:59:50 ----D---- C:\Program Files (x86)\W3i
2011-12-03 10:59:49 ----D---- C:\Program Files (x86)\VS Revo Group
2011-12-03 10:59:46 ----D---- C:\Program Files (x86)\Reference Assemblies
2011-12-03 10:59:43 ----D---- C:\Program Files (x86)\OpenOffice.org 3
2011-12-03 10:57:34 ----D---- C:\Program Files (x86)\NTI
2011-12-03 10:57:31 ----D---- C:\Program Files (x86)\NewTech Infosystems
2011-12-03 10:57:30 ----D---- C:\Program Files (x86)\MSECache
2011-12-03 10:57:30 ----D---- C:\Program Files (x86)\MSBuild
2011-12-03 10:57:25 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-12-03 10:57:15 ----D---- C:\Program Files (x86)\Microsoft Office
2011-12-03 10:57:04 ----D---- C:\Program Files (x86)\Java
2011-12-03 10:56:59 ----D---- C:\Program Files (x86)\Internet Explorer
2011-12-03 10:56:44 ----D---- C:\Program Files (x86)\eSobi
2011-12-03 10:56:35 ----D---- C:\Program Files (x86)\DictionaryBoss
2011-12-03 10:56:08 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2011-12-03 10:56:08 ----D---- C:\Program Files (x86)\Common Files\System
2011-12-03 10:56:08 ----D---- C:\Program Files (x86)\Common Files\SpeechEngines
2011-12-03 10:56:03 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-12-03 10:56:03 ----D---- C:\Program Files (x86)\Common Files\Java
2011-12-03 10:55:59 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2011-12-03 10:55:51 ----D---- C:\Program Files (x86)\Avira
2011-12-03 10:55:41 ----D---- C:\Program Files (x86)\ATI Technologies
2011-12-03 10:55:39 ----D---- C:\Program Files (x86)\Astrology_4a
2011-12-03 10:55:24 ----D---- C:\Program Files (x86)\Adobe
2011-12-03 10:53:50 ----RHD---- C:\MSOCache
2011-11-09 12:41:36 ----D---- C:\Windows\winsxs
2011-11-07 11:52:50 ----HD---- C:\Windows\Panther
2011-11-07 11:52:49 ----HD---- C:\Windows\Logs
2011-11-07 11:51:55 ----HD---- C:\Program Files (x86)\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie64.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys []
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys []
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys []
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys []
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys []
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys []
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys []
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys []
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 UBHelper;UBHelper; C:\Windows\SysWOW64\drivers\UBHelper.sys []
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [2010-04-30 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [2010-04-30 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NWUSBCDFIL64;Novatel Wireless Installation CD; C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys []
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\Windows\system32\DRIVERS\nwusbmdm.sys []
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\Windows\system32\DRIVERS\nwusbser.sys []
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\Windows\system32\DRIVERS\nwusbser2.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-08 135336]
R2 Astrology_4aService;Astrology.comService; C:\PROGRA~2\ASTROL~2\bar\1.bin\4abarsvc.exe [2011-10-03 42504]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DictionaryBossService;DictionaryBossService; C:\PROGRA~2\DICTIO~2\bar\1.bin\v4barsvc.exe [2011-10-03 42504]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2010-04-30 319488]
R2 McciCMService64;McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-05-24 255744]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
R2 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R2 Windows7FirewallService;Windows7FirewallService; C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-07-19 655624]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe [2010-09-30 246520]
S3 MWLService;MyWinLocker Service; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-26 305520]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-03-16 269480]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

 Results of screen317's Security Check version 0.99.28 
 Windows 7  x64 (UAC is disabled!) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 Avira AntiVir Personal - Free Antivirus
 Windows7FirewallControl (i386) 3.5.1.131   
 WMI entry may not exist for antivirus; attempting automatic update.
 Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 20 
 Java(TM) 6 Update 23 
 Java version out of date!
  Adobe Flash Player (   10.1.102.64) Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of date!
 Mozilla Firefox (8.0.1)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Avira Antivir avgnt.exe
 Windows7FirewallControl Windows7FirewallService.exe   
 Windows7FirewallControl Windows7FirewallControl.exe   
``````````End of Log````````````

thanks,
ghost
Logged
Linux Ubuntu 10.04.1
Scratch built
AMD Duel Core 2.8 gig Processor, 4 gig Ram
Registered Linux User #481143
Registered Machine #390361

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: mywebsearch;-(
« Reply #2 on: December 05, 2011, 11:58:20 PM »
Hi, Ghost.  (FYI, there is a 64-bit version of RSIT at http://images.malwareremoval.com/random/RSITx64.exe.)

Let's start by updating all of the Adobe products installed on your friends's laptop -- Adobe AIR, Flash and Reader.

Next, go to add/remove programs and uninstall the following:

Java(TM) 6 Update 20
Java(TM) 6 Update 23
jv16 PowerTools 1.3
Inbox Toolbar

Download the off-line installer for the latest Java release from http://java.com/en/download/manual.jsp

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    Update Malwarebytes' Anti-Malware and
    Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ghost

  • LzD Friends
  • Sr. Member
  • *****
  • Posts: 277
Re: mywebsearch;-(
« Reply #3 on: December 06, 2011, 12:40:59 AM »
hi corrine,
i have uninstalled:
java 6 update 20 (could not find java 6 update 23).
jv16 power tools
inbox toolbar

i have updated:
adobe reader
adobe flash player
java

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8320

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/5/2011 8:33:20 PM
mbam-log-2011-12-05 (20-33-11).txt

Scan type: Quick scan
Objects scanned: 167866
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 2
Registry Keys Infected: 100
Registry Values Infected: 7
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 42

Memory Processes Infected:
c:\program files (x86)\astrology_4a\bar\1.bin\4abrmon.exe (Adware.MyWebSearch) -> 4456 -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4brmon.exe (Adware.MyWebSearch) -> 4468 -> No action taken.

Memory Modules Infected:
c:\program files (x86)\dictionaryboss\bar\1.bin\v4brstub.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\astrology_4a\bar\1.bin\4abrstub.dll (Adware.MyWebSearch) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Astrology_4aService (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DictionaryBossService (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{58376892-60e7-4f63-aca0-0f686af554d6} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58376892-60E7-4F63-ACA0-0F686AF554D6} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{58376892-60E7-4F63-ACA0-0F686AF554D6} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{58376892-60E7-4F63-ACA0-0F686AF554D6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2abba404-2753-4a28-a994-7a687acaccac} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{1a033ae8-0d4d-4ec8-a4a9-47bbe0b6489b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{264E97DD-7AD7-442B-87A8-F9EC4819E47B} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.ToolbarPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.ToolbarPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6eb534fb-2001-45c4-b860-bc904865a379} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EB534FB-2001-45C4-B860-BC904865A379} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EB534FB-2001-45C4-B860-BC904865A379} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EB534FB-2001-45C4-B860-BC904865A379} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0d16fc21-2654-41b3-9b67-64ecfed1057a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{95269ec4-a21e-4b97-a5ee-82406d3809d3} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95269EC4-A21E-4B97-A5EE-82406D3809D3} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{95269EC4-A21E-4B97-A5EE-82406D3809D3} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{95269EC4-A21E-4B97-A5EE-82406D3809D3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{032416f0-0007-481b-9df8-9bcd1bf357f0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{696d3b4f-71ef-41cc-96ff-342317e644de} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0270C2C5-40BD-4CFF-B0DF-79AD2E283AD3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.FeedManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.FeedManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{045c5f24-9e13-4ea8-ab93-fddab34f3fa5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.UrlAlertButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.UrlAlertButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{23f28f6b-50a2-4327-9450-7d3d2f33daae} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{4de8b15e-e379-482a-81c5-cd99eb8cef40} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6DDD8F3F-3774-484C-938C-4D9AB3A5F575} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{272143f8-3dbe-424c-949f-20acd11e5a6d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{a436c6ec-9040-4322-ab62-bdb9e81e2f6c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7448C04F-A2EC-43F8-B42C-49001A49A199} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{272143F8-3DBE-424C-949F-20ACD11E5A6D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2c72f7a5-8160-4024-94d8-e0995d547bb0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.DynamicBarButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.DynamicBarButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3042df7a-e900-4389-9b94-923df0daa57e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3042DF7A-E900-4389-9B94-923DF0DAA57E} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3042DF7A-E900-4389-9B94-923DF0DAA57E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{488c2712-1482-42ad-bc4d-681e5832f0c2} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{d1479029-bacc-4c9a-8c15-d857a2974e27} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8A44A538-73FC-4D86-83DB-68ACE71E5FE8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5b610696-32b6-416c-bf5c-ca4f60a345dd} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.PseudoTransparentPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5B610696-32B6-416C-BF5C-CA4F60A345DD} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d0c6f55-e3eb-4d6b-8f52-996b4da196d9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{a525b28e-04ee-455f-8c17-3a0273ebea2c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5BD5AE73-FDA3-469B-9358-D4EDA7123370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.XMLSessionPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.XMLSessionPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6D0C6F55-E3EB-4D6B-8F52-996B4DA196D9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{715321aa-a1fc-4058-8ffa-668d687b6e32} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.Radio.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.Radio (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{73a7cce6-ff3a-4c7f-9a3e-db9bd92be292} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{82481cff-738f-4410-bffb-77595d5d9faa} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9d14caf3-88c2-4c9a-ae73-fe77c2a5697d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{BE9F4D06-3A23-4F1A-902F-D9E113793576} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.RadioSettings.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.RadioSettings (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8eb0aaa0-2ffe-4326-8331-efe2d5d15ec7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.SettingsPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.SettingsPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EB0AAA0-2FFE-4326-8331-EFE2D5D15EC7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8EB0AAA0-2FFE-4326-8331-EFE2D5D15EC7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{afed4702-7932-4426-aea4-9b248189c7a3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.ScriptButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.ScriptButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b4ea8204-ee81-4f73-a240-ec4aeb8ad3de} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.MultipleButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.MultipleButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{da08805b-ba32-426b-ad14-ecac8235a8aa} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{6c367b45-0824-419a-af7f-157665b56aba} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{08855E67-37D6-48CC-B59E-A010D658A7BB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e001b32e-5acb-4cce-9910-2d379ce0a6d6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{220d75ad-0772-4c6c-a72f-8bf267c13cb5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{317D0A60-985E-4C4D-BA9B-8D1026665EA9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.ThirdPartyInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E001B32E-5ACB-4CCE-9910-2D379CE0A6D6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e7472076-ff9d-4325-8eaf-613572008758} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{eb2049f6-9dfa-4e51-b2a1-fc5a6e596c80} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9378167c-fac6-4dfb-bd4f-f7c195d2b1e4} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{19C920DF-88F9-44F8-A17E-A35A12D60525} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.HTMLPanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.HTMLPanel (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EB2049F6-9DFA-4E51-B2A1-FC5A6E596C80} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F9A402FD-82C8-4743-991E-BC77E62DA0E5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.HTMLMenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\DictionaryBoss.HTMLMenu (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9A402FD-82C8-4743-991E-BC77E62DA0E5} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ac2e4ae7-2d16-45ea-991c-2441dfd05696} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{893892c2-af79-4f9b-87d6-07d34b0acf8f} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DictionaryBossbar Uninstall (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Astrology_4a Browser Plugin Loader (Adware.MyWebSearch) -> Value: Astrology_4a Browser Plugin Loader -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DictionaryBoss Browser Plugin Loader (Adware.MyWebSearch) -> Value: DictionaryBoss Browser Plugin Loader -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0D16FC21-2654-41B3-9B67-64ECFED1057A} (Adware.MyWebSearch) -> Value: {0D16FC21-2654-41B3-9B67-64ECFED1057A} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3042DF7A-E900-4389-9B94-923DF0DAA57E} (Adware.MyWebSearch) -> Value: {3042DF7A-E900-4389-9B94-923DF0DAA57E} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{E7472076-FF9D-4325-8EAF-613572008758} (Adware.MyWebSearch) -> Value: {E7472076-FF9D-4325-8EAF-613572008758} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{e7472076-ff9d-4325-8eaf-613572008758} (Adware.MyWebSearch) -> Value: {e7472076-ff9d-4325-8eaf-613572008758} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3042df7a-e900-4389-9b94-923df0daa57e} (Adware.MyWebSearch) -> Value: {3042df7a-e900-4389-9b94-923df0daa57e} -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\chrome (Adware.MyWebSearch) -> No action taken.

Files Infected:
c:\Program Files (x86)\Astrology_4a\bar\1.bin\4abarsvc.exe (Adware.MyWebSearch) -> No action taken.
c:\Program Files (x86)\DictionaryBoss\bar\1.bin\v4barsvc.exe (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4brstub.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\astrology_4a\bar\1.bin\4abrstub.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\astrology_4a\bar\1.bin\4abrmon.exe (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4brmon.exe (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4SrcAs.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4bar.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\astrology_4a\bar\1.bin\4aSrcAs.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4feedmg.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4uabtn.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4httpct.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4skin.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4dyn.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4datact.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4msg.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4radio.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4script.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4mlbtn.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4dlghk.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4tpinst.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4html.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4htmlmu.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\LOGO.BMP (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\NPv4Stub.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\T8FFTBPR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\T8PATCH.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\T8RES.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\T8UNPAT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4auxstb.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4highin.exe (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4idle.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4ieovr.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4impipe.exe (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4medint.exe (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4Plugin.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4regfft.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4regiet.dll (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\v4skplay.exe (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\dictionaryboss\bar\1.bin\chrome\v4ffxtbr.jar (Adware.MyWebSearch) -> No action taken.
thanks,
Ghost
Logged
Linux Ubuntu 10.04.1
Scratch built
AMD Duel Core 2.8 gig Processor, 4 gig Ram
Registered Linux User #481143
Registered Machine #390361

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: mywebsearch;-(
« Reply #4 on: December 06, 2011, 01:57:57 PM »
Hi, Ghost.

Please rescan with MBAM and select each of the items for removal, as your log shows "No action taken." 

How is the laptp now?
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ghost

  • LzD Friends
  • Sr. Member
  • *****
  • Posts: 277
Re: mywebsearch;-(
« Reply #5 on: December 06, 2011, 02:49:18 PM »
ya i messed up last night :embarrassed: . just too much going on right now;-(.
reran malwarebytes and removed all. rebooted and ran the scan again and all is gone.
the lappy is running really nice now :D.
anything else?
thanks corrine :rose:
Ghost
Logged
Linux Ubuntu 10.04.1
Scratch built
AMD Duel Core 2.8 gig Processor, 4 gig Ram
Registered Linux User #481143
Registered Machine #390361

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: mywebsearch;-(
« Reply #6 on: December 06, 2011, 11:39:39 PM »
Hi, Ghost.

Unlike the desktop, the laptop wasn't filled with as much extra "stuff".  :)  I think you're good to go and can return it to your friend.
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Ghost

  • LzD Friends
  • Sr. Member
  • *****
  • Posts: 277
Re: mywebsearch;-(
« Reply #7 on: December 07, 2011, 12:23:01 AM »
thank you for the all clear and it will be returned tomorrow.
thank you oh great one :rose: :D
Ghost
Logged
Linux Ubuntu 10.04.1
Scratch built
AMD Duel Core 2.8 gig Processor, 4 gig Ram
Registered Linux User #481143
Registered Machine #390361

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 11530
  • "Stronger than the past, united in our goal."
    • Security Garden
Re: mywebsearch;-(
« Reply #8 on: December 07, 2011, 02:12:32 PM »
You too, Ghost!
Logged
,  

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Pages: [1]   Go Up
« previous next »