Glad I could help - remember, Google is our friend!
JohnF.
"Marta" <(E-Mail Removed)> wrote in message
news:20aa01c51c2e$b2e54390$(E-Mail Removed)...
> Thank you John!!!
>
> You got it. It was step #11/12 below that did the trick.
> Steps 1-10 were all clean but I found the guid in
> HKCU\Software\Microsoft\Internet
> Explorer\Toolbar\WebBrowser. Removing it from that key
> solved it.
>
> BTW, I did a registy search of both of the guids and also
> found them in:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
> Explorer\ActiveX Compatibility\{014DA6C1-189F-421a-88CD-
> 07CFE51CFF10}
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
> Explorer\ActiveX Compatibility\{014DA6C9-189F-421a-88CD-
> 07CFE51CFF10}
>
> They don't seem to be causing any issues or alerts so I'm
> leaving them unless you recommend removing them.
>
> Thank you so much for sticking with me and helping me
> solve this issue. This has been puzzling me for a week
> and driving me crazy. I hate having an unsolved problem.
>
> Again, a big thank you.
>
> Marta
>
>>-----Original Message-----
>>Have you done this?
>>
>>1. Start the registry editor. This is done by clicking
> Start then Run. (The
>>Run dialog will appear.) Type regedit and click OK. (The
> registry editor
>>will open.)
>>
>>2. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \
> CLSID \
>>{014DA6C1-189F-421a-88CD-07CFE51CFF10}', if it exists.
>>
>>3. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \
> CLSID \
>>{014DA6C9-189F-421a-88CD-07CFE51CFF10}', if it exists.
>>
>>4. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
> Windows \
>>CurrentVersion \ Explorer \ Browser Helper Objects \
>>{014DA6C1-189F-421a-88CD-07CFE51CFF10}', if it exists.
>>
>>5. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
> Windows \
>>CurrentVersion \ Explorer \ Browser Helper Objects \
>>{014DA6C9-189F-421a-88CD-07CFE51CFF10}', if it exists.
>>
>>6. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
> Windows \
>>CurrentVersion \ Uninstall \ My Search Uninstall \
> DisplayName', if it
>>exists.
>>
>>7. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
> Windows \
>>CurrentVersion \ Uninstall \ My Way Speedbar Uninstall \
> DisplayName', if it
>>exists.
>>
>>8. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \
> Windows \
>>CurrentVersion \ Uninstall \ MyWaySearchAssistant \
> DisplayName', if it
>>exists.
>>
>>9. Browse to the key:
>>'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet
> Explorer \ Toolbar'
>>
>>10. In the right pane, delete the value called
>>{014DA6C9-189F-421a-88CD-07CFE51CFF10}, if it exists.
>>
>>11. Browse to the key:
>>'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet
> Explorer \ Toolbar \
>>WebBrowser'
>>
>>12. In the right pane, delete the value called
>>{014DA6C9-189F-421a-88CD-07CFE51CFF10}, if it exists.
>>
>>13. Exit the registry editor.
>>
>>14. Restart your computer.
>>
>>15. Delete the following folders:
>>%ProgramsDir%\MySearch\
>>%ProgramsDir%\MyWay\
>>Note: %ProgramsDir% is a variable (?). By default, this
> is C:\Program Files.
>>
>>16. Start Microsoft Internet Explorer.
>>
>>17. In Internet Explorer, click Tools -> Internet
> Options.
>>
>>18. Click the Programs tab -> Reset Web Settings.
>>
>>
>>JohnF.
>>
>>
>>
>>
>><(E-Mail Removed)> wrote in message
>>news:1f0801c51bbf$8a9ac730$(E-Mail Removed)...
>>> Thanks John. I had already disabled System Restore. I
>>> have run CleanUp! to clean out the temp and I also
>>> manually checked and emptied those folders. I've run a
>>> couple scans in Safe mode and everything scans clean.
>>> I've loaded Spyware Blaster. But I still get this pop-
> up
>>> from MAS.
>>>
>>> I can't seem to find any information about this
> specific
>>> search bar so I don't know where else to look. It
> almost
>>> seems as if it is a bad alert from MAS.
>>>
>>>>-----Original Message-----
>>>>You will have to disable System Restore to dump the
>>> registry entries of the
>>>>trojans that got on there earlier, then you will have
> to
>>> clean out all your
>>>>temp files in each account, temp under Docs and
>>> settings/UserX, the temp
>>>>internet files, and also the temp under c:\windows or
>>> Winnt which ever you
>>>>have.
>>>>
>>>>Run the cleaners in safe mode after you dump all that
>>> and I would install
>>>>SpywareBlaster from Javacool Software just as an added
>>> measure. be sure to
>>>>update it and then set it to protect for everything.
>>>>
>>>>JohnF.
>>>>
>>>>
>>>>"Marta" <(E-Mail Removed)> wrote in
>>> message
>>>>news:07f201c51b7e$e00d89a0$(E-Mail Removed)...
>>>>>I got hit by a couple of different trojans and spyware
>>>>> last week. Zserv, Ezula, Begin2search, spyware.jmzxm
> to
>>>>> name a few. I used Hijackthis to clean up the
> registry
>>>>> and scanned MAS, Ad-Aware and Norton to remove all
>>>>> vermin. I have two accounts on this machine. I have
>>>>> booted into safe mode and scanned with the three
> tools
>>> on
>>>>> both user accounts. All scans in safe mode are
> finding
>>>>> nothing.
>>>>>
>>>>> But everything I logon to userM after logging off
>>> userG,
>>>>> I get an alert from MAS saying that it has allowed
>>>>> navshext.dll to make changes in a green pop-up
> followed
>>>>> by a red pop-up saying that My Search Bar browser
> Plug-
>>> in
>>>>> is trying to install. I always ask MAS to remove it.
>>> But
>>>>> I can't find where it keeps coming back from. Hijack
>>> log
>>>>> is clean. MAS, AD-Aware and Norton say I'm clean.
>>>>>
>>>>> Any clues as to find out where this is coming from?
> Any
>>>>> logs I can look at? Any source for information on My
>>>>> Search Bar plug-in.
>>>>>
>>>>> Thanks!
>>>>
>>>>
>>>>.
>>>>
>>
>>
>>.
>>
|
Similar Threads
