HiJackThis log

[TeddyGal]

If you see something significant showing up in the log can you please tell me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:15 PM, on 12/4/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MyWebSearch\bar\d.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\d.bin\MWSOEMON.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\HP\HP Software Update\HPWUCli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\d.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\d.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\d.bin\MWSBAR.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\d.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\d.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\d.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[TeddyGal]

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=6"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3110149626-1531363465-549697862-1013\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'lala')
O4 - HKUS\S-1-5-21-3110149626-1531363465-549697862-1013\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=6" (User 'lala')
O4 - HKUS\S-1-5-18\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwssvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11537 bytes

[Pondus]

Are you running Avast antivirus?

[DarkLegend]

Did you install mywebsearch on your own? If not you need to remove it.

see This


Removal of :

C:\Program Files\MyWebSearch\bar\d.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\d.bin\MWSOEMON.EXE

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\d.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\d.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\d.bin\MWSBAR.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\d.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\d.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\d.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe (User 'Default user')
O8 - Extra context menu item: &Search - hxxp://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128YYUS
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwssvc.exe

It would also be recommended to check control panel to see if it is installed and remove it. then re run hijack this to see if any of the entries are gone and remove the remaining ones. However, Its debated that MWS(MyWebSearch) is safe as long as YOU installed it. I disagree and consider it malware.


P.S. Please remove the  entries : O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"hxxp://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=6"

and

O4 - HKUS\S-1-5-21-3110149626-1531363465-549697862-1013\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"hxxp://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=6" (User 'lala')

As zwinky is a malicious website and it appears it hijacked the above entry (the -"hxxp://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=6") is an indication that its redirecting to zwinky.

See the below results for zwinky.(Which installs MyWebSearch)

Result 1

Result 2(See comments on the right)

Result 3

P.S.S. If removing the above two entries (for zwinky) cause your adobe shockwave to stop working you may re-download and re-install it from Here

[Pondus]

I can not see any Avast files, and this is a Avast forum.....

I see files from Norton anti virus and TrendMicro firewall, If you are running Norton Internet security you already have a firewall and should remove Trend as running multiple firewalls can create mysterious windows errors

You also have Malwarebytes Antimalware, update it and run a quick scan, and click "remove selected" to quarantine anything found

This HijackThis auto analyze indicate that you may have some bugs
http://www.hijackthis.de/#anl

[DarkLegend]

It's ok Pondus. Not all of the people that come here (for help or not) use avast. I still don't mind helping someone out if I am able to.

@TeddyGal

Please see my above post

[Pondus]

It's ok Pondus. Not all of the people that come here (for help or not) use avast. I still don't mind helping someone out if I am able to.

Didn't i help.......

[DarkLegend]

@Pondus

That wasn't what I was saying at all =( and yes.

@TeddyGal

After you make the pending changes / advice given from pondus and myself please post back here with any other information (New HJT,MBAM logs, etc.)

Hope we can and did help

[YoKenny]

Vista SP1 jas been available since April 15, 2008
http://technet.microsoft.com/en-us/windows/bb738089.aspx

Vista SP2 has been available since May 25 2009
http://www.microsoft.com/downloads/details.aspx?FamilyID=a4dd31d5-f907-4406-9012-a5c3199ea2b3&displaylang=en

You need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don't automatically download or install them.

IE8 is more secure than IE7 and has a lot better performance:
http://www.microsoft.com/windows/Internet-explorer/default.aspx

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

[TeddyGal]

Thanks Pondus and Dark Legend, @Dark Legend..I couldn't find

O4 - HKUS\S-1-5-21-3110149626-1531363465-549697862-1013\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"hxxp://edits.zwinky.com/zwinky-world/GamePlayer/play.jhtml?gameID=6" (User 'lala')

Is that ok?

[DarkLegend]

Did you remove the others? As it is possible it was auto-removed if it was dependent on some of the other entries.To answer your question , if it's gone then you should be ok..I don't think it would be hiding (I don't see how it would anyway).

But you can go ahead and re-run HJT and produce new logs for us to take a look at you have done everything else.

If you re-post with your new HJT,MBAM and other logs go ahead and save the log (.txt) to an easily accessible location and in a new response to this thread click "additional options" at the bottom left and under the "attach" button find those logs and upload them here and hit post.

If you can't do it this way then you can go ahead and just copy and paste the logs here.

But only generate new logs for us to take a look at after you have fixed everything else. Like doing MBAM and other scans that have been recommended. That also gives others to look through the existing ones and pick out the stuff I may have missed .

I also missed one it seems...

Please remove   O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab  

(I replaced the http address with hxxp as it is a malicious download.)

and ANY indications of the above file. It is being flagged by many AV's as malware(Trojans,spyware,adware etc.) and / or potentially unwanted or dangerous.

You may see the below scans of the above file (i went to it and downloaded and scanned the file.)

Virus Total Result for ZwinkyInitialSetup
Jotti Malware Scan Result for Zwinky

You may visit Virus Total and Jotti Malware Scan to upload and scan any files you deem suspicious. It scans the file with 40 other anti-viruses. This gives you a greater understanding of whether or not a file is malicious or safe.

P.S. No problem, Glad I could help .

[TeddyGal]

Sorry for the late reply, I have been a little busy..I attached the log.

[.: L' arc :.]

Please proceed to to this in Safe Mode:

1   Press Windows Key + R
2   Type in: appwiz.cpl
3   Uninstall every instaces of those with the keyword: MyWebSearch, Search Assistant - My Way or My Way Speedbar. If you fond some other
     installation entries that you find suspicious or related to My Web, proceed to uninstall.
4   Please post another HJT log.

[TeddyGal]

My log is attached.

[.: L' arc :.]

Thank you for following the first steps. Now, please reopen hijack this and select Do a system scan only. Then put a check beside this items:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\d.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\d.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\d.bin\MWSBAR.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\d.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\d.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\d.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe
O4 - HKUS\S-1-5-18\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm128YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1 .0.1.1.cab
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwssvc.exe

Afterwards, reboot into Safe Mode and delete this folder:
C:\Program Files\MyWebSearch

Post a new HJT log.