Member Avatar for yellowdemon327

Malwarebytes' Anti-Malware 1.44
Database version: 3587
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/20/2010 11:14:34 AM
mbam-log-2010-01-20 (11-14-34).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 136456
Time elapsed: 2 hour(s), 9 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Delete on reboot.

  • 3 Contributors
  • 6 Replies
  • 86 Views
  • 19 Hours Discussion Span
  • Latest Post Latest Post by jholland1964

Recommended Answers

All 6 Replies

Member Avatar for techsheaven

This just means that you have to restart and they will be removed then. Run Malwarebytes again to make sure it is clean. Install an antivirus that can do a boot-time scan. Avast! Home (available from cnet) works well.

Member Avatar for jholland1964

Do as techsheaven instructed but Update MBA-M first. Always update before each scan. When it is complete and you have clicked the Remove Selected button then you MUST reboot. This is how MBA-M works.
Also do the following:
Uninstall the My Web Search option from Add/Remove Programs

1) Click on Start, Settings, Control Panel

2) Double click on Add/Remove Programs

3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* Search Assistant - My Way

4) Reboot your Computer and run HijackThis and post the MBA-M log and the HiJackThis log back here.

Member Avatar for techsheaven

Malwarebytes will likely have removed the registry keys for MyWebSearch. If you get an error when you try to uninstall, it is okay to remove from list (if you are asked).

Member Avatar for yellowdemon327

thanks for all the replies, but it actually took my hard drive to crash and for me to start up in safe mode for me to do anything. everytime i ran malwarebytes, deleted the problems and restarted, the infections were still there. in safe mode i ran spybot S&D and that seems to have taken care of the problem. thanks again for all help.

Member Avatar for techsheaven

Cool! Don't forget to mark the thread as solved.

Member Avatar for jholland1964

thanks for all the replies, but it actually took my hard drive to crash and for me to start up in safe mode for me to do anything. everytime i ran malwarebytes, deleted the problems and restarted, the infections were still there. in safe mode i ran spybot S&D and that seems to have taken care of the problem. thanks again for all help.

MBA-M is meant to be run in Normal Mode. It doesn't load all of it's drivers in Safe Mode. When a scan must be done in Safe Mode then afterwards the program must be updated and another Full Scan should be run in Normal Mode.
But if you feel this is solved, so be it. Mark it solved but then if the problem comes back then come back to this thread, request that it be marked unsolved and add to your information.
My concern is we have not seen a HijackThis log, we have not seen other logs and MyWebSearch is KNOWN to bring in other items. Just the fact that problems could not be removed leads me to believe there ARE other pieces of malware on there. MyWebSearch ALONE is not that difficult to remove.

Edited by jholland1964 because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.