Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > hijackthis log

Reply
Thread Tools

hijackthis log

 
 
marie aitken
Guest
Posts: n/a
 
      09-04-2004
the site that hijacks is apparently called 'www.htpointer' ....
i cant see it in this log... can anyone help
spot the problem ....


 
Reply With Quote
 
 
 
 
marie aitken
Guest
Posts: n/a
 
      09-04-2004
perhaps i should include it rather than attach it...

Logfile of HijackThis v1.97.7
Scan saved at 16:53:26, on 04/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mediaplayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Program Files\winbas12.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\System32\pcprbd.exe
C:\WINDOWS\System32\winamp.exe
C:\windows\system32\msdmxm.exe
C:\WINDOWS\System32\srss.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\system32\sp2ctr.exe
C:\windows\system32\khybxsoz.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\blueyonder IST\bin\mad.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Documents and Settings\marie\Local Settings\Temp\Temporary Directory 1
for hijack.zip\HijackThis.exe

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} -
C:\Program Files\TV Media\TvmBho.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
sitefinder.verisign.com
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} -
C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} -
C:\WINDOWS\System32\ATPartners.dll
O2 - BHO: MyWebSearch Search Assistant BHO -
{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program
Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} -
C:\WINDOWS\GPalm.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} -
C:\WINDOWS\GPalm.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Microsoft Windows Media Player] mediaplayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common
files\updater\wupdater.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [baafxxugh] C:\WINDOWS\System32\pcprbd.exe
O4 - HKLM\..\Run: [Winamp] winamp.exe
O4 - HKLM\..\Run: [Msdmxm] c:\windows\system32\msdmxm.exe /nocomm
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [Microsoft IT Updated] srss.exe
O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
O4 - HKLM\..\Run: [Advanced Tools Check]
C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [KHYBXSOZ] c:\windows\system32\khybxsoz.exe /install
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Media Player] mediaplayer.exe
O4 - HKLM\..\RunServices: [Winamp] winamp.exe
O4 - HKLM\..\RunServices: [Microsoft IT Updated] srss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [Microsoft Windows Media Player] mediaplayer.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Microsoft IT Updated] srss.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program
Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program
Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program
Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZNxdm398
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) -
http://www.thepaymentcentre.com/build/vxiewer.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache...aniaInitialSet
up1.0.0.8.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
http://akamai.downloadv3.com/binarie...hv32_EN_XP.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
http://v4.windowsupdate.microsoft.co...B?38174.519432
8704
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) -
http://204.177.92.201/quickdl/livevideo/NSupd9x.cab


"marie aitken" <(E-Mail Removed)> wrote in message
news:EEl_c.135279$(E-Mail Removed) .uk...
>
> "marie aitken" <(E-Mail Removed)> wrote in message
> news:9Bl_c.135257$(E-Mail Removed) .uk...
> > the site that hijacks is apparently called 'www.htpointer' ....
> > i cant see it in this log... can anyone help
> > spot the problem ....
> >
> >

>
>
>



 
Reply With Quote
 
 
 
 
Tech Guy
Guest
Posts: n/a
 
      09-04-2004
MWSOEMON.EXE - MyWebSearch Spyware
Mwsoemon.exe installs with a newer variant of the MyWebSearch spyware
program. Generally, a browser helper ojbect called mwsbar.dll will install
at the same time.The toolbar does add search features but the search results
you see will be hijacked to mywebsearch.com.

MWSOEMON shown on the task manager ( Press Ctrl-Alt-Del ), then try to end
the task of the process mwsoemon.

Uninstall Myway MySpeedbar from Control Panel> Add/Remove programs. It
might be called 'My Search Bar', 'MyWay Speed Bar' or 'My Web Search Bar',
Click 'Remove' for what you find. Also remove 'Fun Web Products Easy
Installer' if it is present.

If not you can remove them manually by running Regedit and find MWSOEMON and
delete the key.

Restart computer and Find/Delete MWSOEMON.EXE.

Quite a few others there but I'm just about to hit the local .. If your
still having problems ..let us know

--
The Internet Cafe
http://www.thetechguys.co.uk/

"marie aitken" <(E-Mail Removed)> wrote in message
news:YIl_c.135307$(E-Mail Removed). uk...
> perhaps i should include it rather than attach it...
>
> Logfile of HijackThis v1.97.7
> Scan saved at 16:53:26, on 04/09/2004
> Platform: Windows XP (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 (6.00.2600.0000)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\Explorer.EXE
> C:\WINDOWS\System32\mediaplayer.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
> C:\Program Files\winbas12.exe
> C:\Program Files\Common files\updater\wupdater.exe
> C:\WINDOWS\System32\pcprbd.exe
> C:\WINDOWS\System32\winamp.exe
> C:\windows\system32\msdmxm.exe
> C:\WINDOWS\System32\srss.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\windows\system32\sp2ctr.exe
> C:\windows\system32\khybxsoz.exe
> C:\WINDOWS\System32\ctfmon.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\Program Files\blueyonder IST\bin\mad.exe
> C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
> C:\Program Files\blueyonder IST\bin\mpbtn.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
> C:\Program Files\Norton AntiVirus\SAVScan.exe
> C:\WINDOWS\System32\devldr32.exe
> C:\Program Files\Norton AntiVirus\OPScan.exe
> C:\Documents and Settings\marie\Local Settings\Temp\Temporary Directory 1
> for hijack.zip\HijackThis.exe
>
> R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} -
> C:\Program Files\TV Media\TvmBho.dll
> O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209
> sitefinder.verisign.com
> O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} -
> C:\WINDOWS\bi.dll
> O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} -
> C:\WINDOWS\System32\ATPartners.dll
> O2 - BHO: MyWebSearch Search Assistant BHO -
> {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program
> Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
> O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program
> Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
> O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
> C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
> O2 - BHO: (no name) - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} -
> C:\WINDOWS\GPalm.dll
> O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
> Files\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
> C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
> C:\WINDOWS\System32\msdxm.ocx
> O3 - Toolbar: Band Class - {8272B062-BD4D-4EAD-A149-45B3CE3F5CDA} -
> C:\WINDOWS\GPalm.dll
> O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
> C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> C:\Program Files\Norton AntiVirus\NavShExt.dll
> O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
> O4 - HKLM\..\Run: [Microsoft Windows Media Player] mediaplayer.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [MyWebSearch Email Plugin]
> C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
> O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
> O4 - HKLM\..\Run: [updater] C:\Program Files\Common
> files\updater\wupdater.exe
> O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
> O4 - HKLM\..\Run: [baafxxugh] C:\WINDOWS\System32\pcprbd.exe
> O4 - HKLM\..\Run: [Winamp] winamp.exe
> O4 - HKLM\..\Run: [Msdmxm] c:\windows\system32\msdmxm.exe /nocomm
> O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
> O4 - HKLM\..\Run: [Microsoft IT Updated] srss.exe
> O4 - HKLM\..\Run: [GreasyPalmUpdate] C:\WINDOWS\GreasyPalmUpdate.exe
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
> O4 - HKLM\..\Run: [Advanced Tools Check]
> C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
> O4 - HKLM\..\Run: [KHYBXSOZ] c:\windows\system32\khybxsoz.exe /install
> O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
> O4 - HKLM\..\RunServices: [Microsoft Windows Media Player] mediaplayer.exe
> O4 - HKLM\..\RunServices: [Winamp] winamp.exe
> O4 - HKLM\..\RunServices: [Microsoft IT Updated] srss.exe
> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
> O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
> /background
> O4 - HKCU\..\Run: [Microsoft Windows Media Player] mediaplayer.exe
> O4 - HKCU\..\Run: [MyWebSearch Email Plugin]
> C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
> O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
> O4 - HKCU\..\Run: [Microsoft IT Updated] srss.exe
> O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program
> Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
> O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program
> Files\blueyonder IST\bin\matcli.exe
> O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program
> Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
> O8 - Extra context menu item: &Search -
> http://bar.mywebsearch.com/menusearch.html?p=ZNxdm398
> O9 - Extra button: Related (HKLM)
> O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
> O9 - Extra button: Messenger (HKLM)
> O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
> O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) -
> http://www.thepaymentcentre.com/build/vxiewer.cab
> O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
> Control) -

http://download.macromedia.com/pub/s...irector/sw.cab
> O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
>

http://ak.imgfarm.com/images/nocache...aniaInitialSet
> up1.0.0.8.cab
> O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} -
> http://akamai.downloadv3.com/binarie...hv32_EN_XP.cab
> O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
>

http://v4.windowsupdate.microsoft.co...B?38174.519432
> 8704
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -
> http://download.macromedia.com/pub/s...sh/swflash.cab
> O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl

Class) -
> http://204.177.92.201/quickdl/livevideo/NSupd9x.cab
>
>
> "marie aitken" <(E-Mail Removed)> wrote in message
> news:EEl_c.135279$(E-Mail Removed) .uk...
> >
> > "marie aitken" <(E-Mail Removed)> wrote in message
> > news:9Bl_c.135257$(E-Mail Removed) .uk...
> > > the site that hijacks is apparently called 'www.htpointer' ....
> > > i cant see it in this log... can anyone help
> > > spot the problem ....
> > >
> > >

> >
> >
> >

>
>



 
Reply With Quote
 
marie aitken
Guest
Posts: n/a
 
      09-05-2004

"Tech Guy" <(E-Mail Removed)> wrote in message
news6m_c.112233$(E-Mail Removed) .uk...
> MWSOEMON.EXE - MyWebSearch Spyware
> Mwsoemon.exe installs with a newer variant of the MyWebSearch spyware
> program. Generally, a browser helper ojbect called mwsbar.dll will install
> at the same time.The toolbar does add search features but the search

results
> you see will be hijacked to mywebsearch.com.
>
> MWSOEMON shown on the task manager ( Press Ctrl-Alt-Del ), then try to end
> the task of the process mwsoemon.
>
> Uninstall Myway MySpeedbar from Control Panel> Add/Remove programs. It
> might be called 'My Search Bar', 'MyWay Speed Bar' or 'My Web Search Bar',
> Click 'Remove' for what you find. Also remove 'Fun Web Products Easy
> Installer' if it is present.
>

did above ....which stopped it going directly yo the xxx site
.... we get blueyonder homepage... but the xxx site appears
in the task bar... and grabs any browser link after that

> If not you can remove them manually by running Regedit and find MWSOEMON

and
> delete the key.


can you send me regedit... i cant use my browser to
get it myself...'MWSOEMON' is not found in search...
and i've removed 'mywebsearch' from progran list



 
Reply With Quote
 
samuel
Guest
Posts: n/a
 
      09-05-2004
"marie aitken" <(E-Mail Removed)> wrote in
news:ewH_c.146911$(E-Mail Removed) .uk:

>
> "Tech Guy" <(E-Mail Removed)> wrote in message
> news6m_c.112233$(E-Mail Removed) .uk...
>> MWSOEMON.EXE - MyWebSearch Spyware
>> Mwsoemon.exe installs with a newer variant of the MyWebSearch
>> spyware program. Generally, a browser helper ojbect called
>> mwsbar.dll will install at the same time.The toolbar does add
>> search features but the search results you see will be hijacked
>> to mywebsearch.com.
>>
>> MWSOEMON shown on the task manager ( Press Ctrl-Alt-Del ), then
>> try to end the task of the process mwsoemon.
>>
>> Uninstall Myway MySpeedbar from Control Panel> Add/Remove
>> programs. It might be called 'My Search Bar', 'MyWay Speed Bar'
>> or 'My Web Search Bar', Click 'Remove' for what you find. Also
>> remove 'Fun Web Products Easy Installer' if it is present.
>>

> did above ....which stopped it going directly yo the xxx site
> .... we get blueyonder homepage... but the xxx site appears
> in the task bar... and grabs any browser link after that
>
>> If not you can remove them manually by running Regedit and find
>> MWSOEMON and delete the key.

>
> can you send me regedit... i cant use my browser to
> get it myself...'MWSOEMON' is not found in search...
> and i've removed 'mywebsearch' from progran list


click start
clink run
type in regedit

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with Hijackthis!! LOG Warren Briggs Computer Support 2 06-09-2004 02:16 PM
HijackThis help . . . not log file . . . Help nik_marquise Computer Support 1 06-07-2004 11:56 PM
HijackThis log - what do I fix? Mr. Wood Computer Support 6 05-30-2004 05:20 PM
Help with HijackThis! Log ~*Eternity*~ Computer Support 8 05-15-2004 01:06 AM
HijackThis Log UnderDog Computer Support 5 05-08-2004 10:48 PM



Advertisments