Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
3 replies to this topic

#1 rach083084


  • Members
  • 35 posts
  • Local time:02:15 AM

Posted 05 August 2011 - 09:14 PM

Someone was trying to find my son some games to play on his computer. He wanted Mario. Unaware of what goes on on the interest she tried to download some obviously 'not real' games. Anyways, now my computer goes pretty slow and every now and then I get pop-ups around having a virus or 'tracking' program. There's a strange folder on my computer now named "Play Pickle" (Pickle is my sons nickname and Computer name) which I've deleted but Malwarebites finds a good bit of stuff there still. I ran Malwarebites twice, back to back and it found stuff both times so I'm not sure if it's getting rid of whatever this is. I saved the last log. It found a lot of something called Pup.Magoo both times and I also have the crazy My Web Search Assistant in the add/remove programs that won't go anywhere.

I found great help here several years ago, and I hope can get this resolved as this is my sons computer we pieced together and he'd hate to lose it. Thanks in advance.

Edited by rach083084, 06 August 2011 - 09:11 AM.

BC AdBot (Login to Remove)


#2 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:02:15 AM

Posted 05 August 2011 - 09:24 PM

Hello, so the folder is gone now?

Please post your last MBAM log.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rach083084

  • Topic Starter

  • Members
  • 35 posts
  • Local time:02:15 AM

Posted 06 August 2011 - 07:07 AM

Malwarebytes' Anti-Malware

Database version: 7389

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/5/2011 8:19:51 PM
mbam-log-2011-08-05 (20-19-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 185658
Time elapsed: 29 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> No action taken.
HKEY_CLASSES_ROOT\PlayPickleText.Linker.1 (PUP.Magoo) -> No action taken.
HKEY_CLASSES_ROOT\PlayPickleText.Linker (PUP.Magoo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{AEB04B5E-C981-47a9-B847-33EE4C92F6B9} (PUP.Magoo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP163\A0026110.ocx (Adware.Gdown) -> No action taken.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,920 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:15 AM

Posted 06 August 2011 - 08:28 AM

I ran Malwarebites twice, back to back and it found stuff both times so I'm not sure if it's getting rid of whatever this is.

Did you reboot between scans?

Your Malwarebytes Anti-Malware log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead just click "Save Logfile" or save the report before having MBAM remove the threats.

BTW, a Potentially Unwanted Program (PUP) is a very broad threat category that can include any number of different programs to include those which are benign as well as malicious. They may also be defined somewhat differently by various security vendors.Some programs falling into the PUP category have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files (compressed, packed) that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

Adware.Magoo is an adware program that displays pop-up advertisements when surfing the web and is often detected as a PUP.

MyWebSearch/MyWebSearch Assistant is one of many browser toolbar add-ons (to include MyWay Searchbar, MySearch, MyWay Search Assistant, and MyWay Speedbar) which are created and distributed by Ask Jeeves. These toolbars are often bundled with "free software" such as wallpaper and screensavers offered by third party software vendors and part of the Fun Web Products suite of utilities (Smiley Central, Cursor Mania, FunBuddyIcons, FunWebProducts, MyFunCards, My Mail Stationary, My Mail Signature, PopSwatter, Popular Screensavers, Webfetti, My Way website portal, etc). The toolbar is also aggressively offered via annoying banner ads and pop ups advertised on third party web sites that target kids. For a more detailed overview, refer to the Ask Jeeves Software Review conducted by Sunbelt Software Research Center.

MyWebSearch and MyWay were pre-installed on new Dell computers starting in November 2004 as reported in The Pharmer In The Dell. Dell had a link to "What is the Dell MyWebSearch Home Page?" but it was redirected to The "Dell My Way" Home Page and at some point removed. Dell now uses the "Dell Search Assistant " where they address many of the same concerns previously addressed in the redirected link.

Although MyWebSearch is not technically spyware, the program uses tracking cookies and transmits information regarding search requests performed through the toolbar's search facility. Some anti-virus and anti-malware programs detect the toolbar as a non-viral threat (i.e. not-a-virus:AdTool.Win32.MyWebSearch) or Potentially Unwanted Program, while others (Spybot, Malwarebytes Anti-Malware, Ad-aware...) may detect or remove individual files and registry entries. However, even after these security tools remove files/registry entries, remnants previously undetected may still be found during subsequent scans.

I understand you'd like to get rid of this stuff, but if that is all your scans are finding I would not be too alarmed about the findings as you are not dealing with a serious malware infection.

Edited by quietman7, 06 August 2011 - 08:34 AM.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users