Hi,

I just run spybot, and came across spyware, however spybot is unable to delete them, here they are, thanks in advance for your help.
- FunWeb
- FunWebProducts
- Myway.MyWebSearch
- MyWebSearch

more detailed:

FunWebProducts: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}

FunWebProducts: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}

FunWebProducts: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}

FunWebProducts: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}

FunWebProducts: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistoryKillerScheduler

FunWebProducts: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistoryKillerScheduler.1

FunWebProducts: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}

FunWebProducts: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistorySwatterControlBar

FunWebProducts: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistorySwatterControlBar.1

FunWebProducts: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}

FunWebProducts: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.IECookiesManager

FunWebProducts: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.IECookiesManager.1

FunWebProducts: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}

FunWebProducts: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.KillerObjManager

FunWebProducts: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.KillerObjManager.1

FunWebProducts: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}

MyWay.MyWebSearch: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.OutlookAddin.1

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}

MyWay.MyWebSearch: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.SettingsPlugin

MyWay.MyWebSearch: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

MyWay.MyWebSearch: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ScreenSaverControl.ScreenSaverInstaller

MyWay.MyWebSearch: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\ScreenSaverControl.ScreenSaverInstaller.1

MyWay.MyWebSearch: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}

MyWay.MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}

MyWay.MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}

MyWay.MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}

MyWay.MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}

MyWay.MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}

MyWay.MyWebSearch: Browser helper object (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\FocusInteractive

MyWay.MyWebSearch: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin

MyWay.MyWebSearch: Uninstall settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall

MyWay.MyWebSearch: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\MyWebSearch

FunWeb: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu

FunWeb: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu.2

FunWeb: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

FunWeb: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu.1

FunWeb: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

FunWeb: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterBarButton

FunWeb: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterBarButton.1

FunWeb: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}

FunWeb: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterSettingsControl

FunWeb: Root class (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1

FunWeb: Class ID (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

FunWeb: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}

FunWeb: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}

FunWeb: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\Software\Fun Web Products

FunWeb: Settings (Registry value, fixing failed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}

MyWebSearch: Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}

MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}

MyWebSearch: Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-03 Includes\Cookies.sbi (*)
2006-02-03 Includes\Dialer.sbi (*)
2006-02-03 Includes\Hijackers.sbi (*)
2006-02-03 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-02-03 Includes\Malware.sbi (*)
2006-02-03 Includes\PUPS.sbi (*)
2006-02-03 Includes\Revision.sbi (*)
2006-02-03 Includes\Security.sbi (*)
2006-02-03 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-02-03 Includes\Trojans.sbi (*)

Hello jeremy. :)

Did you reboot so that Spybot-S&D could try to remove on startup?

Hi Tashi, Jeremy,

I've been having the same problem for some time now however I'm only getting the FunWebProducts entry.

When Spybot says it can't fix the problem and asks whether to try again at startup, I select yes however I keep getting the same error after the scan at startup and seem to just go round and round in circles :scratch:

Cheers
Renee

supernay:

Go to Add/Remove programs and try to remove both Downlaod Accelerator Plus and FunWebProducts. Then rerun your Spybot scan and see if the results are better.

supernay:

Go to Add/Remove programs and try to remove both Downlaod Accelerator Plus and FunWebProducts. Then rerun your Spybot scan and see if the results are better.

This programs don't appear in the Add/Remove menu, and I'm unable to remove them. Any help :scratch:

Hi jeremy.


Open SpyBot, check for and get any updates available.
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.

Cheers.

Hi jeremy.


Cheers.

Hi tashi,

I followed the steps mentionned, and here is the report attached.

Thanks in advance for your help, :)

Hi

Does your account have administrator privileges ?
Whether the answer is yes or no try checking for problems with SpyBot while the PC is in safe mode admin account.

I have the same problem with MyWay.MyWebSearch..I can not remove it...have tried the above listed suggestions.....please help...:sad:

report attached....thank you

Hi

In addremove programs uninstall any myweb programs, I suggest you do the same with bearshare
http://p2p.malwareremoval.com/

I got this error rpt when I tried to upload report:
"SpybotSD.Report.txt:
Your file of 27.7 KB bytes exceeds the forum's limit of 19.5 KB for this filetype."

I couldn't find all of the report exceptions you wanted un-checked.

Hello.

Open Spybot:
Click Mode
From the drop down menu choose:
Advanced Mode
A warning will come up "Do you really want to switch to advanced mode"?
Click Yes
A menu will appear on the left.
Click on Tools

View Report.

If checked;

Uncheck[ ] do not report disabled or known legitimate Items.
Uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Uncheck[ ]Include list of Winsock LSPs in report.


Now select (near the top) view report.
Click export and in the 'save in' box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

Let us know if that works for you. Cheers.

SpybotSD.Report040907.txt:
Your file of 22.9 KB bytes exceeds the forum's limit of 19.5 KB for this filetype.

I unchecked all the ones you wanted me to, except "... list of services.." which I could find listed.

Thanks again, Jim

Hi there.

Hmmm. :alien:

Open Spybot-S&D and start a scan ("check for problems").
After the scan, right-click in the results field and choose either "Save full report to file..." or
"Copy full report to clipboard".

Attach the file (or copy the report) to the email and send it to: detections(at)spybot.info (Replace AT with @)


Then, follow the procedure in this link: "BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288) Start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Once you have posted a helper will advise you as soon as available.

Cheers.

hi tashi. i have the same problem with the rest here. i have read the previous message of yours and i followed it. i already saved the report.txt and here it is. kindly help me what to do next. pls. Thank u so much. hope to hear from u soon. :)

--- Search result list ---
MyWay.MyWebSearch: Program directory (Directory, fixing failed)
C:\Program Files\MyWebSearch\


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-12 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-07-11 Includes\Cookies.sbi (*)
2007-05-30 Includes\Dialer.sbi (*)
2007-07-11 Includes\DialerC.sbi (*)
2007-07-11 Includes\Hijackers.sbi (*)
2007-07-11 Includes\HijackersC.sbi (*)
2007-07-11 Includes\Keyloggers.sbi (*)
2007-07-11 Includes\KeyloggersC.sbi (*)
2007-07-11 Includes\Malware.sbi (*)
2007-07-11 Includes\MalwareC.sbi (*)
2007-07-11 Includes\PUPS.sbi (*)
2007-07-11 Includes\PUPSC.sbi (*)
2007-07-11 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-07-11 Includes\SecurityC.sbi (*)
2007-07-11 Includes\Spybots.sbi (*)
2007-07-11 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-07-03 Includes\Trojans.sbi (*)
2007-07-11 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.0 (Build: 6000)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2


--- Startup entries list ---
Located: HK_LM:Run, Acer Tour
command:
file:

Located: HK_LM:Run, Acer Tour Reminder
command: C:\Acer\AcerTour\Reminder.exe
file: C:\Acer\AcerTour\Reminder.exe
size: 151552
MD5: c9a427b89a40727b0098f574d4fce371

Located: HK_LM:Run, AcerOrbicamRibbon
command: "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
file: C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
size: 754712
MD5: 0fda0dcaf7010d2ea924ebf5c1ed0281

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200c98c049de1a7638ea0edba1c8882

Located: HK_LM:Run, eDataSecurity Loader
command: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
file: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
size: 464168
MD5: 0921a68e8fe9b25dd0effab949376b5f

Located: HK_LM:Run, eRecoveryService
command:
file:

Located: HK_LM:Run, HotKeysCmds
command: C:\Windows\system32\hkcmd.exe
file: C:\Windows\system32\hkcmd.exe
size: 106496
MD5: bf3e01c18ce6cdef16b0df23e1dcf376

Located: HK_LM:Run, IgfxTray
command: C:\Windows\system32\igfxtray.exe
file: C:\Windows\system32\igfxtray.exe
size: 98304
MD5: 1c64dd02fde078608549c62398de2fef

Located: HK_LM:Run, LManager
command: C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
file: C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
size: 483328
MD5: 7a657bb5e406ebc7ad8fd099a54f3bb7

Located: HK_LM:Run, LogitechCommunicationsManager
command: "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
file: C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
size: 304664
MD5: c81579a9763263fb6fe79334f5029dc4

Located: HK_LM:Run, LVCOMSX
command: "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
file: C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
size: 244512
MD5: 31e73e0fd0ffb364c4b32f46a6775db1

Located: HK_LM:Run, My Web Search Bar Search Scope Monitor
command: "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
file:

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4b555106290bd117334e9a08761c035a

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4b555106290bd117334e9a08761c035a

Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\RUNDLL32.EXE
size: 44544
MD5: 4b555106290bd117334e9a08761c035a

Located: HK_LM:Run, OneCareUI
command: "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
file: C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
size: 66944
MD5: 0d5c785bbe8fd4545738f17e9e6d025a

Located: HK_LM:Run, PCMService
command: "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
file: C:\Program Files\Acer\Acer Arcade\PCMService.exe
size: 151552
MD5: 2862436e1ce0825b561ef37c2143c18a

Located: HK_LM:Run, Persistence
command: C:\Windows\system32\igfxpers.exe
file: C:\Windows\system32\igfxpers.exe
size: 81920
MD5: 8e899a1a7c4670ce4ec1337cbf989787

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4186112
MD5: 32e4e820edbd675009605f90dd97ee6c

Located: HK_LM:Run, SetPanel
command:
file:

Located: HK_LM:Run, SynTPEnh
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 815104
MD5: f98281ef23616f751fabe97a6ec5dbe6

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file:

Located: HK_LM:Run, WPCUMI
command: C:\Windows\system32\WpcUmi.exe
file: C:\Windows\system32\WpcUmi.exe
size: 176128
MD5: c456658af90f42be3cdf1048f9cdb5ca

Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09ca174a605b480318731e691dc98539

Located: HK_CU:Run, ISUSPM Startup
command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 249856
MD5: 1c46fc1ab600766b8554580204806e84

Located: HK_CU:Run, msnmsgr
command: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
file: C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: c4281ad865739e71fd1e4dac19a68d60

Located: HK_CU:Run, WMPNSCFG
command: C:\Program Files\Windows Media Player\WMPNSCFG.exe
file: C:\Program Files\Windows Media Player\WMPNSCFG.exe
size: 201728
MD5: 20ef9002cff89c4c1077e4415ec7297b

Located: HK_CU:Run, Yahoo! Pager
command: "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
file: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
size: 4670968
MD5: 81bcd9b9a86c3559f5bcfe56519a9a19

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: deb88aef013dd1eefb462d7cad642166

Located: Startup (common), Bluetooth.lnk
command: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 703280
MD5: 3fac23d4b003c1bf7a8f355cf3a504b6

Located: Startup (common), Empowering Technology Launcher.lnk
command: C:\Acer\Empowering Technology\eAPLauncher.exe
file: C:\Acer\Empowering Technology\eAPLauncher.exe
size: 528384
MD5: c849d57292e58a9e1c55559930fd1082

Located: Startup (common), WinZip Quick Pick.lnk
command: C:\Program Files\WinZip\WZQKPICK.EXE
file: C:\Program Files\WinZip\WZQKPICK.EXE
size: 394856
MD5: d79ddd73eee4266ae7dc2cbd87b56090

Located: System.ini, avgwlntf
command: avgwlntf.dll
file: avgwlntf.dll

Located: System.ini, igfxcui
command: igfxdev.dll
file: igfxdev.dll

--- Browser helper object list ---
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
BHO name:
CLSID name: Yahoo! Toolbar Helper
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein
Path: C:\Program Files\Yahoo!\Companion\Installs\cpn\
Long name: yt.dll
Short name:
Date (created): 3/17/2007 5:53:36 PM
Date (last access): 3/17/2007 5:53:36 PM
Date (last write): 9/27/2006 2:42:50 PM
Filesize: 441408
Attributes: archive
MD5: 2F56D8F57D4CCCD8970F59A40989545F
CRC32: 74FB5695
Version: 2006.9.27.1

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 12/14/2004 1:56:50 AM
Date (last access): 7/14/2005 5:26:38 AM
Date (last write): 12/14/2004 1:56:50 AM
Filesize: 63136
Attributes: archive
MD5: 42729C3DE75A7A51FC6F9EF6546C9199
CRC32: 4D60BD07
Version: 7.0.0.1333

{53707962-6F74-2D53-2644-206D7942484F} ()
BHO name:
CLSID name:
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 7/12/2007 8:49:16 PM
Date (last access): 7/12/2007 8:49:16 PM
Date (last write): 5/31/2005 1:04:00 AM
Filesize: 853672
Attributes: archive
MD5: 250D787A5712D7768DDC133B3E477759
CRC32: D4589A41
Version: 1.4.0.0

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (Yahoo! IE Services Button)
BHO name:
CLSID name: Yahoo! IE Services Button
Path: C:\Program Files\Yahoo!\common\
Long name: yiesrvc.dll
Short name:
Date (created): 4/8/2007 12:06:28 PM
Date (last access): 4/8/2007 12:06:28 PM
Date (last write): 10/31/2006 3:29:16 PM
Filesize: 198136
Attributes: archive
MD5: F8981F09E8DA4FDB7F6B6E2B5361AEAE
CRC32: 2CDBBB6C
Version: 2006.10.31.3

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: ssv.dll
Short name:
Date (created): 10/12/2006 3:10:58 AM
Date (last access): 10/12/2006 3:10:58 AM
Date (last write): 10/12/2006 3:25:44 AM
Filesize: 434279
Attributes: archive
MD5: D62E335F137D9E0F9F4DBE09564959B1
CRC32: 72699310
Version: 5.0.90.3

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
BHO name:
CLSID name:

{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} (ShowBarObj Class)
BHO name:
CLSID name: ShowBarObj Class
Path: C:\Windows\system32\
Long name: ActiveToolBand.dll
Short name: ACTIVE~2.DLL
Date (created): 2/6/2007 11:53:44 PM
Date (last access): 5/13/2007 11:22:22 AM
Date (last write): 2/6/2007 11:53:44 PM
Filesize: 299008
Attributes: archive
MD5: EB9ADC7836FCA7A00F8DD5583E94F7E2
CRC32: 686FFE67
Version: 3.0.0.2

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 8/31/2006 8:33:06 PM
Date (last access): 5/13/2007 1:41:32 AM
Date (last write): 8/31/2006 8:33:06 PM
Filesize: 322368
Attributes: archive
MD5: E43F7CFDEE2B00A22C96C168147B20D3
CRC32: 2AEACC43
Version: 4.100.313.1



--- ActiveX list ---
{149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control)
DPF name:
CLSID name: SpinTop DRM Control
Installer:
Codebase: file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
Path: C:\Windows\DOWNLO~1\CONFLICT.1\
Long name: stg_drm.ocx
Short name:
Date (created): 6/28/2007 10:06:24 AM
Date (last access): 6/28/2007 10:06:24 AM
Date (last write): 6/20/2007 7:39:04 PM
Filesize: 111952
Attributes: archive
MD5: 5D4C6F050999A533E0A5D414A15057C4
CRC32: C3C8A548
Version: 1.0.0.5

{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\setup.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\macromed\Director\
Long name: swdir.dll
Short name:
Date (created): 6/19/2007 2:07:02 PM
Date (last access): 6/19/2007 2:08:36 PM
Date (last write): 5/2/2007 12:32:04 PM
Filesize: 182512
Attributes: archive
MD5: 95F03ABE4B96C50CF4DA8245819138E4
CRC32: 12E5BB80
Version: 10.2.0.22

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 4/8/2007 12:06:34 PM
Date (last access): 4/8/2007 12:06:34 PM
Date (last write): 7/30/2006 1:25:34 PM
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object)
DPF name:
CLSID name: CPlayFirstDinerDash2Control Object
Installer: C:\Windows\Downloaded Program Files\DinerDash2.1.0.0.68.inf
Codebase: http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
Path: C:\Windows\Downloaded Program Files\
Long name: DinerDash2.1.0.0.68.dll
Short name: DINERD~2.DLL
Date (created): 12/16/2006 10:48:56 PM
Date (last access): 12/16/2006 10:48:56 PM
Date (last write): 12/16/2006 10:48:56 PM
Filesize: 2094696
Attributes: archive
MD5: 798B45F88A24390241A7B4CAB9F83A8A
CRC32: 0DBFA143
Version: 1.0.0.68

{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class)
DPF name:
CLSID name: MJLauncherCtrl Class
Installer: C:\Windows\Downloaded Program Files\mjolauncher.inf
Codebase: http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
description:
classification: Legitimate
known filename: mjolauncher.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: mjolauncher.dll
Short name: MJOLAU~1.DLL
Date (created): 10/3/2006 3:48:28 PM
Date (last access): 10/3/2006 3:48:28 PM
Date (last write): 10/3/2006 3:48:28 PM
Filesize: 327680
Attributes: archive
MD5: 026E1291E47AE30EBB1D3427B09567AA
CRC32: FFACA8C9
Version: 1.0.0.11

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 10/12/2006 3:10:58 AM
Date (last access): 10/12/2006 3:10:58 AM
Date (last write): 10/12/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class)
DPF name:
CLSID name: PhotoPickConvert Class
Installer: C:\Windows\Downloaded Program Files\PhtPkMSN.inf
Codebase: http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
description:
classification: Legitimate
known filename: PhtPkMSN.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: PhtPkMSN.dll
Short name:
Date (created): 4/12/2005 2:58:46 PM
Date (last access): 4/12/2005 2:58:46 PM
Date (last write): 4/12/2005 2:58:46 PM
Filesize: 77824
Attributes: archive
MD5: 96D1957C46D090566C8243CC6A4D00AF
CRC32: 27BD22B7
Version: 10.0.910.0

{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 2/19/2007 11:26:28 AM
Date (last access): 2/19/2007 11:26:28 AM
Date (last write): 2/19/2007 11:26:28 AM
Filesize: 159128
Attributes: archive
MD5: E681AC948003CCA59C6C00D3F5EC3D4B
CRC32: C8723760
Version: 9.5.6649.1

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Path: C:\Windows\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 2/22/2007 11:41:12 PM
Date (last access): 2/22/2007 11:41:12 PM
Date (last write): 2/22/2007 11:41:12 PM
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 10/12/2006 3:10:58 AM
Date (last access): 10/12/2006 3:10:58 AM
Date (last write): 10/12/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 10/12/2006 3:10:58 AM
Date (last access): 10/12/2006 3:10:58 AM
Date (last write): 10/12/2006 3:25:44 AM
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control)
DPF name:
CLSID name: ArmHelper Control
Installer:
Codebase: file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
Path:
Long name: ./Images/armhelper.ocx

{DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object)
DPF name:
CLSID name: CPlayFirstDinerDashControl Object
Installer: C:\Windows\Downloaded Program Files\DinerDash.1.0.0.94.inf
Codebase: http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.94.cab
Path: C:\Windows\Downloaded Program Files\
Long name: DinerDash.1.0.0.94.dll
Short name: DINERD~1.DLL
Date (created): 12/18/2006 6:21:44 PM
Date (last access): 12/18/2006 6:21:44 PM
Date (last write): 12/18/2006 6:21:44 PM
Filesize: 1730152
Attributes: archive
MD5: 4D4BB2E65A1BD8CC3EB58C1149BD435A
CRC32: 9EC256AC
Version: 1.0.0.94

--- Process list ---
PID: 408 ( 4) \SystemRoot\System32\smss.exe
PID: 536 ( 524) C:\Windows\system32\csrss.exe
size: 7680
MD5: 117B7C8A8B026A5DCE5E3180ED05E823
PID: 568 ( 524) C:\Windows\system32\wininit.exe
size: 95744
MD5: D4385B03E8CCCEE6F0EE249F827C1F3E
PID: 588 ( 576) C:\Windows\system32\csrss.exe
size: 7680
MD5: 117B7C8A8B026A5DCE5E3180ED05E823
PID: 620 ( 568) C:\Windows\system32\services.exe
size: 279552
MD5: 329CF3C97CE4C19375C8ABCABAE258B0
PID: 632 ( 568) C:\Windows\system32\lsass.exe
size: 7680
MD5: 6A0E382E74280E4CC0DF17FE2661D003
PID: 640 ( 568) C:\Windows\system32\lsm.exe
size: 210944
MD5: 77F52395637906269B91264FFE576B51
PID: 784 ( 620) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 804 ( 576) C:\Windows\system32\winlogon.exe
size: 308224
MD5: 9F75392B9128A91ABAFB044EA350BAAD
PID: 876 ( 620) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 916 ( 620) C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
size: 18832
MD5: 4636AEBD28D9968C570DC927F5831E09
PID: 1040 ( 620) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1072 ( 620) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1092 ( 620) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1232 ( 620) C:\Windows\system32\SLsvc.exe
size: 2605568
MD5: A1DCD30534835CB67733AD00175125A6
PID: 1276 ( 620) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1416 ( 620) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1608 ( 620) C:\Windows\System32\spoolsv.exe
size: 124928
MD5: DA612EF2556776DF2630B68BF2D48935
PID: 1632 ( 620) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1784 ( 620) C:\Windows\system32\agrsmsvc.exe
size: 9216
MD5: 39E435C90C9C4F780FA0ED05CA3C3A1B
PID: 1828 ( 620) C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
size: 353280
MD5: 5F4ED1DBA7E1EAECBA443A53DA176485
PID: 1912 ( 620) C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
size: 49664
MD5: 30A14F65DB477DC00A64A5A24E96919C
PID: 1940 ( 620) C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
size: 192512
MD5: A61C6AA3A694165EE57D3A4833060E4F
PID: 1964 ( 620) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 1976 (1940) C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
size: 192512
MD5: A61C6AA3A694165EE57D3A4833060E4F
PID: 1988 ( 620) C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
size: 254014
MD5: 7DABC3F712E3D9C6ACBE9A9CDC5B3D30
PID: 336 ( 620) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
size: 1073152
MD5: 18AA92BA15EBB0C61C72308C6F20DD0E
PID: 424 ( 620) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
size: 457512
MD5: F87DDE13D57062DA8EBA2368667D8130
PID: 948 ( 620) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
size: 24576
MD5: 7A9E8C1BE235D0B0CA784A13FC960B6A
PID: 1704 ( 620) C:\Acer\Empowering Technology\eNet\eNet Service.exe
size: 126976
MD5: B462C73B8B9498A8F0F895B757733698
PID: 1020 ( 620) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 61440
MD5: 559C9B7800FAC92FC515CD0003D7C631
PID: 1464 ( 620) C:\Acer\Mobility Center\MobilityService.exe
size: 107008
MD5: 842684E0DF20A59E293DA1C6F0DFE261
PID: 2080 ( 620) C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
size: 28728
MD5: F21358195988883EA4B76E8A68D046D4
PID: 2240 ( 620) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2268 ( 620) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
size: 143360
MD5: 3608232AA691B72B1F696ACB9852EE3F
PID: 2300 ( 620) C:\Windows\system32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2368 ( 620) C:\Windows\System32\svchost.exe
size: 22016
MD5: 10DA15933D582D2FEDCF705EFE394B09
PID: 2392 ( 620) C:\Windows\system32\SearchIndexer.exe
size: 287744
MD5: 5DE40982E3AE45DC00586A93637B351B
PID: 2432 ( 620) C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
size: 114748
MD5: F7CA67BF5BFE5988CA021723D45397D5
PID: 2580 ( 620) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
size: 49152
MD5: 448E6DEFA9DFB76207A529FC0FB64069
PID: 2636 ( 620) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
size: 24576
MD5: 247BD99D52950EA6B761FA07D87E59ED
PID: 2676 (1072) C:\Windows\system32\Dwm.exe
size: 83456
MD5: E87B968F3D49117445893EB0503FE34F
PID: 2712 (2668) C:\Windows\Explorer.EXE
size: 2923520
MD5: FD8C53FB002217F6F888BCF6F5D7084D
PID: 2748 ( 620) C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
size: 822600
MD5: 5BEA8FF7FD6C5B6B6EBB50996B91E4D8
PID: 2808 ( 620) C:\Program Files\Microsoft Windows OneCare Live\winss.exe
size: 597376
MD5: F00D24F8108D216AEBE338951102829D
PID: 2876 ( 620) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
size: 135168
MD5: D4DBD5DF926A2A16F6F148559E006075
PID: 3388 ( 784) C:\Windows\system32\wbem\wmiprvse.exe
size: 245248
MD5: CD8A7F4847DD181903E6B2F1924E723E
PID: 3488 ( 784) C:\Windows\system32\wbem\unsecapp.exe
size: 37376
MD5: E19C7BCE081B85F86F03AE9D82FFA77B
PID: 3720 (1092) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 3788 (1092) C:\Windows\system32\taskeng.exe
size: 166400
MD5: 1226E9FAE5B8508801EC974E3C9D9C14
PID: 1892 (2808) C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
size: 66944
MD5: 0D5C785BBE8FD4545738F17E9E6D025A
PID: 2344 (2712) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 815104
MD5: F98281EF23616F751FABE97A6EC5DBE6
PID: 2100 (2712) C:\Windows\RtHDVCpl.exe
size: 4186112
MD5: 32E4E820EDBD675009605F90DD97EE6C
PID: 2872 (2712) C:\Program Files\Acer\Acer Arcade\PCMService.exe
size: 151552
MD5: 2862436E1CE0825B561EF37C2143C18A
PID: 256 (2712) C:\Windows\System32\igfxtray.exe
size: 98304
MD5: 1C64DD02FDE078608549C62398DE2FEF
PID: 968 (2712) C:\Windows\System32\hkcmd.exe
size: 106496
MD5: BF3E01C18CE6CDEF16B0DF23E1DCF376
PID: 3756 (2712) C:\Windows\System32\igfxpers.exe
size: 81920
MD5: 8E899A1A7C4670CE4EC1337CBF989787
PID: 1844 (2712) C:\Program Files\Launch Manager\QtZgAcer.EXE
size: 483328
MD5: 7A657BB5E406EBC7AD8FD099A54F3BB7
PID: 1176 (2712) C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
size: 304664
MD5: C81579A9763263FB6FE79334F5029DC4
PID: 3476 (2712) C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
size: 244512
MD5: 31E73E0FD0FFB364C4B32F46A6775DB1
PID: 2632 (2712) C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
size: 754712
MD5: 0FDA0DCAF7010D2EA924EBF5C1ED0281
PID: 3028 (2712) C:\Windows\System32\wpcumi.exe
size: 176128
MD5: C456658AF90F42BE3CDF1048F9CDB5CA
PID: 4068 (2712) C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
size: 464168
MD5: 0921A68E8FE9B25DD0EFFAB949376B5F
PID: 2840 (2712) C:\Program Files\Grisoft\AVG7\avgcc.exe
size: 416256
MD5: 2200C98C049DE1A7638EA0EDBA1C8882
PID: 2656 (2712) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 201728
MD5: 20EF9002CFF89C4C1077E4415EC7297B
PID: 496 (2712) C:\Program Files\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60
PID: 3512 (2712) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
size: 703280
MD5: 3FAC23D4B003C1BF7A8F355CF3A504B6
PID: 3852 (2712) C:\Program Files\WinZip\WZQKPICK.EXE
size: 394856
MD5: D79DDD73EEE4266AE7DC2CBD87B56090
PID: 776 (1496) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 2776 ( 620) C:\Program Files\Windows Media Player\wmpnetwk.exe
size: 895488
MD5: ACB2E63D50157E3EA7140F29D9E76A48
PID: 3144 (2100) C:\Users\ACERVA~1\AppData\Local\Temp\RtkBtMnt.exe
size: 208896
MD5: 5EF87457AB8A58694EBE35E55D093D04
PID: 3992 (1560) C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
size: 724992
MD5: 0ADB949BF976F5ADA38519F012035CB0
PID: 3824 (1560) C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
size: 462848
MD5: 6614BB708D98A56FBC8B7421F65D2542
PID: 3064 (1560) C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
size: 393216
MD5: 2B6E0D6C6DA433E54B706B41A936A01F
PID: 2420 (2188) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
size: 103928
MD5: F9AB943EB3CF38867FFEC53E9FC39EB5
PID: 3376 ( 784) C:\Windows\system32\igfxext.exe
size: 122880
MD5: 2FEEC3D1BD39D4654E3211DBD9CD673F
PID: 2092 ( 784) C:\Windows\system32\igfxsrvc.exe
size: 196608
MD5: FECF9E330E70110ECEB6DD84995D9F5F
PID: 3616 ( 784) C:\Windows\system32\wbem\wmiprvse.exe
size: 245248
MD5: CD8A7F4847DD181903E6B2F1924E723E
PID: 5560 (2712) C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
size: 7637104
MD5: 77C6AB4E70E7FC35E17B8ED919408B62
PID: 4980 (2712) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 1200 (1040) audiodg.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/13/2007 9:56:47 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://g.msn.com/0SEENPH/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://g.msn.com/0SEENPH/SAOS01?FORM=TOOLBR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://g.msn.com/0SEENPH/SAOS01?FORM=TOOLBR
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://en.ph.acer.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://en.ph.acer.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com


--- Winsock Layered Service Provider list ---
Protocol 0: Parental Controls LSP over [MSAFD Tcpip [TCP/IP]]
GUID: {89DCB360-F485-47E9-9D19-3EFEB44A4504}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 1: Parental Controls LSP over [MSAFD Tcpip [UDP/IP]]
GUID: {61D7A199-3ED9-4817-B77A-C888BC3DAC5D}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 2: Parental Controls LSP over [MSAFD Tcpip [TCP/IPv6]]
GUID: {2A2BDAC5-D6A7-4104-AB06-8DE1E5CCA5F2}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 3: Parental Controls LSP over [MSAFD Tcpip [UDP/IPv6]]
GUID: {A9F3E014-38FB-4563-8E6C-913E29BA01EF}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 4: Parental Controls LSP over [RSVP TCPv6 Service Provider]
GUID: {7A6860C1-1FAE-4248-B3B6-CE51A38176D2}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 5: Parental Controls LSP over [RSVP TCP Service Provider]
GUID: {3B1A6250-38CB-404B-A0A3-03AC352DC7E2}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 6: Parental Controls LSP over [RSVP UDPv6 Service Provider]
GUID: {BF03E382-993E-47ED-A44E-8BE0F5559FF6}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 7: Parental Controls LSP over [RSVP UDP Service Provider]
GUID: {8002A382-4216-4FBF-B83D-843F629EB99F}
Filename: C:\Windows\system32\wpclsp.dll

Protocol 8: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 9: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 10: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 11: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 12: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 13: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 14: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 15: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 16: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 17: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 18: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E10BF44-6F9F-417F-A66F-3F203670F9E8}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5E10BF44-6F9F-417F-A66F-3F203670F9E8}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4A94E04A-844B-4736-BBAA-67103F4CD588}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4A94E04A-844B-4736-BBAA-67103F4CD588}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BCBB0AB-0127-40B2-B6E5-2F33DFE1451F}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6BCBB0AB-0127-40B2-B6E5-2F33DFE1451F}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5E10BF44-6F9F-417F-A66F-3F203670F9E8}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{5E10BF44-6F9F-417F-A66F-3F203670F9E8}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4A94E04A-844B-4736-BBAA-67103F4CD588}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{4A94E04A-844B-4736-BBAA-67103F4CD588}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6BCBB0AB-0127-40B2-B6E5-2F33DFE1451F}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6BCBB0AB-0127-40B2-B6E5-2F33DFE1451F}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: Parental Controls LSP
GUID: {572F18CF-62F6-4456-BE0E-AF2D8FDBCE0B}
Filename: C:\Windows\system32\wpclsp.dll

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 6: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

sorry for the long message. i cant post it in the attachment file due to required maximum 19 kilobytes files only. my file has 44kb thats why. sorry. thanks. :)

Hello mcvcgja20.

I don't see any Windows Updates or a Service Pack,
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2 Let's take a different look at the system.

Please see this topic: Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2 )

Then follow the procedure in this link:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) and start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

A helper will advise you when available. :)

Hi, I am currently using a laptop to do this, but I have found this as I was attempting to post a new topic about it.

Anyways, this was the most helpful but, I didn't read this first, and many said they wouldn't want this on their computers either, so, I went ahead, and went to its location, and then deleted the whole file in which it was contained.

I use Windows Vista, and now that I click on a program, it won't open up, however, if I right click and select open, it will.

This was found in something called like CLSID or something like that.

Anyways, before I read these posts on FubWebProducts, I had deleted the entry first. was that a good thin to do?

And, if I restart my computer, will it come back?

it depends really...when I had this kind problem I was quite lucky. When I removed it (for good), thankfully it never came back

So did you remove it directly or did you use Spybot S&D to remove it?

At that time I just removed it directly, but today I would have thought it would be better to remove it through spybot

Well I just deleted it directly too, but differently (most likely) I deleted the whole folder it was in.

Now I can't double click on an icon to open it, but I have to right click and then click open.

This programs don't appear in the Add/Remove menu, and I'm unable to remove them. Any help :scratch:

I had the same problem - spybot couldn't remove the program and it didn't show on the programs list to uninstall it. After much searching the web I think I found a solution (spybot was able to delete the program after I did this).

Bring up the 'run' dialog box (hold the windows button +R)

My report is 36.1Kb? its to big what do i do?

chalupaa:

You posted in a thread started over 2 1/2 years ago. I suggest that you start your own thread (New Thread) and explain the actual problem you are having. In that thread you can also explain what report you are talking about that is 36.1Kb.

i also followed the directions from Tashi. my report won't attach. it says that
"Your file of 36.0 KB bytes exceeds the forum's limit of 19.5 KB for this filetype."

so what do I do now??

halfcarat, you can copy and paste the report.
But you did not specify what problem you were having.

I also had the same problem removing MyWay.MyWebSearch. Tried many different Anti-Virus,malware,spyware,trojan,worm programs and finally after searching Google (can't find the article right away) but it directed me to the Program files folder, find the My Web Search folder and delete. I did and hurrrah the thing is gone. It is a Spyware but the company that developed it says that it is not, soooo. Hope you can delete yours.

Tried many different Anti-Virus,malware,spyware,trojan,worm programs and finally after searching Google (can't find the article right away)...
Like which ones? Do you still have the malware on your machine? Are you having trouble removing it?

SpyBoot Search and Destroy, TrendMacro (Housecall), AVG Anti-Virus,Eusing Registry cleaner, Auslogics BoostSpeed and Disk CleanUp.
I ran SpyBoot Search and Destroy just minutes ago and the MyWay.MyWebSearch is gone. Like I said, go to your Program files and scroll to the folder "MyWebSearch" and delete it. It may not work for you but it did for me. I'm running Vista Home Premium.

Here is one reply by PANCAKE, security analyst. Click on link below and scroll
down to PANCAKE.

http://www.pchelpforum.com/fixed-hijackthis-logs/50802-myway-mywebsearch.html

You may have to copy and paste the link into your address bar.

I see, just removing Program Folder did the job? No Application Folders :laugh:?

But just a word of caution when you use registry cleaners:
http://forums.spybot.info/showthread.php?t=30038
-

hi i have tried to get rid of myway.mywebsearch but it says i need to run an administrator scan can someone please help me out and tell me how to do that

thanks

Hello,

Do you have Windows Vista?
http://www.safer-networking.org/en/faq/42.html

Best regards
Sandra
Team Spybot

i have windows vista

and thanks x

hi everyone
i have finally got rid of myway.mywebsearch
all you do is click on start and programs
then you right click on spybot search and destroy
then you click administrator then just run a scan on administrator
and at the end select myway.mywaywebsearch and then fix selected problems and it should fix it for you

hope it works
bye :bigthumb::D:

Hello jeremy. :)

Did you reboot so that Spybot-S&D could try to remove on startup?

I have tried to remove Myway.Mywebsearch several times the last couple of months.

I have included the required report. I do not have any of the My Web Search, Acceleration or Fun Game files on my system any longer. They were removed a while ago.

Can you please help.

Thx,
bdspear

Hello,

Please delete the following registry key:
HKEY_USERS\S-1-5-21-3678852198-808917815-963407370-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Open the registry editor by:
(a)
press windowskey + r then enter "regedit" (without quotation marks)
or
(b)
click on "start" , then "run" and enter "regedit" (without quotation marks)

(a+b)
and then browse to the path:
HKEY_USERS\S-1-5-21-3678852198-808917815-963407370-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Best regards
Sandra
Team Spybot

"i have finally got rid of myway.mywebsearch
all you do is click on start and programs
then you right click on spybot search and destroy
then you click administrator then just run a scan on administrator
and at the end select myway.mywaywebsearch and then fix selected problems and it should fix it for you".

I had trojans and PUPS with FunWebProducts, My.MyWebSearch & MyWebSearch after running Spybot S&D. It couldn't get rid of them until I did the above. I ran the above referenced Fix...and, oh yeah, they are finally gone!

Thank you to the forums!