Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Still Having MyWebSearch Problems


  • Please log in to reply

#1
Casperdg

Casperdg

    Member

  • Member
  • PipPip
  • 30 posts
My name is George Virden. Bhowett and I recently went through the process of removeing mywebsearch. It was gone for a while. I ran super antispyware last night and it said that mywebsearch/funproducts and adware.tracking.cookies where on my computer. I removed them last night. When I got up I ran a scan and they both are back. How do I get rid of these? Please help. Here is a fresh hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:44 AM, on 4/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1233109428109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1233103157234
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7140 bytes
  • 0

Advertisements


#2
Casperdg

Casperdg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Also here is the superantispyware log. I am also logged on to my wifes account. The same files apear on my account as well.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/09/2009 at 10:59 AM

Application Version : 4.26.1000

Core Rules Database Version : 3836
Trace Rules Database Version: 1792

Scan type : Custom Scan
Total Scan Time : 00:05:46

Memory items scanned : 0
Memory threats detected : 0
Registry items scanned : 5010
Registry threats detected : 29
File items scanned : 23
File threats detected : 56

Adware.MyWebSearch
HKU\S-1-5-21-1364781832-111287991-2673634911-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-21-1364781832-111287991-2673634911-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-1364781832-111287991-2673634911-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Adware.Tracking Cookie
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\momma@specificmedia[1].txt
C:\Documents and Settings\Momma\Cookies\momma@casalemedia[2].txt
C:\Documents and Settings\Momma\Cookies\momma@adbrite[2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\momma@hitbox[2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\momma@atdmt[2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\momma@overture[2].txt
C:\Documents and Settings\Momma\Cookies\momma@nextag[1].txt
C:\Documents and Settings\Momma\Cookies\momma@optimost[2].txt
C:\Documents and Settings\Momma\Cookies\momma@tribalfusion[1].txt
C:\Documents and Settings\Momma\Cookies\momma@247realmedia[2].txt
C:\Documents and Settings\Momma\Cookies\momma@burstnet[1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\momma@zedo[1].txt
C:\Documents and Settings\Momma\Cookies\momma@shopica[2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\momma@adrevolver[2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][2].txt
C:\Documents and Settings\Momma\Cookies\momma@clickbank[2].txt
C:\Documents and Settings\Momma\Cookies\momma@realmedia[2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\momma@revenue[1].txt
C:\Documents and Settings\Momma\Cookies\momma@specificclick[2].txt
C:\Documents and Settings\Momma\Cookies\momma@doubleclick[1].txt
C:\Documents and Settings\Momma\Cookies\momma@mediaplex[1].txt
C:\Documents and Settings\Momma\Cookies\momma@media6degrees[2].txt
C:\Documents and Settings\Momma\Cookies\momma@tacoda[2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][2].txt
C:\Documents and Settings\Momma\Cookies\momma@insightexpressai[1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\momma@collective-media[1].txt
C:\Documents and Settings\Momma\Cookies\momma@fastclick[2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][2].txt
C:\Documents and Settings\Momma\Cookies\momma@trafficmp[1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][2].txt
C:\Documents and Settings\Momma\Cookies\momma@revsci[1].txt
C:\Documents and Settings\Momma\Cookies\momma@serving-sys[1].txt
C:\Documents and Settings\Momma\Cookies\momma@advertising[2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][2].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\momma@questionmarket[1].txt
C:\Documents and Settings\Momma\Cookies\momma@interclick[2].txt
C:\Documents and Settings\Momma\Cookies\momma@maconcountycircuitclerk[1].txt
C:\Documents and Settings\Momma\Cookies\momma@adinterax[1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][1].txt
C:\Documents and Settings\Momma\Cookies\[email protected][2].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-1364781832-111287991-2673634911-1006\SOFTWARE\MyWebSearch
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\0\win32
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\FLAGS
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}\1.0\HELPDIR
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP