AllExperts > Computer Security & Viruses 
Search      
Computer Security & Viruses
Volunteer
Answers to thousands of questions
 Home · More Computer Security & Viruses Questions · Answer Library  · Encyclopedia ·
More Computer Security & Viruses Answers
Question Library

Ask a question about Computer Security & Viruses
Volunteer
Experts of the Month
Expert Login

Awards

About Us
Tell friends
Link to Us
Disclaimer

 
 
 
 
About Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (including Vista) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over a thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributer of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

 
   

You are here:  Experts > Computing/Technology > Internet/Network Security > Computer Security & Viruses > hijacker?

Computer Security & Viruses - hijacker?

Expert: Brian Benosky - 9/21/2008

Question
QUESTION: hi. for the past couple of weeks, ive been having error messages and warnings coming up and closing my browser down.  the first message is after trying to browse, everything just freezes and a message comes up that says "ie has encountered a problem and has to close".  i click "close" and it goes down.  i wait a few seconds and bring it back up and its real slow coming up.  and sometimes, lately, i get "cannot find page" and half to go back or "X" out and bring it back up to get it to work.  the another message i was getting was "object expected" when browsing music on Yahoo Launchcast.  but, with that i just reset my windows and it stopped.  i noticed a week ago while bring up any page, whether i am just starting or going to another page, i am getting "waiting for about: blank..".  that is what holds up my pages coming up.  i went to a couple of sites and fund out it is a hijacker and another form of "coolwebsearch".  but i couldnt find any easy fix.  i id get hijackthis before i even tried on here.  this is the log:

Logfile of HijackThis v1.99.1
Scan saved at 10:54:27 PM, on 9/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program Filesagicommonagservice.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32atiptaxx.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesKiwee Toolbar22.6.156kwtbaim.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesPicasa2PicasaMediaDetector.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesWindows LiveMessengerMsnMsgr.Exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:Program FilesAWSWeatherBugWeather.exe
C:Program FilesMySpaceIMMySpaceIM.exe
C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe
C:Program FilesAdobe Media PlayerAdobe Media Player.exe
C:WINDOWSsystem32devldr32.exe
C:Program FilesOpenOffice.org 2.4programsoffice.exe
C:Program FilesOpenOffice.org 2.4programsoffice.BIN
C:Program FilesMySpaceIMMySpaceIM.exe
C:Program FilesWindows LiveMessengerusnsvc.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesHijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:Program Filesagicommon_agcutils.pyd
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:Program FilesKiwee Toolbar22.6.156KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpn0yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:Program FilesKiwee Toolbar22.6.156KiweeIEToolbar.dll
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [AtiPTA] atiptaxx.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [KiweeHook] "C:Program FilesKiwee Toolbar22.6.156kwtbaim.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKCU..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Messenger (Yahoo!)] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [Weather] C:Program FilesAWSWeatherBugWeather.exe 1
O4 - HKCU..Run: [ZVolume] C:Program FilesWindows Media PlayerSample PlaylistsZVolume ProZVolume.exe
O4 - HKCU..Run: [MySpaceIM] C:Program FilesMySpaceIMMySpaceIM.exe
O4 - HKCU..Run: [EasyLinkAdvisor] "C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe" /startup
O4 - Startup: Adobe Media Player.lnk = C:Program FilesAdobe Media PlayerAdobe Media Player.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:Program FilesOpenOffice.org 2.4programquickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_2/mjolauncher.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl....
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/games/DinerDashFloGo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/insaniquarium/popcaploader_v6.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLaunche...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WINDOW~4MESSEN~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WINDOW~4MESSEN~1MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:Program Filesagicommonagservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

a while back (maybe a month ago) i got this on my desktop:

# An unexpected error has been detected by Java Runtime Environment:
#
#  EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x72710004, pid=976, tid=1368
#
# Java VM: Java HotSpot(TM) Client VM (10.0-b23 mixed mode windows-x86)
# Problematic frame:
# C  0x72710004
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

---------------  T H R E A D  ---------------

Current thread (0x02c30000):  JavaThread "AWT-Windows" daemon [_thread_in_native, id=1368, stack(0x13e90000,0x13f90000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x72710004

Registers:
EAX=0x02c7fee0, EBX=0x02d5d6a0, ECX=0x02d5d6a0, EDX=0x00000201
ESP=0x13f8f958, EBP=0x02d61fb8, ESI=0x02d61fb8, EDI=0x7c81126a
EIP=0x72710004, EFLAGS=0x00010246

Top of Stack: (sp=0x13f8f958)
0x13f8f958:   6d0755d6 00000201 00000001 01020175
0x13f8f968:   02d5d6a0 6d0704ce 02d61fb8 00000000
0x13f8f978:   00000000 00009808 6d07c2e9 02d61fb8
0x13f8f988:   00000000 13f8fa54 00930482 13f8f9ec
0x13f8f998:   00000000 00000001 00930482 00000000
0x13f8f9a8:   13f8f99c 00000000 02c300f4 13f8f9e0
0x13f8f9b8:   6d0b4d08 00000000 6d073718 00009808
0x13f8f9c8:   00000000 02d61fb8 13f8fa54 6d0736c0

Instructions: (pc=0x72710004)
0x7270fff4:   
[error occurred during error reporting (printing registers, top of stack, instructions near pc), id 0xc0000005]

Stack: [0x13e90000,0x13f90000],  sp=0x13f8f958,  free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  0x72710004

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
v  ~BufferBlob::Interpreter
v  ~BufferBlob::Interpreter
v  ~BufferBlob::Interpreter
v  ~BufferBlob::StubRoutines (1)

---------------  P R O C E S S  ---------------

Java Threads: ( => current thread )
 0x02d5c400 JavaThread "Thread-735" [_thread_blocked, id=3716, stack(0x11390000,0x11490000)]
 0x02cfb800 JavaThread "Thread-734" [_thread_blocked, id=2444, stack(0x077e0000,0x078e0000)]
 0x02d31400 JavaThread "Direct Clip" daemon [_thread_blocked, id=2100, stack(0x11090000,0x11190000)]
 0x02cdf800 JavaThread "Direct Clip" daemon [_thread_blocked, id=424, stack(0x0e740000,0x0e840000)]
 0x02dce800 JavaThread "framethread" [_thread_blocked, id=3808, stack(0x01700000,0x01800000)]
 0x14ca3400 JavaThread "Thread-196" [_thread_in_native, id=2192, stack(0x00ac0000,0x00bc0000)]
 0x02e0ec00 JavaThread "Image Animator 0" daemon [_thread_blocked, id=3132, stack(0x221a0000,0x222a0000)]
 0x02c79400 JavaThread "pool-cue-timer" daemon [_thread_blocked, id=1888, stack(0x21ea0000,0x21fa0000)]
 0x02d7bc00 JavaThread "pool-call-timer" daemon [_thread_blocked, id=3092, stack(0x21da0000,0x21ea0000)]
 0x02d7b000 JavaThread "pool-jackpot-increment-timer" daemon [_thread_blocked, id=1788, stack(0x21ca0000,0x21da0000)]
 0x02d65c00 JavaThread "RunnableQueueThread:Thread-55" [_thread_blocked, id=1892, stack(0x1e9b0000,0x1eab0000)]
 0x02be7400 JavaThread "RunnableQueueThread:Thread-54" [_thread_blocked, id=148, stack(0x1e8b0000,0x1e9b0000)]
 0x02be5400 JavaThread "RunnableQueueThread:Thread-53" [_thread_blocked, id=1708, stack(0x1e5c0000,0x1e6c0000)]
 0x02ce6400 JavaThread "RunnableQueueThread:Thread-52" [_thread_blocked, id=3888, stack(0x1e4c0000,0x1e5c0000)]
 0x02ce5800 JavaThread "InvalQueue-com.pogo.ui2.awt.o[panel7,0,0,189x402,layout=com.pogo.ui2.awt.d]-com.pogo.game.client.pool2.o" daemon [_thread_blocked, id=396, stack(0x1e3c0000,0x1e4c0000)]
 0x14cbc000 JavaThread "TextField" daemon [_thread_blocked, id=672, stack(0x1e210000,0x1e310000)]
 0x14cbb400 JavaThread "ScrollBar" daemon [_thread_blocked, id=3992, stack(0x1dec0000,0x1dfc0000)]
 0x14cba800 JavaThread "ScrollBar" daemon [_thread_blocked, id=4000, stack(0x1ddc0000,0x1dec0000)]
 0x02dd7c00 JavaThread "TickTimer" daemon [_thread_blocked, id=3508, stack(0x1dcc0000,0x1ddc0000)]
 0x02bf5800 JavaThread "ScrollBar" daemon [_thread_blocked, id=2724, stack(0x10f90000,0x11090000)]
 0x02e2bc00 JavaThread "Client" [_thread_in_native, id=2928, stack(0x1dbc0000,0x1dcc0000)]
 0x02d5a000 JavaThread "Pinger" [_thread_blocked, id=2548, stack(0x1dac0000,0x1dbc0000)]
 0x02d59400 JavaThread "RunnableQueueThread:Thread-48" [_thread_blocked, id=4008, stack(0x1d8c0000,0x1d9c0000)]
 0x02d5cc00 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=1988, stack(0x1d7c0000,0x1d8c0000)]
 0x02d47400 JavaThread "Thread-46" daemon [_thread_blocked, id=3980, stack(0x1d5c0000,0x1d6c0000)]
 0x02d46400 JavaThread "Thread-44" daemon [_thread_blocked, id=2772, stack(0x1d4c0000,0x1d5c0000)]
 0x02e49400 JavaThread "Direct Clip" daemon [_thread_blocked, id=980, stack(0x1d3c0000,0x1d4c0000)]
 0x02e48800 JavaThread "Thread-43" daemon [_thread_blocked, id=1864, stack(0x1d1c0000,0x1d2c0000)]
 0x02d3c000 JavaThread "ClockTicker" daemon [_thread_blocked, id=3668, stack(0x1d010000,0x1d110000)]
 0x14c8f400 JavaThread "ScrollbarButtonRepeater" daemon [_thread_blocked, id=3204, stack(0x11690000,0x11790000)]
 0x02cf9800 JavaThread "TextFieldCaretBlinker" daemon [_thread_blocked, id=3384, stack(0x11490000,0x11590000)]
 0x02d72c00 JavaThread "thread applet-com.pogo.game.client.pool2.PoolApplet" [_thread_blocked, id=4076, stack(0x10960000,0x10a60000)]
 0x02cfe800 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet" [_thread_blocked, id=3328, stack(0x10e90000,0x10f90000)]
 0x02c08800 JavaThread "Thread-32" [_thread_in_native, id=2456, stack(0x1a8b0000,0x1a9b0000)]
 0x02d8e400 JavaThread "TextField" daemon [_thread_blocked, id=2116, stack(0x13d90000,0x13e90000)]
 0x02cf0800 JavaThread "TickTimer" daemon [_thread_blocked, id=3984, stack(0x17e50000,0x17f50000)]
 0x02d69c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=3860, stack(0x18e50000,0x18f50000)]
 0x14b02800 JavaThread "InvalQueue-com.pogo.ui2.awt.o[panel3,0,0,458x276,invalid]-ClientApplet-GamePanel" daemon [_thread_blocked, id=3200, stack(0x18d50000,0x18e50000)]
 0x02e19800 JavaThread "TextField" daemon [_thread_blocked, id=3168, stack(0x18c50000,0x18d50000)]
 0x02e05400 JavaThread "ScrollBar" daemon [_thread_blocked, id=3784, stack(0x18b50000,0x18c50000)]
 0x02bbd400 JavaThread "TickTimer" daemon [_thread_blocked, id=1004, stack(0x18a50000,0x18b50000)]
 0x02d40c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=884, stack(0x18950000,0x18a50000)]
 0x14b24800 JavaThread "BadgeStorage" daemon [_thread_blocked, id=3840, stack(0x18850000,0x18950000)]
 0x14b24400 JavaThread "InvalQueue-com.pogo.ui2.awt.o[panel2,0,276,458x127,invalid,layout=com.pogo.ui2.awt.d]-ClientApplet-ChatPanel" daemon [_thread_blocked, id=2688, stack(0x18750000,0x18850000)]
 0x02cbc800 JavaThread "Image Animator 2" daemon [_thread_blocked, id=4088, stack(0x18650000,0x18750000)]
 0x02cb7800 JavaThread "Image Animator 0" daemon [_thread_blocked, id=3468, stack(0x17d50000,0x17e50000)]
 0x02cebc00 JavaThread "SocketConnection" daemon [_thread_in_native, id=3796, stack(0x18450000,0x18550000)]
 0x02cbd800 JavaThread "Applet-EventThread" daemon [_thread_blocked, id=3876, stack(0x18350000,0x18450000)]
 0x02ced800 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=2716, stack(0x18150000,0x18250000)]
 0x02bdf800 JavaThread "Direct Clip" daemon [_thread_blocked, id=3020, stack(0x17c50000,0x17d50000)]
 0x02c03400 JavaThread "Thread-25" daemon [_thread_blocked, id=2020, stack(0x17850000,0x17950000)]
 0x02cc0400 JavaThread "Thread-24" daemon [_thread_blocked, id=3460, stack(0x15650000,0x15750000)]
 0x02bdd400 JavaThread "Thread-23" daemon [_thread_blocked, id=4012, stack(0x15550000,0x15650000)]
 0x02bfc400 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3524, stack(0x15450000,0x15550000)]
 0x02afbc00 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=2144, stack(0x0c530000,0x0c630000)]
 0x02e2ac00 JavaThread "thread applet-com.pogo.game.client.pool2.PoolTableApplet" [_thread_blocked, id=3588, stack(0x0c890000,0x0c990000)]
 0x02bc7400 JavaThread "AWT-EventQueue-4" [_thread_in_native, id=2096, stack(0x0c790000,0x0c890000)]
 0x02be4c00 JavaThread "AWT-Shutdown" [_thread_blocked, id=2420, stack(0x0c690000,0x0c790000)]
 0x02c0dc00 JavaThread "Thread-18" [_thread_in_native, id=3900, stack(0x10180000,0x10280000)]
 0x02c45800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=2620, stack(0x14190000,0x14290000)]
 0x02c5b800 JavaThread "CacheMemoryCleanUpThread" [_thread_blocked, id=2504, stack(0x14090000,0x14190000)]
 0x02c3b000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3464, stack(0x13f90000,0x14090000)]
=>0x02c30000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=1368, stack(0x13e90000,0x13f90000)]
 0x02c2c800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=3052, stack(0x13c90000,0x13d90000)]
 0x02b9b800 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2748, stack(0x13a90000,0x13b90000)]
 0x02b8d800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=3056, stack(0x13990000,0x13a90000)]
 0x02b8c800 JavaThread "Attach Listener" daemon [_thread_blocked, id=3884, stack(0x13890000,0x13990000)]
 0x02b8bc00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2880, stack(0x13790000,0x13890000)]
 0x02b7e000 JavaThread "Finalizer" daemon [_thread_blocked, id=3216, stack(0x10560000,0x10660000)]
 0x02b79c00 JavaThread "Reference Handler" daemon [_thread_blocked, id=212, stack(0x0f8c0000,0x0f9c0000)]

Other Threads:
 0x02b75400 VMThread [stack: 0x0de30000,0x0df30000] [id=3176]
 0x02b9cc00 WatcherThread [stack: 0x13b90000,0x13c90000] [id=4032]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation   total 2240K, used 1204K [0x325e0000, 0x32840000, 0x32d40000)
 eden space 2048K,  56% used [0x325e0000, 0x32702008, 0x327e0000)
 from space 192K,  23% used [0x32810000, 0x3281b260, 0x32840000)
 to   space 192K,   0% used [0x327e0000, 0x327e0000, 0x32810000)
tenured generation   total 27700K, used 15371K [0x32d40000, 0x3484d000, 0x385e0000)
  the space 27700K,  55% used [0x32d40000, 0x33c42f88, 0x33c43000, 0x3484d000)
compacting perm gen  total 12288K, used 11370K [0x385e0000, 0x391e0000, 0x3c5e0000)
  the space 12288K,  92% used [0x385e0000, 0x390faaf8, 0x390fac00, 0x391e0000)
No shared spaces configured.

Dynamic libraries:
0x00400000 - 0x0049b000    C:Program FilesInternet ExplorerIEXPLORE.EXE
0x7c900000 - 0x7c9af000    C:WINDOWSsystem32ntdll.dll
0x7c800000 - 0x7c8f6000    C:WINDOWSsystem32kernel32.dll
0x77dd0000 - 0x77e6b000    C:WINDOWSsystem32ADVAPI32.dll
0x77e70000 - 0x77f02000    C:WINDOWSsystem32RPCRT4.dll
0x77fe0000 - 0x77ff1000    C:WINDOWSsystem32Secur32.dll
0x77f10000 - 0x77f59000    C:WINDOWSsystem32GDI32.dll
0x7e410000 - 0x7e4a1000    C:WINDOWSsystem32USER32.dll
0x77c10000 - 0x77c68000    C:WINDOWSsystem32msvcrt.dll
0x77f60000 - 0x77fd6000    C:WINDOWSsystem32SHLWAPI.dll
0x7c9c0000 - 0x7d1d7000    C:WINDOWSsystem32SHELL32.dll
0x774e0000 - 0x7761d000    C:WINDOWSsystem32ole32.dll
0x78130000 - 0x78257000    C:WINDOWSsystem32urlmon.dll
0x77120000 - 0x771ab000    C:WINDOWSsystem32OLEAUT32.dll
0x78000000 - 0x78045000    C:WINDOWSsystem32iertutil.dll
0x77c00000 - 0x77c08000    C:WINDOWSsystem32VERSION.dll
0x76390000 - 0x763ad000    C:WINDOWSsystem32IMM32.DLL
0x773d0000 - 0x774d3000    C:WINDOWSWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83comctl32.dll
0x5d090000 - 0x5d12a000    C:WINDOWSsystem32comctl32.dll
0x42ef0000 - 0x434bd000    C:WINDOWSsystem32IEFRAME.dll
0x76bf0000 - 0x76bfb000    C:WINDOWSsystem32PSAPI.DLL
0x5ad70000 - 0x5ada8000    C:WINDOWSsystem32UxTheme.dll
0x74720000 - 0x7476c000    C:WINDOWSsystem32MSCTF.dll
0x00c00000 - 0x00ec5000    C:WINDOWSsystem32xpsp2res.dll
0x755c0000 - 0x755ee000    C:WINDOWSsystem32msctfime.ime
0x5dff0000 - 0x5e01f000    C:WINDOWSsystem32IEUI.dll
0x10000000 - 0x10006000    C:Program FilesInternet ExplorerMSIMG32.dll
0x4ec50000 - 0x4edf6000    C:WINDOWSWinSxSx86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0cgdiplus.dll
0x47060000 - 0x47081000    C:WINDOWSsystem32xmllite.dll
0x77b40000 - 0x77b62000    C:WINDOWSsystem32apphelp.dll
0x76fd0000 - 0x7704f000    C:WINDOWSsystem32CLBCATQ.DLL
0x77050000 - 0x77115000    C:WINDOWSsystem32COMRes.dll
0x746f0000 - 0x7471a000    C:WINDOWSsystem32msimtf.dll
0x77a20000 - 0x77a74000    C:WINDOWSSystem32cscui.dll
0x76600000 - 0x7661d000    C:WINDOWSSystem32CSCDLL.dll
0x77920000 - 0x77a13000    C:WINDOWSsystem32SETUPAPI.dll
0x325c0000 - 0x325d2000    C:PROGRA~1MICROS~2OFFICE11msohev.dll
0x61930000 - 0x6197a000    C:Program FilesInternet Explorerieproxy.dll
0x78050000 - 0x78120000    C:WINDOWSsystem32WININET.dll
0x01a00000 - 0x01a09000    C:WINDOWSsystem32Normaliz.dll
0x75cf0000 - 0x75d81000    C:WINDOWSsystem32MLANG.dll
0x71ab0000 - 0x71ac7000    C:WINDOWSsystem32ws2_32.dll
0x71aa0000 - 0x71aa8000    C:WINDOWSsystem32WS2HELP.dll
0x01de0000 - 0x01e21000    C:Program FilesKiwee Toolbar22.6.156KiweeIEToolbar.dll
0x01e80000 - 0x01eb1000    C:Program FilesKiwee Toolbar22.6.156KiweeTBCore.dll
0x01ec0000 - 0x01f2f000    C:Program FilesKiwee Toolbar22.6.156agtbcore.dll
0x77a80000 - 0x77b15000    C:WINDOWSsystem32CRYPT32.dll
0x77b20000 - 0x77b32000    C:WINDOWSsystem32MSASN1.dll
0x769c0000 - 0x76a74000    C:WINDOWSsystem32USERENV.dll
0x7c420000 - 0x7c4a7000    C:WINDOWSWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2MSVCP80.dll
0x01f30000 - 0x01fcb000    C:WINDOWSWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2MSVCR80.dll
0x1e000000 - 0x1e207000    C:WINDOWSsystem32python25.dll
0x7c360000 - 0x7c3b6000    C:WINDOWSsystem32MSVCR71.dll
0x7d1e0000 - 0x7d49c000    C:WINDOWSsystem32msi.dll
0x74980000 - 0x74a93000    C:WINDOWSsystem32msxml3.dll
0x1e890000 - 0x1e8a5000    C:Program Filesagicommonwin32api.pyd
0x1e770000 - 0x1e789000    C:Program Filesagicommonpywintypes25.dll
0x1e3b0000 - 0x1e3b6000    C:Program Filesagicommon_win32sysloader.pyd
0x02690000 - 0x026e6000    C:WINDOWSsystem32pythoncom25.dll
0x1e7d0000 - 0x1e7f7000    C:Program Filesagicommonshell.pyd
0x1ebc0000 - 0x1ebcb000    C:Program Filesagicommonwin32process.pyd
0x1eb30000 - 0x1eb39000    C:Program Filesagicommonwin32pdh.pyd
0x74000000 - 0x74056000    C:WINDOWSsystem32pdh.dll
0x763b0000 - 0x763f9000    C:WINDOWSsystem32comdlg32.dll
0x74320000 - 0x7435d000    C:WINDOWSsystem32ODBC32.dll
0x711a0000 - 0x711a6000    C:WINDOWSsystem32odbcbcp.dll
0x029f0000 - 0x02a07000    C:WINDOWSsystem32odbcint.dll
0x1ec50000 - 0x1ec6b000    C:Program Filesagicommonwin32security.pyd
0x5b860000 - 0x5b8b5000    C:WINDOWSsystem32NETAPI32.dll
0x71f80000 - 0x71f84000    C:WINDOWSsystem32security.dll
0x767a0000 - 0x767b3000    C:WINDOWSsystem32ntdsapi.dll
0x76f20000 - 0x76f47000    C:WINDOWSsystem32DNSAPI.dll
0x76f60000 - 0x76f8c000    C:WINDOWSsystem32WLDAP32.dll
0x1d1a0000 - 0x1d1b4000    C:Program Filesagicommon_ctypes.pyd
0x03030000 - 0x0303d000    C:Program Filesagicommon_socket.pyd
0x03040000 - 0x030e2000    C:Program Filesagicommon_ssl.pyd
0x71ad0000 - 0x71ad9000    C:WINDOWSsystem32WSOCK32.dll
0x7e720000 - 0x7e7d0000    C:WINDOWSsystem32SXS.DLL
0x42b40000 - 0x42b73000    C:WINDOWSsystem32MSRATING.dll
0x71a50000 - 0x71a8f000    C:WINDOWSsystem32mswsock.dll
0x662b0000 - 0x66308000    C:WINDOWSsystem32hnetcfg.dll
0x71a90000 - 0x71a98000    C:WINDOWSSystem32wshtcpip.dll
0x62900000 - 0x629cb000    C:PROGRA~1Yahoo!CompanionInstallscpn0yt.dll
0x76c90000 - 0x76cb8000    C:WINDOWSsystem32imagehlp.dll
0x76b40000 - 0x76b6d000    C:WINDOWSsystem32WINMM.dll
0x76d60000 - 0x76d79000    C:WINDOWSsystem32iphlpapi.dll
0x76ee0000 - 0x76f1c000    C:WINDOWSsystem32RASAPI32.dll
0x76e90000 - 0x76ea2000    C:WINDOWSsystem32rasman.dll
0x76eb0000 - 0x76edf000    C:WINDOWSsystem32TAPI32.dll
0x76e80000 - 0x76e8e000    C:WINDOWSsystem32rtutils.dll
0x77c70000 - 0x77c94000    C:WINDOWSsystem32msv1_0.dll
0x68000000 - 0x68036000    C:WINDOWSsystem32rsaenh.dll
0x722b0000 - 0x722b5000    C:WINDOWSsystem32sensapi.dll
0x046e0000 - 0x046f0000    C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
0x62300000 - 0x62337000    C:Program FilesYahoo!Commonyiesrvc.dll
0x64000000 - 0x6402d000    C:PROGRA~1Yahoo!browserYCommon.Dll
0x76fc0000 - 0x76fc6000    C:WINDOWSsystem32rasadhlp.dll
0x76c30000 - 0x76c5e000    C:WINDOWSsystem32WINTRUST.DLL
0x76fb0000 - 0x76fb8000    C:WINDOWSSystem32winrnr.dll
0x75e60000 - 0x75e73000    C:WINDOWSsystem32cryptnet.dll
0x4d4f0000 - 0x4d549000    C:WINDOWSsystem32WINHTTP.dll
0x62200000 - 0x6221d000    C:Program FilesYahoo!CommonYIeTagBm.dll
0x6d7c0000 - 0x6d83b000    C:Program FilesJavajre1.6.0_07binssv.dll
0x29500000 - 0x29552000    C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
0x27500000 - 0x275e1000    C:Program FilesCommon FilesMicrosoft SharedWindows Livemsidcrl40.dll
0x74c80000 - 0x74cac000    C:WINDOWSsystem32OLEACC.dll
0x76080000 - 0x760e5000    C:WINDOWSsystem32MSVCP60.dll
0x472b0000 - 0x47337000    C:Program FilesWindows Live Toolbarmsntb.dll
0x05530000 - 0x05536000    C:Program FilesWindows Live Toolbaren-usmtbres.dll.mui
0x05540000 - 0x0554a000    C:Program FilesWindows Live Toolbarmtbres.dll
0x76380000 - 0x76385000    C:WINDOWSsystem32msimg32.dll
0x63000000 - 0x6305d000    C:PROGRA~1Yahoo!CompanionInstallscpn0YTBM.dll
0x058d0000 - 0x058ef000    C:PROGRA~1Yahoo!CompanionInstallscpn0YCAPlugin.dll
0x708f0000 - 0x70903000    C:WINDOWSsystem32asycfilt.dll
0x05f50000 - 0x05f5e000    C:Program FilesYahoo!browserYCommonPS.dll
0x435d0000 - 0x43944000    C:WINDOWSsystem32mshtml.dll
0x746c0000 - 0x746e9000    C:WINDOWSsystem32msls31.dll
0x43560000 - 0x435c0000    C:WINDOWSsystem32ieapfltr.dll
0x77690000 - 0x776b1000    C:WINDOWSsystem32NTMARTA.DLL
0x71bf0000 - 0x71c03000    C:WINDOWSsystem32SAMLIB.dll
0x71d40000 - 0x71d5b000    C:WINDOWSsystem32actxprxy.dll
0x75c50000 - 0x75ccd000    C:WINDOWSsystem32jscript.dll
0x767f0000 - 0x76817000    C:WINDOWSsystem32schannel.dll
0x72d20000 - 0x72d29000    C:WINDOWSsystem32wdmaud.drv
0x72d10000 - 0x72d18000    C:WINDOWSsystem32msacm32.drv
0x77be0000 - 0x77bf5000    C:WINDOWSsystem32MSACM32.dll
0x77bd0000 - 0x77bd7000    C:WINDOWSsystem32midimap.dll
0x74d90000 - 0x74dfb000    C:WINDOWSsystem32USP10.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:PROGRA~1JavaJRE16~2.0_0libdeploy.jar;C:PROGRA~1JavaJRE16~2.0_0libplugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.6.0_07 -Djavaplugin.nodotversion=160_07 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:PROGRA~1JavaJRE16~2.0_0 -Djavaplugin.vm.options=-Djava.class.path=C:PROGRA~1JavaJRE16~2.0_0classes -Xbootclasspath/a:C:PROGRA~1JavaJRE16~2.0_0libdeploy.jar;C:PROGRA~1JavaJRE16~2.0_0libplugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.6.0_07 -Djavaplugin.nodotversion=160_07 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:PROGRA~1JavaJRE16~2.0_0  
java_command: <unknown>
Launcher Type: generic

Environment Variables:
PATH=C:PROGRA~1JavaJRE16~2.0_0bin;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesCommon FilesGTK2.0bin;.
USERNAME=Owner
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel



---------------  S Y S T E M  ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 1 (1 cores per cpu, 1 threads per core) family 6 model 11 stepping 1, cmov, cx8, fxsr, mmx, sse

Memory: 4k page, physical 523740k(144148k free), swap 1278588k(550284k free)

vm_info: Java HotSpot(TM) Client VM (10.0-b23) for windows-x86 JRE (1.6.0_07-b06), built on Jun 10 2008 01:14:11 by "java_re" with MS VC++ 7.1

time: Wed Aug 27 23:27:35 2008
elapsed time: 2961 seconds


someone told me it was a hoax, so i saved but it came up again...

i havent been able to play games on Pogo and i am redirected constantly and it freezes and lags a lot!  i keep getting these errors and end up with all kinds of problems.  i am the only one that i know that gets this many problems!  
i currently have Avast for virus protection and Superantispyware.  why didnt they stop or catch them?

sorry about the novel! and if it is too much info...lol  i think sometimes i try to over-scan.  but, i just have so many probs with this computer.  and it is an old computer.

thank you so much in advance for any help or suggestions you can supply.  


ANSWER: Hi Pam

It's better to have too much info, rather than not enough.  Your HJT program needs to be updated, and the format needs to be adjusted for me to read it.  Uninstall HJT, then download and install from this link:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Scan and save a log file.  When it opens in notepad, make sure the format is correct.  For example:

Running processes:
C:WINDOWSSystem32smss.exe

should look like:

Running processes:
C:/WINDOWS/System32/smss.exe

If not, click on Word Wrap in the options for notepad.

I can make out two adware programs which you should try uninstalling:

FunWebProducts
WeatherBug

Look in your Control Panel under Add/Remove Programs.

After I receive the new HJT log, we can go from there.

Brian

---------- FOLLOW-UP ----------

QUESTION: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:29 AM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\agi\common\agservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Registry Mighty\RegistryMighty.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [RegistryMighty.exe] C:\Program Files\Registry Mighty\RegistryMighty.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ZVolume] C:\Program Files\Windows Media Player\Sample Playlists\ZVolume Pro\ZVolume.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_2/mjolauncher.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl....
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/games/DinerDashFloGo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/insaniquarium/popcaploader_v6.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLaunche...
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\agi\common\agservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O24 - Desktop Component 0: (no name) - http://www.playahsparadise.com/RIPMacDre.jpg
O24 - Desktop Component 1: (no name) - http://www.repticzone.net/images/34171/thumbnails/102_0142.JPG
O24 - Desktop Component 2: (no name) - http://reptilegeeks.com/file/pic/user_bg/mama42.jpg
O24 - Desktop Component 3: (no name) - http://ct2.pimp-my-profile.com/i70/7/2/26/f_de9fe23683.jpg

--
End of file - 10617 bytes


ANSWER: Hi Pam

Open HJT and run a Scan Only.  Place a check mark in the box next to the following items, close all open browsers, then click the Fix Checked button:

R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

After fixing, close HJT.  In your Add/Remove programs, look for the program RegistryMighty and attempt to uninstall it.  This may be a rogue program, as I have not found anything substantial on it.

Next, please download Malwarebytes' Anti-Malware to your desktop from here:
http://www.besttechie.net/tools/mbam-setup.exe
Double-click mbam-setup.exe and follow the prompts to install the program.
 * At the end, be sure a checkmark is placed next to
       o Update Malwarebytes' Anti-Malware
       o and Launch Malwarebytes' Anti-Malware
 * then click Finish.
 * If an update is found, it will download and install the latest version.
 * Once the program has loaded, select Perform full scan, then click Scan.
 * When the scan is complete, click OK, then Show Results to view the results.
 * Be sure that everything is checked, and click Remove Selected.
 * When completed, a log will open in Notepad.  Copy that log here, along with a new HJT log.

Brian

---------- FOLLOW-UP ----------

QUESTION: hi Brian...
wel, that was pretty easy.  i got a log of the malware that i included at the bottom of this note. wanted to say thanks.  and i dont know how i got all that from coolwebproducts.  probably the kids (teenagers), im thinking.  i have seen the mywebsearch though.. here she is:Malwarebytes' Anti-Malware 1.28
Database version: 1182
Windows 5.1.2600 Service Pack 3

9/20/2008 6:38:23 PM
mbam-log-2008-09-20 (18-38-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 103389
Time elapsed: 1 hour(s), 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 141
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 16
Files Infected: 111

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\downloader.downloaderctrl.1 (Adware.2020search) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SBTV (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWeb

Answer
Hi Pam

Looks like we ran out of room on this page with the logs.  I just want to check your HJT log to make sure it's clean.  Best thing is to send it to me directly at numbersix6@yahoo.com
Now please tell Heather I am checking her log and will get back to her shortly.  Thanks.

Brian

Add to this Answer    Ask a Question



  Rate this Answer
   Was this answer helpful?
Not at allDefinitely              
   12345  

     
About Us | Advertise on This Site | User Agreement | Privacy Policy | Help
Copyright  © 2008 About, Inc. About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.