Major Issues

Daniel, I have used the delete function in Avast! Virus Chest.

I looked up what you said the problem might be, I've never had a problem with my webpage changing. I've had occasional popups, but not many, especially not since I've gone through so many cleans and scans (Not sure if they worked or not). My system has only been noticeably sluggish since my browser locked up for certain sites a couple days ago, but that problem was removed.

Should I continue to go ahead and follow the instructions you left?

Sorry for asking so many questions!

Ok we can take a different approach first post a fresh hijackthis log

Daniel, I wasn't trying to sound hostile in anyway. My apologies.

I will follow the steps you gave me and report back with what you said to report back with.

Lets take a different route post a fresh hijackthis log we may be able to take care of it if not then lets go to that step

Daniel, I looked over the log but didn't compare it. I'll leave it to the expert, I don't know what I'm sticking my nose in.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-904C-4BB67ACF4F80} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-904C-55B67ACF4F80} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-904C-FFB57ACF4F80} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-905C-A1F87ACF4F80} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-908C-44B27ACF4F80} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-908C-57B67ACF4F80} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-909C-BEB27ACF4F80} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-90CC-63B67ACF4F80} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-90FC-6FB67ACF4F80} - (no file)
O2 - BHO: (no name) - {00000000-0000-495E-9572-A248947AA42A} - (no file)
O2 - BHO: (no name) - {06020000-0000-0000-900C-5FB67ACF4F80} - (no file)
O2 - BHO: (no name) - {06020000-0000-0000-900C-C9B27ACF4F80} - (no file)
O2 - BHO: (no name) - {06020000-0000-0000-904C-53B27ACF4F80} - (no file)
O2 - BHO: (no name) - {06020000-0000-0000-904C-8CF77ACF4F80} - (no file)
O2 - BHO: (no name) - {06020000-0000-0000-90BC-35B67ACF4F80} - (no file)
O2 - BHO: (no name) - {06020000-0000-0000-90CC-24B27ACF4F80} - (no file)
O2 - BHO: (no name) - {080030C0-0000-0000-904C-CBB27ACF4F80} - (no file)
O2 - BHO: (no name) - {0C0030C0-0000-0000-90CC-64B67ACF4F80} - (no file)
O2 - BHO: (no name) - {100030C0-0000-0000-900C-C6B27ACF4F80} - (no file)
O2 - BHO: (no name) - {1487EF92-E9EE-AEF6-F212-92E8C320F9BB} - (no file)
O2 - BHO: (no name) - {20000000-0000-0000-905C-C1B57ACF4F80} - (no file)
O2 - BHO: (no name) - {20402182-0000-0000-90EC-9FB17ACF4F80} - (no file)
O2 - BHO: (no name) - {300030C0-0000-0000-908C-62B67ACF4F80} - (no file)
O2 - BHO: (no name) - {3392E8A5-6354-4503-A68F-F05F64433A0c} - (no file)
O2 - BHO: (no name) - {38B88281-0000-0000-90CC-46B27ACF4F80} - (no file)
O2 - BHO: (no name) - {3D000000-742E-B281-FFFF-FFFFFFFFFFFF} - (no file)
O2 - BHO: (no name) - {3EFFA2B1-5AEE-0DC1-4DF5-1A1930519867} - (no file)
O2 - BHO: (no name) - {483C96B2-0000-0000-903C-96B27ACF4F80} - (no file)
O2 - BHO: (no name) - {484C44B2-0000-0000-904C-44B27ACF4F80} - (no file)
O2 - BHO: (no name) - {486C78B6-0000-0000-906C-78B67ACF4F80} - (no file)
O2 - BHO: (no name) - {488C5CB2-0000-0000-908C-5CB27ACF4F80} - (no file)
O2 - BHO: (no name) - {48AC24B2-0000-0000-90AC-24B27ACF4F80} - (no file)
O2 - BHO: (no name) - {48BC72B2-0000-0000-90BC-72B27ACF4F80} - (no file)
O2 - BHO: (no name) - {48CCD7B2-0000-0000-90CC-D7B27ACF4F80} - (no file)
O2 - BHO: (no name) - {48DC72B2-0000-0000-90DC-72B27ACF4F80} - (no file)
O2 - BHO: (no name) - {582C4CB6-0000-0000-905C-C1B57ACF4F80} - (no file)
O2 - BHO: (no name) - {632A08FF-0000-0000-905C-A0F87ACF4F80} - (no file)
O2 - BHO: (no name) - {64A3313C-5F3E-431F-AA7C-08A0A2491064} - (no file)
O2 - BHO: (no name) - {78A1C93D-E4CB-4F58-B192-0C34E6AB6531} - (no file)
O2 - BHO: (no name) - {796EC42C-E031-93EC-3C56-D485F552527C} - (no file)
O2 - BHO: (no name) - {87475380-509C-BEB2-A0D6-5480B0000182} - (no file)
O2 - BHO: (no name) - {8B1BD995-F086-1C34-0973-ECBCA121633B} - (no file)
O2 - BHO: (no name) - {A89D9881-0000-0000-90DC-B0B27ACF4F80} - (no file)
O2 - BHO: (no name) - {A8AC7781-0000-0000-906C-B7B17ACF4F80} - (no file)
O2 - BHO: (no name) - {B16E223D-DD81-4A4A-B71F-2A1BF42779B5} - (no file)
O2 - BHO: (no name) - {B67C015E-6C51-B564-5CDA-8D80FAE93B7F} - (no file)
O2 - BHO: (no name) - {B6B27C04-9BEF-F1C1-917A-B5DE583FB4AA} - (no file)
O2 - BHO: (no name) - {CFF2F4DF-F28B-A6D3-7F26-27215C9D011D} - (no file)
O2 - BHO: (no name) - {E50FBFF3-DA62-093E-B1B4-96E0EB9D1C0C} - (no file)
O2 - BHO: (no name) - {F2AF6B80-0000-0000-90CC-C7B27ACF4F80} - (no file)
O2 - BHO: (no name) - {F8AF6B80-0100-0000-E100-00007ACF4F80} - (no file)
O2 - BHO: (no name) - {FF010000-0000-0000-900C-5AB27ACF4F80} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCfox000
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Best Buy\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {00000005-0000-0000-0000-100005000004} - https://secure.widebill.com/l/a98cae7bab6334327025f192c550a038_28.exe
O16 - DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} (SkyFex Expert Object) - https://skyfex.com/download/SkyFexExpert.cab
O16 - DPF: {F2CA95E7-536D-4029-946E-FF9FE21D3F62} (SkyFex Free Expert Object) - https://skyfexfree.net/download/SkyFexFreeExpert.cab
O16 - DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} (SkyFex Client Object) - https://skyfex.com/download/SkyFexClient.cab

Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*&*reboot

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

mywebsearch

then run the tool below

Please run an on-line virus scan at http://www.kaspersky.com/virusscanner[b][color=blue]Kaspersky OnLine Scan[/color][/b] or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Dear Daniel,

I ran HijackThis and did as you said. I closed and rebooted, then tapped F8. I get to my screen and choose "Safe Mode". It does the same thing it's done in the past, it starts to boot up then reboots and says it couldn't be started because of..

Problem A

Problem B

Problem C

Then directly underneath (Spaced like above) it has the commands again.


Also, out of curiousity I ran another HijackThis scan, and all of the {###-##... kind of things I checked and 'fixed' are still there.

what problems does it say also delete it in regular mode

It says three different chunks of text, the top one states it could have been caused by hardware or software

the middle I don't remember

the third one says it could be because the power button or power cord were messed with (Basically).

And am I deleting mywebsearch in normal mode? I have yet to check if it's there.

ok have you always gotten the error

I have never tried to start in safe mode other than the recent events. It's been doing it ever since I tried, so I don't know how long it's been like that.

Ok when you remove my websearch my sure to run the online scan and post the results here

There is no mywebsearch, I just checked. I looked for websearch too. Nothing in the Add/Remove programs like that.

Should I go run the scanner?

yes run the online scan

And I should run it in Internet Explorer? Because it won't run in Mozilla?

yes you should run it on IE

Lastly, I'm onto it now. Should I run each scan? Critical Areas.. My Computer..?

My Computer

It appears as though this is going to take a while, I hope you'll be on a while to help me.

Dear Daniel,

I apologize for the wait. I was up all night with fixing this (I think I got.. SOME out last night) and I fell asleep during the scan.

Here are the results, I wait for your command on where to proceed.

Thanks

PS: I had to save it in a .txt file, I hope that's okay.

Thanks,