MySearchNow bar - Take Two

Re: MySearchNow bar

Ok, I have followed all of the steps above, but I still have this mysearchbar thing on my computer. So now what?

 

Re: MySearchNow bar

Hi Amandalynn,

I will give you your own thread.

Did you look in Add or Remove Programs for:

My Search
My Way
My Bar

and try to Uninstall it that way? You should also note any other suspicious items.

Did you do all of the steps in the tutorial including the Online Scans?

If so, please scan with HijackThis as per these instructions:
Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post. Remember to post in the thread I create for you.

I am tied up with work right now, but somebody will try to take a look when they get a chance.

Best luck
PP

 

Yep used scans online.

Ran Hijack in safe mode couldn't get some programs to close down.

Did manage a few days ago before I started finals for school to block

\documents & settings\all users\Application Data\exitblahbagshope\VGA ASMIN.exe

 

Hi Amandalynn,

I see a few baddies in your HijackThis Log. I do need a HJT scan done in Regular Windows, though. If you cannot get everything to shut down, don't worry about it. It is more important that I see everything!

So, please attach a fresh log.

ALSO, Please download the following tool:

Pocket KillBox

Please keep it handy on the off chance that we might need to use it.

PP

 

Regular windows mood scan.

 

Hi Amandalynn,


This should be addressed after the fix:
MSIE: Unable to get Internet Explorer version!

You could try repairing IE by clicking Start >Settings >Control Panel >Add or Remove Programs and Selecting Internet Explorer. See if it gives you the option to “Repair.” You might need your XP CD to do this - I can’t remember.

ALSO, there are some weird looking files I marked to be deleted. If you recognize them as things you need, then leave them alone. Also, Spyware Stormer is a Rogue product and should be Uninstalled via Add/Remove Programs.

And . . . . Off we go:

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.pwsfeyjpwzmvlsbjembyoht....bywrP/X9sji78V_0JmyKDSmUk2D8cRlt/63GPM2i.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {A9E21215-1C6F-5E10-167B-00AF34C0246E} - C:\DOCUME~1\Amanda\APPLIC~1\SENDRO~1\blue play.exe ----> Do you recognize this? If not, I suggest remove or rename.

O4 - HKLM\..\Run: [bags hope team flag] C:\Documents and Settings\All Users\Application Data\Exitblahbagshope\VGA ADMIN.exe ----> This looks like LOP – Suggest remove.

O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe ---> Listed as rogue See Link --> http://www.spywarewarrior.com/rogue_anti-spyware.htm

O4 - HKCU\..\Run: [META BORE] C:\DOCUME~1\Amanda\APPLIC~1\NOUNNU~1\COPYGRIMUP.exe ---> Do you recognize this? If not, I suggest remove or rename.

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode and navigate to and DELETE the following if they should remain:

C:\DOCUME~1\Amanda\APPLICATION DATA\SENDRO~1 ---> The Folder (There may be additional letters to this one)
C:\Documents and Settings\All Users\Application Data\Exitblahbagshope ---> The Folder
C:\Program Files\Spyware Stormer ---> The Folder
C:\DOCUMENTS AND SETTINGS\Amanda\APPLICATION DATA\NOUNNU~1 ---> The Folder

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

Ok, did everything but run CCleaner. Not sure what this is....

 

CCleaner is part of the Read Me First Cleanup Tutorial - I figured you had it handy.

Your HJT Log looks OK. How are things working?

You may be well served to have a peek at this: How to Protect yourself from malware!

Best
PP