Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #16  
Old April 14th, 2011, 01:50 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,708
Did you reboot since removing that MyWeb uninstall listing using HijackThis?
Reply With Quote


  #17  
Old April 14th, 2011, 06:27 AM
VegasMAK VegasMAK is offline
Member
 
Join Date: Jan 2004
Posts: 85
Hi Jintan

Yes, I did reboot
Reply With Quote
  #18  
Old April 15th, 2011, 01:55 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,708
Mmm - let's locate the source, then show MyWebSearch the exit door.


Download Nirsoft's RegScanner from here (scroll down - select "Download self-install executable for installing RegScanner with uninstall support") to your desktop. Then right click that regscanner_setup.exe, select "Run as administrator, and follow the prompts to install RegScanner.

When the display opens, copy/paste the following into the "Find String" box, then click OK:

mywebsearch

Once that scan completes go to Edit - Select All. Then again Edit - Copy All.

Open Notepad (go to Start Search, type notepad.exe and hit Enter), and right click Paste the log results there. Save that to your desktop by any name you choose, and post the contents here in your next reply please.
Reply With Quote
  #19  
Old April 15th, 2011, 05:10 PM
VegasMAK VegasMAK is offline
Member
 
Join Date: Jan 2004
Posts: 85
HKCU\Software\AppDataLow\Software\MyWebSearch\bar UseFWB REG_SZ 0 23/07/2010 21:00:29 2
HKCU\Software\AppDataLow\Software\MyWebSearch\bar tiec REG_SZ 208976 23/07/2010 21:00:29 7
HKCU\Software\AppDataLow\Software\MyWebSearch\bar CacheDir REG_SZ C:\Users\David Lawrenson\AppData\LocalLow\MyWebSearch\bar\Cache\ 23/07/2010 21:00:29 65
HKCU\Software\AppDataLow\Software\MyWebSearch\bar Visible REG_SZ 0 23/07/2010 21:00:29 2
HKCU\Software\AppDataLow\Software\MyWebSearch\bar Maximized REG_SZ 1 23/07/2010 21:00:29 2
HKCU\Software\AppDataLow\Software\MyWebSearch\bar SettingsDir REG_SZ C:\Users\David Lawrenson\AppData\LocalLow\MyWebSearch\bar\Setting s\ 23/07/2010 21:00:29 68
HKCU\Software\AppDataLow\Software\MyWebSearch\bar ConfigRevision REG_SZ 111 23/07/2010 21:00:29 4
HKCU\Software\AppDataLow\Software\MyWebSearch\bar ConfigRevisionURL REG_SZ http://cfg.mywebsearch.com/mySpeedba...b87&p=ZCman000 23/07/2010 21:00:29 64
HKCU\Software\AppDataLow\Software\MyWebSearch\bar ConfigDateStamp REG_SZ 2009040606 23/07/2010 21:00:29 11
HKCU\Software\AppDataLow\Software\MyWebSearch\bar HTMLMenuRevision REG_SZ 326 23/07/2010 21:00:29 4
HKCU\Software\AppDataLow\Software\MyWebSearch\bar sscSet REG_SZ 4 23/07/2010 21:00:29 2
HKCU\Software\AppDataLow\Software\MyWebSearch\bar sscLabel REG_SZ My Web Search 23/07/2010 21:00:29 14
HKCU\Software\AppDataLow\Software\MyWebSearch\bar sscURL REG_SZ http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCman000&fl=0&ptb=GqtR1dFJ7IoEHe aTONy7Pg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} 23/07/2010 21:00:29 182
HKCU\Software\AppDataLow\Software\MyWebSearch\bar AlertCount REG_SZ 3 23/07/2010 21:00:29 2
HKCU\Software\AppDataLow\Software\MyWebSearch\bar AlertPeriod REG_SZ 60 23/07/2010 21:00:29 3
HKCU\Software\AppDataLow\Software\MyWebSearch\bar AlertPausePeriod REG_SZ 259200 23/07/2010 21:00:29 7
HKCU\Software\AppDataLow\Software\MyWebSearch\bar NoThrottleAlert REG_SZ 0 23/07/2010 21:00:29 2
HKCU\Software\AppDataLow\Software\MyWebSearch\bar NextConfigRequest REG_SZ oOtMOsMqywE- 23/07/2010 21:00:29 13
HKCU\Software\AppDataLow\Software\MyWebSearch\bar LastConfigRequest REG_SZ oLP_FKoqywE- 23/07/2010 21:00:29 13
HKCU\Software\AppDataLow\Software\MyWebSearch\bar Flags REG_SZ 8722 23/07/2010 21:00:29 5
HKCU\Software\AppDataLow\Software\MyWebSearch\bar DSS REG_SZ {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 23/07/2010 21:00:29 39
HKCU\Software\AppDataLow\Software\MyWebSearch\bar HistoryDir REG_SZ C:\Users\David Lawrenson\AppData\LocalLow\MyWebSearch\bar\History \ 23/07/2010 21:00:29 67
HKCU\Software\AppDataLow\Software\MyWebSearch\bar AutocompleteURL REG_SZ http://srchsugg.funwebproducts.com/query?sstype=prefix&q=<!-- QUERY_INPUT --> 23/07/2010 21:00:29 78
HKCU\Software\AppDataLow\Software\MyWebSearch\bar SkinsDirLowIL REG_SZ C:\Users\David Lawrenson\AppData\LocalLow\MyWebSearch\bar\ 23/07/2010 21:00:29 59
HKCU\Software\AppDataLow\Software\MyWebSearch\Sear chAssistant ConfigDateStamp REG_SZ 2009040606 28/01/2011 19:58:49 11
HKCU\Software\AppDataLow\Software\MyWebSearch\Sear chAssistant ABS REG_SZ http://www.mywebsearch.com/jsp/cfg_r...606&searchfor= 28/01/2011 19:58:49 192
HKCU\Software\AppDataLow\Software\MyWebSearch\Sear chAssistant DES REG_SZ http://www.mywebsearch.com/jsp/cfg_r...606&searchfor= 28/01/2011 19:58:49 189
HKCU\Software\AppDataLow\Software\MyWebSearch\Sear chAssistant sscEnabled REG_SZ 1 28/01/2011 19:58:49 2
HKCU\Software\AppDataLow\Software\MyWebSearch\Sear chAssistant eintl REG_SZ 0 28/01/2011 19:58:49 2
HKCU\Software\AppDataLow\Software\MyWebSearch\Sear chAssistant ie8h REG_SZ 1 28/01/2011 19:58:49 2
HKCU\Software\AppDataLow\Software\MyWebSearch\Sear chAssistant NextRequest REG_BINARY 20 B4 20 12 ED 2A CB 01 28/01/2011 19:58:49 8
HKCU\Software\AppDataLow\Software\MyWebSearch\Sear chAssistant LastRequest REG_BINARY A0 5D E2 09 88 2A CB 01 28/01/2011 19:58:49 8
HKCU\Software\AppDataLow\Software\MyWebSearch\Sear chAssistant fs REG_SZ 0 28/01/2011 19:58:49 2
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4 \0\1 3 REG_BINARY 58 00 31 00 00 00 00 00 86 3A 15 55 10 00 4D 59 57 45 42 53 7E 31 00 00 40 00 07 00 04 00 EF BE 86 3A 15 55 86 3A 15 55 26 00 00 00 3B 8F 00 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 4D 00 79 00 57 00 65 00 62 00 53 00 65 00 61 00 72 00 63 00 68 00 00 00 18 00 00 00 05/04/2011 19:06:15 90
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} URL REG_SZ http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCman000&fl=0&ptb=GqtR1dFJ7IoEHe aTONy7Pg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms} 06/04/2009 11:40:55 182
HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall SlowInfoCache REG_BINARY 28 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11/04/2011 17:58:51 552
HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall Changed REG_DWORD 0x00000000 (0) 11/04/2011 17:58:51 4
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\mywebsearch.net * REG_DWORD 0x00000004 (4) 04/04/2011 21:31:24 4
HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\EscDomains\mywebsearch.net * REG_DWORD 0x00000004 (4) 04/04/2011 21:31:30 4
HKCU\Software\MyWebSearch\bar MenuExtLabel REG_SZ &Search 06/04/2009 11:40:55 8
HKCU\Software\MyWebSearch\HostVersions WINWORD.EXE REG_SZ 12.0.6535.5000 11/07/2010 13:45:25 15
HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} REG_SZ MyWebSearch Search Assistant BHO 06/04/2009 11:40:44 33
HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL 06/04/2009 11:40:44 52
HKLM\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL 06/04/2009 11:40:44 52
HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} REG_SZ MyWebSearch Settings 06/04/2009 11:40:42 21
HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\ProgID REG_SZ MyWebSearchToolBar.SettingsPlugin.1 06/04/2009 11:40:42 36
HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}\VersionIndependentProgID REG_SZ MyWebSearchToolBar.SettingsPlugin 06/04/2009 11:40:42 34
HKLM\SOFTWARE\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} REG_SZ MyWebSearch HTML 06/04/2009 11:40:42 17
HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\ProgID REG_SZ MyWebSearch.HTMLPanel.1 06/04/2009 11:40:42 24
HKLM\SOFTWARE\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\VersionIndependentProgID REG_SZ MyWebSearch.HTMLPanel 06/04/2009 11:40:42 22
HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} REG_SZ MyWebSearch Toolbar Plugin 06/04/2009 11:40:42 27
HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\ProgID REG_SZ MyWebSearchToolBar.ToolbarPlugin.1 06/04/2009 11:40:42 35
HKLM\SOFTWARE\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}\VersionIndependentProgID REG_SZ MyWebSearchToolBar.ToolbarPlugin 06/04/2009 11:40:42 33
HKLM\SOFTWARE\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} REG_SZ MyWebSearch Skin Settings 06/04/2009 11:40:42 26
HKLM\SOFTWARE\Classes\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} REG_SZ MyWebSearch Pseudo Transparent Plugin 06/04/2009 11:40:42 38
HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\ProgID REG_SZ MyWebSearch.PseudoTransparentPlugin.1 06/04/2009 11:40:42 38
HKLM\SOFTWARE\Classes\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}\VersionIndependentProgID REG_SZ MyWebSearch.PseudoTransparentPlugin 06/04/2009 11:40:42 36
HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} REG_SZ MyWebSearch Popup Menu Plugin 06/04/2009 11:40:42 30
HKLM\SOFTWARE\Classes\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL 06/04/2009 11:40:42 51
HKLM\SOFTWARE\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\ProgID REG_SZ MyWebSearch.OutlookAddin.1 06/04/2009 11:40:42 27
HKLM\SOFTWARE\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}\VersionIndependentProgID REG_SZ MyWebSearch.OutlookAddin 06/04/2009 11:40:42 25
HKLM\SOFTWARE\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} REG_SZ MyWebSearch Chat Session Plugin 06/04/2009 11:40:42 32
HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\InprocServer32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL 06/04/2009 11:40:42 49
HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\ProgID REG_SZ MyWebSearch.ChatSessionPlugin.1 06/04/2009 11:40:42 32
HKLM\SOFTWARE\Classes\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}\VersionIndependentProgID REG_SZ MyWebSearch.ChatSessionPlugin 06/04/2009 11:40:42 30
HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} REG_SZ IMyWebSearchSettings 06/04/2009 11:40:42 21
HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} REG_SZ _IMyWebSearchSettingsEvents 06/04/2009 11:40:42 28
HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906} REG_SZ IMyWebSearchHTMLPanel 06/04/2009 11:40:42 22
HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} REG_SZ _IMyWebSearchHTMLPanelEvents 06/04/2009 11:40:42 29
HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} REG_SZ IMyWebSearchXMLElement 06/04/2009 11:40:42 23
HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} REG_SZ IMyWebSearchSkinSettings 06/04/2009 11:40:42 25
HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} REG_SZ IMyWebSearchPseudoTransparent 06/04/2009 11:40:42 30
HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} REG_SZ IMyWebSearchPopupMenu 06/04/2009 11:40:42 22
HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} REG_SZ IMyWebSearchSkinWindow 06/04/2009 11:40:42 23
HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} REG_SZ IMyWebSearchChatSession 06/04/2009 11:40:42 24
HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} REG_SZ _IMyWebSearchChatSessionEvents 06/04/2009 11:40:42 31
HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} REG_SZ IMyWebSearchSearchScope 06/04/2009 11:40:42 24
HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugi n REG_SZ MyWebSearch Chat Session Plugin 06/04/2009 11:40:42 32
HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugi n.1 REG_SZ MyWebSearch Chat Session Plugin 06/04/2009 11:40:42 32
HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugi n.1\CLSID REG_SZ {E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugi n\CLSID REG_SZ {E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearch.ChatSessionPlugi n\CurVer REG_SZ MyWebSearch.ChatSessionPlugin.1 06/04/2009 11:40:42 32
HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel REG_SZ MyWebSearch HTML Panel 06/04/2009 11:40:42 23
HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1 REG_SZ MyWebSearch HTML Panel 06/04/2009 11:40:42 23
HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel.1\CLSI D REG_SZ {3E720452-B472-4954-B7AA-33069EB53906} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel\CLSID REG_SZ {3E720452-B472-4954-B7AA-33069EB53906} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearch.HTMLPanel\CurVer REG_SZ MyWebSearch.HTMLPanel.1 06/04/2009 11:40:42 24
HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin REG_SZ My Web Search for Outlook 06/04/2009 11:40:42 26
HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1 REG_SZ My Web Search for Outlook 06/04/2009 11:40:42 26
HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin.1\C LSID REG_SZ {ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin\CLS ID REG_SZ {ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearch.OutlookAddin\Cur Ver REG_SZ MyWebSearch.OutlookAddin.1 06/04/2009 11:40:42 27
HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparen tPlugin REG_SZ MyWebSearch Pseudo Transparent Plugin 06/04/2009 11:40:42 38
HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparen tPlugin.1 REG_SZ MyWebSearch Pseudo Transparent Plugin 06/04/2009 11:40:42 38
HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparen tPlugin.1\CLSID REG_SZ {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparen tPlugin\CLSID REG_SZ {7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearch.PseudoTransparen tPlugin\CurVer REG_SZ MyWebSearch.PseudoTransparentPlugin.1 06/04/2009 11:40:42 38
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsP lugin REG_SZ MyWebSearch Settings Plugin 06/04/2009 11:40:42 28
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsP lugin.1 REG_SZ MyWebSearch Settings Plugin 06/04/2009 11:40:42 28
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsP lugin.1\CLSID REG_SZ {07B18EAB-A523-4961-B6BB-170DE4475CCA} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsP lugin\CLSID REG_SZ {07B18EAB-A523-4961-B6BB-170DE4475CCA} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.SettingsP lugin\CurVer REG_SZ MyWebSearchToolBar.SettingsPlugin.1 06/04/2009 11:40:42 36
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPl ugin REG_SZ MyWebSearch Toolbar Plugin 06/04/2009 11:40:42 27
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPl ugin.1 REG_SZ MyWebSearch Toolbar Plugin 06/04/2009 11:40:42 27
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPl ugin.1\CLSID REG_SZ {53CED2D0-5E9A-4761-9005-648404E6F7E5} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPl ugin\CLSID REG_SZ {53CED2D0-5E9A-4761-9005-648404E6F7E5} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\MyWebSearchToolBar.ToolbarPl ugin\CurVer REG_SZ MyWebSearchToolBar.ToolbarPlugin.1 06/04/2009 11:40:42 35
Reply With Quote
  #20  
Old April 15th, 2011, 05:11 PM
VegasMAK VegasMAK is offline
Member
 
Join Date: Jan 2004
Posts: 85
HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL 06/04/2009 11:40:42 50
HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL 06/04/2009 11:40:42 49
HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\0\win32 REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL 06/04/2009 11:40:43 52
HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}\1.0\HELPDIR REG_SZ C:\Program Files\MyWebSearch\bar\1.bin 06/04/2009 11:40:43 39
HKLM\SOFTWARE\FocusInteractive\Email-IM\0 AppName REG_SZ MyWebSearch Email Plugin 06/04/2009 11:40:43 25
HKLM\SOFTWARE\FocusInteractive\Outlook MyWebSearch.OutlookAddin REG_SZ {07B18EA9-A523-4961-B6BB-170DE4475CCA} 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Fun Web Products JpegConversionLib REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL 06/04/2009 11:40:43 51
HKLM\SOFTWARE\Fun Web Products\MSNMessenger DLLDir REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\ 06/04/2009 11:40:42 40
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} AppPath REG_SZ C:\Program Files\MyWebSearch\bar\1.bin 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} AppPath REG_SZ C:\Program Files\MyWebSearch\bar\1.bin 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} AppPath REG_SZ C:\Program Files\MyWebSearch\bar\1.bin 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} AppPath REG_SZ C:\Program Files\MyWebSearch\bar\1.bin 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} AppPath REG_SZ C:\Program Files\MyWebSearch\bar\1.bin 06/04/2009 11:40:42 39
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} URL REG_SZ http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCman000&fl=0&ptb=GqtR1dFJ7IoEHe aTONy7Pg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} 14/04/2009 12:51:41 182
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWe bSearch.OutlookAddin Description REG_SZ My Web Search Outlook Container 06/04/2009 11:40:42 32
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWe bSearch.OutlookAddin FriendlyName REG_SZ Fun Tools 06/04/2009 11:40:42 10
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWe bSearch.OutlookAddin LoadBehavior REG_DWORD 0x00000003 (3) 06/04/2009 11:40:42 4
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSe arch.OutlookAddin Description REG_SZ My Web Search Outlook Container 06/04/2009 11:40:42 32
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSe arch.OutlookAddin FriendlyName REG_SZ Fun Tools 06/04/2009 11:40:42 10
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSe arch.OutlookAddin LoadBehavior REG_DWORD 0x00000003 (3) 06/04/2009 11:40:42 4
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run 04/04/2011 18:17:34 46
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin item REG_SZ MyWebSearch Plugin 04/04/2011 18:17:34 19
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin hkey REG_SZ HKLM 04/04/2011 18:17:34 5
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin command REG_SZ rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF 04/04/2011 18:17:34 57
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin inimapping REG_SZ 0 04/04/2011 18:17:34 2
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin YEAR REG_DWORD 0x000007db (2011) 04/04/2011 18:17:34 4
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin MONTH REG_DWORD 0x00000004 (4) 04/04/2011 18:17:34 4
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin DAY REG_DWORD 0x00000004 (4) 04/04/2011 18:17:34 4
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin HOUR REG_DWORD 0x00000012 (18) 04/04/2011 18:17:34 4
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin MINUTE REG_DWORD 0x00000011 (17) 04/04/2011 18:17:34 4
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Plugin SECOND REG_DWORD 0x00000022 (34) 04/04/2011 18:17:34 4
HKLM\SOFTWARE\Microsoft\Windows Defender\Software Explorers\Disabled RunKey\Run MyWebSearch Email Plugin REG_SZ C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe 14/06/2010 19:19:38 44
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\sources f3PopularScreensavers REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL 06/04/2009 11:40:42 52
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MyWebSearch bar Uninstall DisplayName REG_SZ My Web Search (Cursor Mania) 06/04/2009 11:40:42 29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MyWebSearch bar Uninstall HelpLink REG_SZ http://helpint.mywebsearch.com/ 06/04/2009 11:40:42 32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MyWebSearch bar Uninstall Publisher REG_SZ My Web Search 06/04/2009 11:40:42 14
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MyWebSearch bar Uninstall UninstallString REG_SZ rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll,O 06/04/2009 11:40:42 54
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\MyWebSearch bar Uninstall UrlInfoAbout REG_SZ http://helpint.mywebsearch.com/intlinfo/eula/eula.jhtml 06/04/2009 11:40:42 56
HKLM\SOFTWARE\MyWebSearch\bar Maximized REG_SZ 1 06/04/2009 11:40:55 2
HKLM\SOFTWARE\MyWebSearch\bar Visible REG_SZ 1 06/04/2009 11:40:55 2
HKLM\SOFTWARE\MyWebSearch\bar pid REG_SZ ZCman000 06/04/2009 11:40:55 9
HKLM\SOFTWARE\MyWebSearch\bar fwp REG_SZ 0 06/04/2009 11:40:55 2
HKLM\SOFTWARE\MyWebSearch\bar un REG_SZ My Web Search (Cursor Mania) 06/04/2009 11:40:55 29
HKLM\SOFTWARE\MyWebSearch\bar tiec REG_SZ 208976 06/04/2009 11:40:55 7
HKLM\SOFTWARE\MyWebSearch\bar Dir REG_SZ C:\Program Files\MyWebSearch\bar\ 06/04/2009 11:40:55 34
HKLM\SOFTWARE\MyWebSearch\bar PluginPath REG_SZ C:\PROGRA~1\MYWEBS~1\bar\1.bin\ 06/04/2009 11:40:55 32
HKLM\SOFTWARE\MyWebSearch\bar UninstallString REG_SZ "C:\Program Files\MyWebSearch\bar\1.bin\m3highin.exe" mwsbar.dll,O 06/04/2009 11:40:55 67
HKLM\SOFTWARE\MyWebSearch\bar Id REG_SZ D551AB1A-8AEC-49D1-93E6-1D043EBBDC38 06/04/2009 11:40:55 37
HKLM\SOFTWARE\MyWebSearch\bar CurInstall REG_SZ 1 06/04/2009 11:40:55 2
HKLM\SOFTWARE\MyWebSearch\bar SettingsDir REG_SZ C:\Program Files\MyWebSearch\bar\Settings\ 06/04/2009 11:40:55 43
HKLM\SOFTWARE\MyWebSearch\bar sr REG_SZ 0 06/04/2009 11:40:55 2
HKLM\SOFTWARE\MyWebSearch\bar pl REG_SZ 9 06/04/2009 11:40:55 2
HKLM\SOFTWARE\MyWebSearch\bar HistoryDir REG_SZ C:\Program Files\MyWebSearch\bar\History\ 06/04/2009 11:40:55 42
HKLM\SOFTWARE\MyWebSearch\MWSOEMON Version REG_SZ 1,2,2,6 06/04/2009 11:40:43 8
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG Version REG_SZ 1,4,0,8 06/04/2009 11:40:58 8
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG Path REG_SZ C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL 06/04/2009 11:40:58 52
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG StandardSmileyDir.AIM REG_SZ http://cdn.webmail.aol.com/31361/aim.../images/aimex/ 06/04/2009 11:40:58 57
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo ICQT.numActive2 REG_SZ 10 23/07/2010 21:00:07 3
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo ICQT.0 REG_SZ You just received a smiley! Go to @LINK@ to see it! 23/07/2010 21:00:07 52
HKLM\SOFTWARE\MyWebSearch\MWSOEPLG\Promo ICQT.1 REG_SZ You just received a smiley! Want to see it? Click here now! @LINK@ 23/07/2010 21:00:07 67
Reply With Quote
  #21  
Old April 15th, 2011, 05:14 PM
VegasMAK VegasMAK is offline
Member
 
Join Date: Jan 2004
Posts: 85
There is insane ammounts of data here, another 116028 characters. Do you need all of them, is there perhaps a better way to get the data to you than posting here (probably take another 6 posts).
Reply With Quote
  #22  
Old April 16th, 2011, 02:36 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,708
Better if I at least give that log you created a once-over.

Just zip a copy of that output file, then send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -VegasMAK/cth/mws" as the email Subject.


I admit the log shows more "remnants" than I had expected. Failed past uninstall perhaps. Even though we may have used it already, let's run a scan with Malwarebytes, since I see Registry items in this log that I know it removes. But I will check the log you send, to just put together a removal script. Just open and update Malwarebytes, run a Quick Scan, then post the log from that back here please.
Reply With Quote
  #23  
Old April 16th, 2011, 02:01 PM
VegasMAK VegasMAK is offline
Member
 
Join Date: Jan 2004
Posts: 85
Email with other scan to follow, here's malware.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6373

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

16/04/2011 12:45:31
mbam-log-2011-04-16 (12-45-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 358100
Time elapsed: 1 hour(s), 29 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 115
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugi n.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugi n (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager. 1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin .1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSetting sControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSetting sControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlu gin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlu gin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButt on.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButt on (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverIn staller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverIn staller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager. 1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerSche duler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerSche duler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterCon trolBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterCon trolBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlo ok\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\ Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\tmp000000019a7507484c20c44f (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\tmp00000001acd37b8b594c184b (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\tmp00000001c13a7d7b005e103c (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\tmp000000035db8c41b83d2cc2f (Trojan.Dropper) -> Quarantined and deleted successfully.
Reply With Quote
  #24  
Old April 16th, 2011, 09:10 PM
VegasMAK VegasMAK is offline
Member
 
Join Date: Jan 2004
Posts: 85
ran again after allowing malwarebytes to do its stuff


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6373

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

16/04/2011 20:04:31
mbam-log-2011-04-16 (20-04-31).txt

Scan type: Quick scan
Objects scanned: 178267
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Reply With Quote
  #25  
Old April 17th, 2011, 02:21 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,708
I give Malwarebytes credit for being thorough in their removals. That one included the MyWebSearch uninstaller settings, so if you have rebooted after that the uninstall entry should be gone. Post an update on that please.
Reply With Quote
  #26  
Old April 18th, 2011, 08:56 AM
VegasMAK VegasMAK is offline
Member
 
Join Date: Jan 2004
Posts: 85
Hi

I rebooted and the entry is gone. Post reboot it certainly appears that we are clean.

Thanks for your help.
Reply With Quote
  #27  
Old April 19th, 2011, 02:00 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,708
Good to go. Just some last steps to finish our work then.

The logs show you have slightly outdated versions of vulnerable programs, so go to each of these sites and update to the latest version (keep your eyes open - they often slide in "opportunities" for things like Google, or McAfee's scanner):

http://get.adobe.com/flashplayer/com...tivex/?a=false
(For Adobe Reader and Flash Player)

http://java.com/en/download/manual.jsp
(For Java 6 Update 24)

Once you have done those, be sure to go to Add/Remove Programs and uninstall the older, Java(TM) SE Runtime Environment 6 version.

------------------

Then just remove what our work added there to finish things.


Eset, if you don't plan to use it again, uninstalls through Add/Remove Programs.


You can also at this time delete the files/folders of the tools we used. To assist with some of that download OTC.exe by OldTimer to your desktop. This will help by automatically removing some of the tools we used.

Just click OTC.exe, then click CleanUp, and select Yes. When it finishes removing some of the tools and files we used there just agree to the reboot, and OTC should self-delete once the system has rebooted (if not just delete the OTC.exe file).

-------------------------

Then a good idea is to reset the System Restore. To do this, right-click My Computer and select Properties. Click the System Restore tab in the window that appears, and check the box that says "Turn off System Restore on all drives" and click Apply.

You will be asked if you are sure, click Yes. This will delete the restore points. Then click OK in the Properties window and reboot your computer.

When your desktop appears, right-click My Computer and select Properties once more. Uncheck the "Turn off System Restore..." box and click Apply. OK.



In addition, I like to recommend reviewing the information Here to make sure you stay malware free.
Reply With Quote
  #28  
Old April 19th, 2011, 05:40 PM
VegasMAK VegasMAK is offline
Member
 
Join Date: Jan 2004
Posts: 85
Thanks Jintan

All done now, appreciate your help on this. Computer going back tomorrow with strict instructions NOT to download install or otherwise consider MyWebSearch, Zwinky, CursorMania etc etc!
Reply With Quote
  #29  
Old April 20th, 2011, 02:33 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,708
It isn't MyWebSearch's fault (Mindspark Interactive Network, Inc. All rights reserved. An IAC Company - Mindsparkô properties: IWON | Cardboiled | Retrogamer | Webfetti | GirlSense | MyWebFace | MyFunCards | Zwinky | Zwinky Cuties | Kazulah
Excite | Smiley Central | Smiley Creator | CursorMania | PopularScreensavers | Degrees | Events | PopDownloads) a 13 year old child installed it. Just happen to create and distribute paper doll dress-up programs like Zwinky for an adult audience, maybe advertise them coincidentally in web locations kids might frequent.

But I was glad to be helpful here.

Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 01:31 AM.