More Computer Security & Viruses Answers
Question Library
Ask a question about Computer Security & Viruses
Volunteer
Experts of the Month
Expert Login
Awards
About Us
Tell friends
Link to Us
Disclaimer
|
| |
|
|
| |
| | | |
About Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (including Vista) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over a thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributer of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
| | |
| |
You are here: Experts > Computing/Technology > Internet/Network Security > Computer Security & Viruses > hijacker?
Expert: Brian Benosky - 9/21/2008
Question
QUESTION: hi. for the past couple of weeks, ive been having error messages and warnings coming up and closing my browser down. the first message is after trying to browse, everything just freezes and a message comes up that says "ie has encountered a problem and has to close". i click "close" and it goes down. i wait a few seconds and bring it back up and its real slow coming up. and sometimes, lately, i get "cannot find page" and half to go back or "X" out and bring it back up to get it to work. the another message i was getting was "object expected" when browsing music on Yahoo Launchcast. but, with that i just reset my windows and it stopped. i noticed a week ago while bring up any page, whether i am just starting or going to another page, i am getting "waiting for about: blank..". that is what holds up my pages coming up. i went to a couple of sites and fund out it is a hijacker and another form of "coolwebsearch". but i couldnt find any easy fix. i id get hijackthis before i even tried on here. this is the log:
Logfile of HijackThis v1.99.1
Scan saved at 10:54:27 PM, on 9/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program Filesagicommonagservice.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32atiptaxx.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesKiwee Toolbar22.6.156kwtbaim.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesPicasa2PicasaMediaDetector.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesWindows LiveMessengerMsnMsgr.Exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:Program FilesAWSWeatherBugWeather.exe
C:Program FilesMySpaceIMMySpaceIM.exe
C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe
C:Program FilesAdobe Media PlayerAdobe Media Player.exe
C:WINDOWSsystem32devldr32.exe
C:Program FilesOpenOffice.org 2.4programsoffice.exe
C:Program FilesOpenOffice.org 2.4programsoffice.BIN
C:Program FilesMySpaceIMMySpaceIM.exe
C:Program FilesWindows LiveMessengerusnsvc.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesHijackthisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:Program Filesagicommon_agcutils.pyd
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:Program FilesKiwee Toolbar22.6.156KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpn0yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:Program FilesKiwee Toolbar22.6.156KiweeIEToolbar.dll
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [AtiPTA] atiptaxx.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [KiweeHook] "C:Program FilesKiwee Toolbar22.6.156kwtbaim.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKCU..Run: [Picasa Media Detector] C:Program FilesPicasa2PicasaMediaDetector.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Messenger (Yahoo!)] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [Weather] C:Program FilesAWSWeatherBugWeather.exe 1
O4 - HKCU..Run: [ZVolume] C:Program FilesWindows Media PlayerSample PlaylistsZVolume ProZVolume.exe
O4 - HKCU..Run: [MySpaceIM] C:Program FilesMySpaceIMMySpaceIM.exe
O4 - HKCU..Run: [EasyLinkAdvisor] "C:Program FilesLinksys EasyLink AdvisorLinksysAgent.exe" /startup
O4 - Startup: Adobe Media Player.lnk = C:Program FilesAdobe Media PlayerAdobe Media Player.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:Program FilesOpenOffice.org 2.4programquickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_2/mjolauncher.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl....
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/games/DinerDashFloGo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/insaniquarium/popcaploader_v6.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLaunche...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WINDOW~4MESSEN~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1WINDOW~4MESSEN~1MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:Program Filesagicommonagservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
a while back (maybe a month ago) i got this on my desktop:
# An unexpected error has been detected by Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x72710004, pid=976, tid=1368
#
# Java VM: Java HotSpot(TM) Client VM (10.0-b23 mixed mode windows-x86)
# Problematic frame:
# C 0x72710004
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#
--------------- T H R E A D ---------------
Current thread (0x02c30000): JavaThread "AWT-Windows" daemon [_thread_in_native, id=1368, stack(0x13e90000,0x13f90000)]
siginfo: ExceptionCode=0xc0000005, reading address 0x72710004
Registers:
EAX=0x02c7fee0, EBX=0x02d5d6a0, ECX=0x02d5d6a0, EDX=0x00000201
ESP=0x13f8f958, EBP=0x02d61fb8, ESI=0x02d61fb8, EDI=0x7c81126a
EIP=0x72710004, EFLAGS=0x00010246
Top of Stack: (sp=0x13f8f958)
0x13f8f958: 6d0755d6 00000201 00000001 01020175
0x13f8f968: 02d5d6a0 6d0704ce 02d61fb8 00000000
0x13f8f978: 00000000 00009808 6d07c2e9 02d61fb8
0x13f8f988: 00000000 13f8fa54 00930482 13f8f9ec
0x13f8f998: 00000000 00000001 00930482 00000000
0x13f8f9a8: 13f8f99c 00000000 02c300f4 13f8f9e0
0x13f8f9b8: 6d0b4d08 00000000 6d073718 00009808
0x13f8f9c8: 00000000 02d61fb8 13f8fa54 6d0736c0
Instructions: (pc=0x72710004)
0x7270fff4:
[error occurred during error reporting (printing registers, top of stack, instructions near pc), id 0xc0000005]
Stack: [0x13e90000,0x13f90000], sp=0x13f8f958, free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x72710004
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::Interpreter
v ~BufferBlob::StubRoutines (1)
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x02d5c400 JavaThread "Thread-735" [_thread_blocked, id=3716, stack(0x11390000,0x11490000)]
0x02cfb800 JavaThread "Thread-734" [_thread_blocked, id=2444, stack(0x077e0000,0x078e0000)]
0x02d31400 JavaThread "Direct Clip" daemon [_thread_blocked, id=2100, stack(0x11090000,0x11190000)]
0x02cdf800 JavaThread "Direct Clip" daemon [_thread_blocked, id=424, stack(0x0e740000,0x0e840000)]
0x02dce800 JavaThread "framethread" [_thread_blocked, id=3808, stack(0x01700000,0x01800000)]
0x14ca3400 JavaThread "Thread-196" [_thread_in_native, id=2192, stack(0x00ac0000,0x00bc0000)]
0x02e0ec00 JavaThread "Image Animator 0" daemon [_thread_blocked, id=3132, stack(0x221a0000,0x222a0000)]
0x02c79400 JavaThread "pool-cue-timer" daemon [_thread_blocked, id=1888, stack(0x21ea0000,0x21fa0000)]
0x02d7bc00 JavaThread "pool-call-timer" daemon [_thread_blocked, id=3092, stack(0x21da0000,0x21ea0000)]
0x02d7b000 JavaThread "pool-jackpot-increment-timer" daemon [_thread_blocked, id=1788, stack(0x21ca0000,0x21da0000)]
0x02d65c00 JavaThread "RunnableQueueThread:Thread-55" [_thread_blocked, id=1892, stack(0x1e9b0000,0x1eab0000)]
0x02be7400 JavaThread "RunnableQueueThread:Thread-54" [_thread_blocked, id=148, stack(0x1e8b0000,0x1e9b0000)]
0x02be5400 JavaThread "RunnableQueueThread:Thread-53" [_thread_blocked, id=1708, stack(0x1e5c0000,0x1e6c0000)]
0x02ce6400 JavaThread "RunnableQueueThread:Thread-52" [_thread_blocked, id=3888, stack(0x1e4c0000,0x1e5c0000)]
0x02ce5800 JavaThread "InvalQueue-com.pogo.ui2.awt.o[panel7,0,0,189x402,layout=com.pogo.ui2.awt.d]-com.pogo.game.client.pool2.o" daemon [_thread_blocked, id=396, stack(0x1e3c0000,0x1e4c0000)]
0x14cbc000 JavaThread "TextField" daemon [_thread_blocked, id=672, stack(0x1e210000,0x1e310000)]
0x14cbb400 JavaThread "ScrollBar" daemon [_thread_blocked, id=3992, stack(0x1dec0000,0x1dfc0000)]
0x14cba800 JavaThread "ScrollBar" daemon [_thread_blocked, id=4000, stack(0x1ddc0000,0x1dec0000)]
0x02dd7c00 JavaThread "TickTimer" daemon [_thread_blocked, id=3508, stack(0x1dcc0000,0x1ddc0000)]
0x02bf5800 JavaThread "ScrollBar" daemon [_thread_blocked, id=2724, stack(0x10f90000,0x11090000)]
0x02e2bc00 JavaThread "Client" [_thread_in_native, id=2928, stack(0x1dbc0000,0x1dcc0000)]
0x02d5a000 JavaThread "Pinger" [_thread_blocked, id=2548, stack(0x1dac0000,0x1dbc0000)]
0x02d59400 JavaThread "RunnableQueueThread:Thread-48" [_thread_blocked, id=4008, stack(0x1d8c0000,0x1d9c0000)]
0x02d5cc00 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=1988, stack(0x1d7c0000,0x1d8c0000)]
0x02d47400 JavaThread "Thread-46" daemon [_thread_blocked, id=3980, stack(0x1d5c0000,0x1d6c0000)]
0x02d46400 JavaThread "Thread-44" daemon [_thread_blocked, id=2772, stack(0x1d4c0000,0x1d5c0000)]
0x02e49400 JavaThread "Direct Clip" daemon [_thread_blocked, id=980, stack(0x1d3c0000,0x1d4c0000)]
0x02e48800 JavaThread "Thread-43" daemon [_thread_blocked, id=1864, stack(0x1d1c0000,0x1d2c0000)]
0x02d3c000 JavaThread "ClockTicker" daemon [_thread_blocked, id=3668, stack(0x1d010000,0x1d110000)]
0x14c8f400 JavaThread "ScrollbarButtonRepeater" daemon [_thread_blocked, id=3204, stack(0x11690000,0x11790000)]
0x02cf9800 JavaThread "TextFieldCaretBlinker" daemon [_thread_blocked, id=3384, stack(0x11490000,0x11590000)]
0x02d72c00 JavaThread "thread applet-com.pogo.game.client.pool2.PoolApplet" [_thread_blocked, id=4076, stack(0x10960000,0x10a60000)]
0x02cfe800 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet" [_thread_blocked, id=3328, stack(0x10e90000,0x10f90000)]
0x02c08800 JavaThread "Thread-32" [_thread_in_native, id=2456, stack(0x1a8b0000,0x1a9b0000)]
0x02d8e400 JavaThread "TextField" daemon [_thread_blocked, id=2116, stack(0x13d90000,0x13e90000)]
0x02cf0800 JavaThread "TickTimer" daemon [_thread_blocked, id=3984, stack(0x17e50000,0x17f50000)]
0x02d69c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=3860, stack(0x18e50000,0x18f50000)]
0x14b02800 JavaThread "InvalQueue-com.pogo.ui2.awt.o[panel3,0,0,458x276,invalid]-ClientApplet-GamePanel" daemon [_thread_blocked, id=3200, stack(0x18d50000,0x18e50000)]
0x02e19800 JavaThread "TextField" daemon [_thread_blocked, id=3168, stack(0x18c50000,0x18d50000)]
0x02e05400 JavaThread "ScrollBar" daemon [_thread_blocked, id=3784, stack(0x18b50000,0x18c50000)]
0x02bbd400 JavaThread "TickTimer" daemon [_thread_blocked, id=1004, stack(0x18a50000,0x18b50000)]
0x02d40c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=884, stack(0x18950000,0x18a50000)]
0x14b24800 JavaThread "BadgeStorage" daemon [_thread_blocked, id=3840, stack(0x18850000,0x18950000)]
0x14b24400 JavaThread "InvalQueue-com.pogo.ui2.awt.o[panel2,0,276,458x127,invalid,layout=com.pogo.ui2.awt.d]-ClientApplet-ChatPanel" daemon [_thread_blocked, id=2688, stack(0x18750000,0x18850000)]
0x02cbc800 JavaThread "Image Animator 2" daemon [_thread_blocked, id=4088, stack(0x18650000,0x18750000)]
0x02cb7800 JavaThread "Image Animator 0" daemon [_thread_blocked, id=3468, stack(0x17d50000,0x17e50000)]
0x02cebc00 JavaThread "SocketConnection" daemon [_thread_in_native, id=3796, stack(0x18450000,0x18550000)]
0x02cbd800 JavaThread "Applet-EventThread" daemon [_thread_blocked, id=3876, stack(0x18350000,0x18450000)]
0x02ced800 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=2716, stack(0x18150000,0x18250000)]
0x02bdf800 JavaThread "Direct Clip" daemon [_thread_blocked, id=3020, stack(0x17c50000,0x17d50000)]
0x02c03400 JavaThread "Thread-25" daemon [_thread_blocked, id=2020, stack(0x17850000,0x17950000)]
0x02cc0400 JavaThread "Thread-24" daemon [_thread_blocked, id=3460, stack(0x15650000,0x15750000)]
0x02bdd400 JavaThread "Thread-23" daemon [_thread_blocked, id=4012, stack(0x15550000,0x15650000)]
0x02bfc400 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3524, stack(0x15450000,0x15550000)]
0x02afbc00 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=2144, stack(0x0c530000,0x0c630000)]
0x02e2ac00 JavaThread "thread applet-com.pogo.game.client.pool2.PoolTableApplet" [_thread_blocked, id=3588, stack(0x0c890000,0x0c990000)]
0x02bc7400 JavaThread "AWT-EventQueue-4" [_thread_in_native, id=2096, stack(0x0c790000,0x0c890000)]
0x02be4c00 JavaThread "AWT-Shutdown" [_thread_blocked, id=2420, stack(0x0c690000,0x0c790000)]
0x02c0dc00 JavaThread "Thread-18" [_thread_in_native, id=3900, stack(0x10180000,0x10280000)]
0x02c45800 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=2620, stack(0x14190000,0x14290000)]
0x02c5b800 JavaThread "CacheMemoryCleanUpThread" [_thread_blocked, id=2504, stack(0x14090000,0x14190000)]
0x02c3b000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3464, stack(0x13f90000,0x14090000)]
=>0x02c30000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=1368, stack(0x13e90000,0x13f90000)]
0x02c2c800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=3052, stack(0x13c90000,0x13d90000)]
0x02b9b800 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2748, stack(0x13a90000,0x13b90000)]
0x02b8d800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=3056, stack(0x13990000,0x13a90000)]
0x02b8c800 JavaThread "Attach Listener" daemon [_thread_blocked, id=3884, stack(0x13890000,0x13990000)]
0x02b8bc00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2880, stack(0x13790000,0x13890000)]
0x02b7e000 JavaThread "Finalizer" daemon [_thread_blocked, id=3216, stack(0x10560000,0x10660000)]
0x02b79c00 JavaThread "Reference Handler" daemon [_thread_blocked, id=212, stack(0x0f8c0000,0x0f9c0000)]
Other Threads:
0x02b75400 VMThread [stack: 0x0de30000,0x0df30000] [id=3176]
0x02b9cc00 WatcherThread [stack: 0x13b90000,0x13c90000] [id=4032]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
Heap
def new generation total 2240K, used 1204K [0x325e0000, 0x32840000, 0x32d40000)
eden space 2048K, 56% used [0x325e0000, 0x32702008, 0x327e0000)
from space 192K, 23% used [0x32810000, 0x3281b260, 0x32840000)
to space 192K, 0% used [0x327e0000, 0x327e0000, 0x32810000)
tenured generation total 27700K, used 15371K [0x32d40000, 0x3484d000, 0x385e0000)
the space 27700K, 55% used [0x32d40000, 0x33c42f88, 0x33c43000, 0x3484d000)
compacting perm gen total 12288K, used 11370K [0x385e0000, 0x391e0000, 0x3c5e0000)
the space 12288K, 92% used [0x385e0000, 0x390faaf8, 0x390fac00, 0x391e0000)
No shared spaces configured.
Dynamic libraries:
0x00400000 - 0x0049b000 C:Program FilesInternet ExplorerIEXPLORE.EXE
0x7c900000 - 0x7c9af000 C:WINDOWSsystem32ntdll.dll
0x7c800000 - 0x7c8f6000 C:WINDOWSsystem32kernel32.dll
0x77dd0000 - 0x77e6b000 C:WINDOWSsystem32ADVAPI32.dll
0x77e70000 - 0x77f02000 C:WINDOWSsystem32RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:WINDOWSsystem32Secur32.dll
0x77f10000 - 0x77f59000 C:WINDOWSsystem32GDI32.dll
0x7e410000 - 0x7e4a1000 C:WINDOWSsystem32USER32.dll
0x77c10000 - 0x77c68000 C:WINDOWSsystem32msvcrt.dll
0x77f60000 - 0x77fd6000 C:WINDOWSsystem32SHLWAPI.dll
0x7c9c0000 - 0x7d1d7000 C:WINDOWSsystem32SHELL32.dll
0x774e0000 - 0x7761d000 C:WINDOWSsystem32ole32.dll
0x78130000 - 0x78257000 C:WINDOWSsystem32urlmon.dll
0x77120000 - 0x771ab000 C:WINDOWSsystem32OLEAUT32.dll
0x78000000 - 0x78045000 C:WINDOWSsystem32iertutil.dll
0x77c00000 - 0x77c08000 C:WINDOWSsystem32VERSION.dll
0x76390000 - 0x763ad000 C:WINDOWSsystem32IMM32.DLL
0x773d0000 - 0x774d3000 C:WINDOWSWinSxSx86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83comctl32.dll
0x5d090000 - 0x5d12a000 C:WINDOWSsystem32comctl32.dll
0x42ef0000 - 0x434bd000 C:WINDOWSsystem32IEFRAME.dll
0x76bf0000 - 0x76bfb000 C:WINDOWSsystem32PSAPI.DLL
0x5ad70000 - 0x5ada8000 C:WINDOWSsystem32UxTheme.dll
0x74720000 - 0x7476c000 C:WINDOWSsystem32MSCTF.dll
0x00c00000 - 0x00ec5000 C:WINDOWSsystem32xpsp2res.dll
0x755c0000 - 0x755ee000 C:WINDOWSsystem32msctfime.ime
0x5dff0000 - 0x5e01f000 C:WINDOWSsystem32IEUI.dll
0x10000000 - 0x10006000 C:Program FilesInternet ExplorerMSIMG32.dll
0x4ec50000 - 0x4edf6000 C:WINDOWSWinSxSx86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0cgdiplus.dll
0x47060000 - 0x47081000 C:WINDOWSsystem32xmllite.dll
0x77b40000 - 0x77b62000 C:WINDOWSsystem32apphelp.dll
0x76fd0000 - 0x7704f000 C:WINDOWSsystem32CLBCATQ.DLL
0x77050000 - 0x77115000 C:WINDOWSsystem32COMRes.dll
0x746f0000 - 0x7471a000 C:WINDOWSsystem32msimtf.dll
0x77a20000 - 0x77a74000 C:WINDOWSSystem32cscui.dll
0x76600000 - 0x7661d000 C:WINDOWSSystem32CSCDLL.dll
0x77920000 - 0x77a13000 C:WINDOWSsystem32SETUPAPI.dll
0x325c0000 - 0x325d2000 C:PROGRA~1MICROS~2OFFICE11msohev.dll
0x61930000 - 0x6197a000 C:Program FilesInternet Explorerieproxy.dll
0x78050000 - 0x78120000 C:WINDOWSsystem32WININET.dll
0x01a00000 - 0x01a09000 C:WINDOWSsystem32Normaliz.dll
0x75cf0000 - 0x75d81000 C:WINDOWSsystem32MLANG.dll
0x71ab0000 - 0x71ac7000 C:WINDOWSsystem32ws2_32.dll
0x71aa0000 - 0x71aa8000 C:WINDOWSsystem32WS2HELP.dll
0x01de0000 - 0x01e21000 C:Program FilesKiwee Toolbar22.6.156KiweeIEToolbar.dll
0x01e80000 - 0x01eb1000 C:Program FilesKiwee Toolbar22.6.156KiweeTBCore.dll
0x01ec0000 - 0x01f2f000 C:Program FilesKiwee Toolbar22.6.156agtbcore.dll
0x77a80000 - 0x77b15000 C:WINDOWSsystem32CRYPT32.dll
0x77b20000 - 0x77b32000 C:WINDOWSsystem32MSASN1.dll
0x769c0000 - 0x76a74000 C:WINDOWSsystem32USERENV.dll
0x7c420000 - 0x7c4a7000 C:WINDOWSWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2MSVCP80.dll
0x01f30000 - 0x01fcb000 C:WINDOWSWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2MSVCR80.dll
0x1e000000 - 0x1e207000 C:WINDOWSsystem32python25.dll
0x7c360000 - 0x7c3b6000 C:WINDOWSsystem32MSVCR71.dll
0x7d1e0000 - 0x7d49c000 C:WINDOWSsystem32msi.dll
0x74980000 - 0x74a93000 C:WINDOWSsystem32msxml3.dll
0x1e890000 - 0x1e8a5000 C:Program Filesagicommonwin32api.pyd
0x1e770000 - 0x1e789000 C:Program Filesagicommonpywintypes25.dll
0x1e3b0000 - 0x1e3b6000 C:Program Filesagicommon_win32sysloader.pyd
0x02690000 - 0x026e6000 C:WINDOWSsystem32pythoncom25.dll
0x1e7d0000 - 0x1e7f7000 C:Program Filesagicommonshell.pyd
0x1ebc0000 - 0x1ebcb000 C:Program Filesagicommonwin32process.pyd
0x1eb30000 - 0x1eb39000 C:Program Filesagicommonwin32pdh.pyd
0x74000000 - 0x74056000 C:WINDOWSsystem32pdh.dll
0x763b0000 - 0x763f9000 C:WINDOWSsystem32comdlg32.dll
0x74320000 - 0x7435d000 C:WINDOWSsystem32ODBC32.dll
0x711a0000 - 0x711a6000 C:WINDOWSsystem32odbcbcp.dll
0x029f0000 - 0x02a07000 C:WINDOWSsystem32odbcint.dll
0x1ec50000 - 0x1ec6b000 C:Program Filesagicommonwin32security.pyd
0x5b860000 - 0x5b8b5000 C:WINDOWSsystem32NETAPI32.dll
0x71f80000 - 0x71f84000 C:WINDOWSsystem32security.dll
0x767a0000 - 0x767b3000 C:WINDOWSsystem32ntdsapi.dll
0x76f20000 - 0x76f47000 C:WINDOWSsystem32DNSAPI.dll
0x76f60000 - 0x76f8c000 C:WINDOWSsystem32WLDAP32.dll
0x1d1a0000 - 0x1d1b4000 C:Program Filesagicommon_ctypes.pyd
0x03030000 - 0x0303d000 C:Program Filesagicommon_socket.pyd
0x03040000 - 0x030e2000 C:Program Filesagicommon_ssl.pyd
0x71ad0000 - 0x71ad9000 C:WINDOWSsystem32WSOCK32.dll
0x7e720000 - 0x7e7d0000 C:WINDOWSsystem32SXS.DLL
0x42b40000 - 0x42b73000 C:WINDOWSsystem32MSRATING.dll
0x71a50000 - 0x71a8f000 C:WINDOWSsystem32mswsock.dll
0x662b0000 - 0x66308000 C:WINDOWSsystem32hnetcfg.dll
0x71a90000 - 0x71a98000 C:WINDOWSSystem32wshtcpip.dll
0x62900000 - 0x629cb000 C:PROGRA~1Yahoo!CompanionInstallscpn0yt.dll
0x76c90000 - 0x76cb8000 C:WINDOWSsystem32imagehlp.dll
0x76b40000 - 0x76b6d000 C:WINDOWSsystem32WINMM.dll
0x76d60000 - 0x76d79000 C:WINDOWSsystem32iphlpapi.dll
0x76ee0000 - 0x76f1c000 C:WINDOWSsystem32RASAPI32.dll
0x76e90000 - 0x76ea2000 C:WINDOWSsystem32rasman.dll
0x76eb0000 - 0x76edf000 C:WINDOWSsystem32TAPI32.dll
0x76e80000 - 0x76e8e000 C:WINDOWSsystem32rtutils.dll
0x77c70000 - 0x77c94000 C:WINDOWSsystem32msv1_0.dll
0x68000000 - 0x68036000 C:WINDOWSsystem32rsaenh.dll
0x722b0000 - 0x722b5000 C:WINDOWSsystem32sensapi.dll
0x046e0000 - 0x046f0000 C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
0x62300000 - 0x62337000 C:Program FilesYahoo!Commonyiesrvc.dll
0x64000000 - 0x6402d000 C:PROGRA~1Yahoo!browserYCommon.Dll
0x76fc0000 - 0x76fc6000 C:WINDOWSsystem32rasadhlp.dll
0x76c30000 - 0x76c5e000 C:WINDOWSsystem32WINTRUST.DLL
0x76fb0000 - 0x76fb8000 C:WINDOWSSystem32winrnr.dll
0x75e60000 - 0x75e73000 C:WINDOWSsystem32cryptnet.dll
0x4d4f0000 - 0x4d549000 C:WINDOWSsystem32WINHTTP.dll
0x62200000 - 0x6221d000 C:Program FilesYahoo!CommonYIeTagBm.dll
0x6d7c0000 - 0x6d83b000 C:Program FilesJavajre1.6.0_07binssv.dll
0x29500000 - 0x29552000 C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
0x27500000 - 0x275e1000 C:Program FilesCommon FilesMicrosoft SharedWindows Livemsidcrl40.dll
0x74c80000 - 0x74cac000 C:WINDOWSsystem32OLEACC.dll
0x76080000 - 0x760e5000 C:WINDOWSsystem32MSVCP60.dll
0x472b0000 - 0x47337000 C:Program FilesWindows Live Toolbarmsntb.dll
0x05530000 - 0x05536000 C:Program FilesWindows Live Toolbaren-usmtbres.dll.mui
0x05540000 - 0x0554a000 C:Program FilesWindows Live Toolbarmtbres.dll
0x76380000 - 0x76385000 C:WINDOWSsystem32msimg32.dll
0x63000000 - 0x6305d000 C:PROGRA~1Yahoo!CompanionInstallscpn0YTBM.dll
0x058d0000 - 0x058ef000 C:PROGRA~1Yahoo!CompanionInstallscpn0YCAPlugin.dll
0x708f0000 - 0x70903000 C:WINDOWSsystem32asycfilt.dll
0x05f50000 - 0x05f5e000 C:Program FilesYahoo!browserYCommonPS.dll
0x435d0000 - 0x43944000 C:WINDOWSsystem32mshtml.dll
0x746c0000 - 0x746e9000 C:WINDOWSsystem32msls31.dll
0x43560000 - 0x435c0000 C:WINDOWSsystem32ieapfltr.dll
0x77690000 - 0x776b1000 C:WINDOWSsystem32NTMARTA.DLL
0x71bf0000 - 0x71c03000 C:WINDOWSsystem32SAMLIB.dll
0x71d40000 - 0x71d5b000 C:WINDOWSsystem32actxprxy.dll
0x75c50000 - 0x75ccd000 C:WINDOWSsystem32jscript.dll
0x767f0000 - 0x76817000 C:WINDOWSsystem32schannel.dll
0x72d20000 - 0x72d29000 C:WINDOWSsystem32wdmaud.drv
0x72d10000 - 0x72d18000 C:WINDOWSsystem32msacm32.drv
0x77be0000 - 0x77bf5000 C:WINDOWSsystem32MSACM32.dll
0x77bd0000 - 0x77bd7000 C:WINDOWSsystem32midimap.dll
0x74d90000 - 0x74dfb000 C:WINDOWSsystem32USP10.dll
VM Arguments:
jvm_args: -Xbootclasspath/a:C:PROGRA~1JavaJRE16~2.0_0libdeploy.jar;C:PROGRA~1JavaJRE16~2.0_0libplugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.6.0_07 -Djavaplugin.nodotversion=160_07 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:PROGRA~1JavaJRE16~2.0_0 -Djavaplugin.vm.options=-Djava.class.path=C:PROGRA~1JavaJRE16~2.0_0classes -Xbootclasspath/a:C:PROGRA~1JavaJRE16~2.0_0libdeploy.jar;C:PROGRA~1JavaJRE16~2.0_0libplugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.6.0_07 -Djavaplugin.nodotversion=160_07 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:PROGRA~1JavaJRE16~2.0_0
java_command: <unknown>
Launcher Type: generic
Environment Variables:
PATH=C:PROGRA~1JavaJRE16~2.0_0bin;C:WINDOWSsystem32;C:WINDOWS;C:WINDOWSSystem32Wbem;C:Program FilesCommon FilesGTK2.0bin;.
USERNAME=Owner
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
--------------- S Y S T E M ---------------
OS: Windows XP Build 2600 Service Pack 3
CPU:total 1 (1 cores per cpu, 1 threads per core) family 6 model 11 stepping 1, cmov, cx8, fxsr, mmx, sse
Memory: 4k page, physical 523740k(144148k free), swap 1278588k(550284k free)
vm_info: Java HotSpot(TM) Client VM (10.0-b23) for windows-x86 JRE (1.6.0_07-b06), built on Jun 10 2008 01:14:11 by "java_re" with MS VC++ 7.1
time: Wed Aug 27 23:27:35 2008
elapsed time: 2961 seconds
someone told me it was a hoax, so i saved but it came up again...
i havent been able to play games on Pogo and i am redirected constantly and it freezes and lags a lot! i keep getting these errors and end up with all kinds of problems. i am the only one that i know that gets this many problems!
i currently have Avast for virus protection and Superantispyware. why didnt they stop or catch them?
sorry about the novel! and if it is too much info...lol i think sometimes i try to over-scan. but, i just have so many probs with this computer. and it is an old computer.
thank you so much in advance for any help or suggestions you can supply.
ANSWER: Hi Pam
It's better to have too much info, rather than not enough. Your HJT program needs to be updated, and the format needs to be adjusted for me to read it. Uninstall HJT, then download and install from this link:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Scan and save a log file. When it opens in notepad, make sure the format is correct. For example:
Running processes:
C:WINDOWSSystem32smss.exe
should look like:
Running processes:
C:/WINDOWS/System32/smss.exe
If not, click on Word Wrap in the options for notepad.
I can make out two adware programs which you should try uninstalling:
FunWebProducts
WeatherBug
Look in your Control Panel under Add/Remove Programs.
After I receive the new HJT log, we can go from there.
Brian
---------- FOLLOW-UP ----------
QUESTION: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:29 AM, on 9/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\agi\common\agservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Registry Mighty\RegistryMighty.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Kiwee Toolbar2\2.6.156\kwtbaim.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\2.6.156\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [RegistryMighty.exe] C:\Program Files\Registry Mighty\RegistryMighty.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ZVolume] C:\Program Files\Windows Media Player\Sample Playlists\ZVolume Pro\ZVolume.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_2/mjolauncher.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl....
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/games/DinerDashFloGo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/insaniquarium/popcaploader_v6.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLaunche...
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\agi\common\agservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O24 - Desktop Component 0: (no name) - http://www.playahsparadise.com/RIPMacDre.jpg
O24 - Desktop Component 1: (no name) - http://www.repticzone.net/images/34171/thumbnails/102_0142.JPG
O24 - Desktop Component 2: (no name) - http://reptilegeeks.com/file/pic/user_bg/mama42.jpg
O24 - Desktop Component 3: (no name) - http://ct2.pimp-my-profile.com/i70/7/2/26/f_de9fe23683.jpg
--
End of file - 10617 bytes
ANSWER: Hi Pam
Open HJT and run a Scan Only. Place a check mark in the box next to the following items, close all open browsers, then click the Fix Checked button:
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\agi\common\_agcutils.pyd
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
After fixing, close HJT. In your Add/Remove programs, look for the program RegistryMighty and attempt to uninstall it. This may be a rogue program, as I have not found anything substantial on it.
Next, please download Malwarebytes' Anti-Malware to your desktop from here:
http://www.besttechie.net/tools/mbam-setup.exe
Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to
o Update Malwarebytes' Anti-Malware
o and Launch Malwarebytes' Anti-Malware
* then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Copy that log here, along with a new HJT log.
Brian
---------- FOLLOW-UP ----------
QUESTION: hi again...it seems i still have that about: blank. this is crazy! also, its not showing here, but did you get the scan log from the malwarebytes? i sent it...
Answer
Hi Pam
Yes, I received it, but this site only has room for a limited number of characters. Send me the HJT log at numbersix6@yahoo.com
The about: blank can be removed manually, but try the automatic method first by downloading Adware Away from here:
http://www.adwareaway.com/download/AdwareAway.exe
Install the program and run a scan. It is a fully functioning trial, but you will need to pay if you keep it past 7 days. You can simply uninstall it after the removal process though. Afterwords, send me another HJT scan to the email above and let me know how the computer is working.
Brian
Add to this Answer
Ask a Question
|
|
