Search Assistant - My Search [REGISTRY ENTRY]

Discussion in 'adware, spyware & hijack cleaning' started by NICK ADSL UK, Nov 23, 2003.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Hi all i have the above in my registry of which i have never heard of.It will not uninstall.Would anyone know what software this came in on and how to remove it.
    Search Assistant - My Search
    Program: C:\Program Files\Spy bot - Search & Destroy\Update.exe
    Size: 5.17 MB
    Last used: 16/11/2003
    Frequency: rarely (2)

    Support information:
    Publisher: My Search
    About: h t t p : //info.myway.com/index/id/ourmission.html
    Support: h t t p : //help.myway.com/

    Standard information:
    Uninstall: mshta res://C:\PROGRA~1\MyWay\SrchAstt\1.bin\mysrchas.dll/101
    Language: English (United Kingdom)
    Key name: (HKLM) MyWaySearchAssistant

    Other information:
    The above does not make much sense to me as uninstalling spy bot does not remove the registry of Search Assistant - My Search
    Many thanks

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\GEARSEC.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\HDD Health\hddhealth.exe
    C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe
    C:\Program Files\Tweak-XP Pro 3\popup.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
    C:\Program Files\MRU-Blaster\scheduler.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\webshots.scr
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\PC Magazine Utilities\UnClean\UnClean.exe
    C:\Documents and Settings\NICK\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.windowsxpmagazine.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.windowsxpmagazine.co.uk
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
    O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
    O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro 3\AdBlocker.exe"
    O4 - HKCU\..\Run: [Pop-Up-Blocker] "C:\Program Files\Tweak-XP Pro 3\popup.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -CC
    O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
    O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/bcd48c18cb7498/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B0D8DF6C-A20A-4829-89D9-BF9205E2E8AF}: NameServer = 212.23.3.11 212.23.6.35
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi NICK ADSL UK,

    The MyWaySearchAssistent is often bundled with other software: http://www.doxdesk.com/parasite/MySearch.html

    I don't quite see the connection to Spybot S&D except that they were added as targets in the update of 2003-11-02

    There is one toolbar in your log that I am not familiar with:
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
    If I had to guess I´d say it could be the RealPlayer toolbar. Does that make sense.

    Your log is perfectly clean by the way.

    Regards,

    Pieter
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Thank you Pieter for your excellent quick response.I have managed to remove the registry entry only with your uninstaller pro.It could not remove the file as it obviously had a broken link somewhere so i just ticked the box to remove the registry entry.I would love to know what program that come in on as i have a lot of software to prevent this sort of thing happening.Real bar is part of real player it is not spy ware in the true sense of the word and spy bot does not pick up on it.Many thanks once again.While i am here i would like to say what a nice forum you have here :)
     
Thread Status:
Not open for further replies.