52 replies to this topic

[yorkshirechris]

It wont take more than a couple of hours and any other little problems you might have will be done away with too. Can't do any harm its upto you, you could see if someone comes along with something else to try first obviously. The time me and my other half wasted trying to sort out her laptop was all wasted though until we wiped it.

[taffy1967]

Well thanks it's something to consider anyway and I've created start up discs when I first bought it. It didn't actually come with a Vista disc, you had to use the utilities programme to create start up discs.

So I hope I won't loose anything.

[taffy1967]

Strange how Spybot - Search & Destroy keeps on finding the problem and won't delete it even though it says it has and yet Ad-Aware doesn't find any problems at all?

[nomininolife]

http://www.safer-net...MyWebSearch.php

Try this, it seems a bit more localised file wise.


David

[taffy1967]

This came up on notepad: -

*edit taken from the techsupport forums*?

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 10/11/2008 21:15:41 for strings:
; 'myway'
; 'mywebsearch'
; 'funwebproducts'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32]
@="C:\\Program Files\\MyWebSearch\\bar\\5.bin\\F3REPROX.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR]
@="C:\\Program Files\\MyWebSearch\\bar\\5.bin\\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}]
"AppPath"="C:\\Program Files\\MyWebSearch\\bar\\5.bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}]
"AppPath"="C:\\Program Files\\MyWebSearch\\bar\\5.bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127}]
"AppPath"="C:\\Program Files\\MyWebSearch\\bar\\5.bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7}]
"AppPath"="C:\\Program Files\\MyWebSearch\\bar\\5.bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}]
"AppPath"="C:\\Program Files\\MyWebSearch\\bar\\5.bin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Fun Web Products]
"CacheDir"="C:\\Users\\Turner Family\\AppData\\LocalLow\\FunWebProducts\\Shared\\Cache\\"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Fun Web Products\Data]
"DataDir"="C:\\Users\\Turner Family\\AppData\\LocalLow\\FunWebProducts\\Data\\"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Fun Web Products\ScreenSaver]
"ImagesDir"="C:\\Users\\Turner Family\\AppData\\LocalLow\\FunWebProducts\\ScreenSaver\\Images\\"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\FunWebProducts]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\FunWebProducts\Settings]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\bar]
"CacheDir"="C:\\Users\\Turner Family\\AppData\\LocalLow\\MyWebSearch\\bar\\Cache\\"
"SettingsDir"="C:\\Users\\Turner Family\\AppData\\LocalLow\\MyWebSearch\\bar\\Settings\\"
"sscURL"="http://www.mywebsear...p?id=ZKfox000(2)&fl=0&ptb=gr.Gy7NBgICGecqa82ytGw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}"
"HistoryDir"="C:\\Users\\Turner Family\\AppData\\LocalLow\\MyWebSearch\\bar\\History\\"
"SkinsDirLowIL"="C:\\Users\\Turner Family\\AppData\\LocalLow\\MyWebSearch\\bar\\"
"ConfigRevisionURL"="http://cfg.mywebsear...83&p=ZKfox000(2)"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]

[HKEY_CURRENT_USER\Software\AppDataLow\Software\MyWebSearch\SearchAssistant]
"ABS"="http://www.mywebsear...913&searchfor="
"DES"="http://www.mywebsear...913&searchfor="

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d835c84_0]
@="{0.0.0.00000000}.{83646a7e-a1d6-475c-ac85-e73e39c04a6d}|\\Device\\HarddiskVolume2\\Program Files\\MyWebSearch\\bar\\2.bin\\M3SKPLAY.EXE%b{00000000-0000-0000-0000-000000000000}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files\\MyWebSearch\\bar\\2.bin\\M3SKPLAY.EXE"="MyWebSearch Skin Player"

; End Of The Log...

So what do I do now? I really appreciate the help I'm getting, so thanks.

Edited by taffy1967, 10 November 2008 - 09:50 PM.

[Bristolboy]

I had a similar problem, used spybot and nod32 but couldn't get rid of a registry virus.

Get malwarebytes' anti-malware. (google it) its free and pretty dam good. my nod32 came up all clear, but the anti-malware program found and cleaned 43 other items that spybot and NOD must 'av missed made my computer speed up and stopped pop ups. Give it a swizz.
good luck.

download it
install it
update it
and then do a full scan...

And if that don't do it, get your arse on the spybot forum and get searching. Its quite good and where i found malewarebytes' anti-malware. Oh yeah, bear in mind a full scan with this program can take along time depending on your computer specs.

Bb

[Boomboy77]

So you've said you use spybot search and destroy, but is there any antivirus installed at all???

I would use the malwarebytes and see what that does.
You can always download tune up utilites 2008 (trial) clean absolutely everything, inc old system restore points off your pc and see how it goes.
You can also select what programs start on boot up with tune up, might be worth having a look into.

Edited by Boomboy77, 11 November 2008 - 07:55 AM.

[miniEgg]

I would try Ccleaner, seems to sort most things out on my laptops and pc's also you can get a program called Mal-aware, that may help you.

[taffy1967]

Bloody hell I expected four keys at the most, this thing will no doubt be dragging the performance of your PC down.

The next thing would to be disable teatimer in spybot:
Go into Spybot > Mode > Advanced Mode > Tools > Resident
Uncheck (if checked) the following:
Resident "TeaTimer" (Protection of over-all system settings) Active.

Then download CCleaner and run the first two options listed on the left of the program can't remember what they're called again (one is reg cleaner, the other removes unnecessary internet files recycle bin etc) CCleaner

Turn teatimer back on and re-boot your computer and do another spybot scan.

Tried this method but failed as it's still stubbornly showing up.

I'll try one of the other suggestions when I get a chance.

[nomininolife]

I have used the anti-malware software on my sisters machine today, my nephews just click yes to everything. It took just over 4 hours to complete but it found 384 entries.



David

[taffy1967]

I have used the anti-malware software on my sisters machine today, my nephews just click yes to everything. It took just over 4 hours to complete but it found 384 entries.



David

Thanks I'll try giving that a whirl tomorrow then.

[Zacherius]

I Can't make out from all of this if you have or haven't done a system restore yet ?

Also, Click the Windows Button ( Bottom Left ) and type MSCONFIG in the line. Click Continue if it asks. Then click the " STARTUP " TAB. See if you can see the program in there or if you can see any face book programs etc, or if yo know what you want to start, stop all the others. It won't harm it if you click wrong ones, you may find you need to just go back in a click to start on opening again. This will then stop the relevant programs from opening and starting when you start up your system.

My sister uses facebook and its always adding back programs that start on opening and are hard to get rid of. Yet sometimes easier to just STOP them from starting up in the first place !

Hope it helps, but if not re-post and keep us informed.