PDA

View Full Version : Search Assistant - My Search [REGISTRY ENTRY]

NICK ADSL UK
November 23rd, 2003, 12:29 PM
Hi all i have the above in my registry of which i have never heard of.It will not uninstall.Would anyone know what software this came in on and how to remove it.
Search Assistant - My Search
Program: C:\Program Files\Spy bot - Search & Destroy\Update.exe
Size: 5.17 MB
Last used: 16/11/2003
Frequency: rarely (2)

Support information:
Publisher: My Search
About: h t t p : //info.myway.com/index/id/ourmission.html
Support: h t t p : //help.myway.com/

Standard information:
Uninstall: mshta res://C:\PROGRA~1\MyWay\SrchAstt\1.bin\mysrchas.dll/101
Language: English (United Kingdom)
Key name: (HKLM) MyWaySearchAssistant

Other information:
The above does not make much sense to me as uninstalling spy bot does not remove the registry of Search Assistant - My Search
Many thanks

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe
C:\Program Files\Tweak-XP Pro 3\popup.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\webshots.scr
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\PC Magazine Utilities\UnClean\UnClean.exe
C:\Documents and Settings\NICK\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.windowsxpmagazine.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.windowsxpmagazine.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"
O4 - HKCU\..\Run: [Pop-Up-Blocker] "C:\Program Files\Tweak-XP Pro 3\popup.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -CC
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D8DF6C-A20A-4829-89D9-BF9205E2E8AF}: NameServer = 212.23.3.11 212.23.6.35
Pieter_Arntz
November 23rd, 2003, 01:48 PM
Hi NICK ADSL UK,

The MyWaySearchAssistent is often bundled with other software: http://www.doxdesk.com/parasite/MySearch.html

I don't quite see the connection to Spybot S&D except that they were added as targets in the update of 2003-11-02

There is one toolbar in your log that I am not familiar with:
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
If I had to guess I´d say it could be the RealPlayer toolbar. Does that make sense.

Your log is perfectly clean by the way.

Regards,

Pieter
NICK ADSL UK
November 23rd, 2003, 07:07 PM
Thank you Pieter for your excellent quick response.I have managed to remove the registry entry only with your uninstaller pro.It could not remove the file as it obviously had a broken link somewhere so i just ticked the box to remove the registry entry.I would love to know what program that come in on as i have a lot of software to prevent this sort of thing happening.Real bar is part of real player it is not spy ware in the true sense of the word and spy bot does not pick up on it.Many thanks once again.While i am here i would like to say what a nice forum you have here :)