Author Topic: Computer can no longer handle full screen videos, multiple tabs, and has popups (Read 14342 times)

goodie2010 · « **on:** July 04, 2013, 05:13:22 PM »

First of all thanks to this community, you guys are great! I hope I posted this in the right section.

gateway e2180
xp sp3

3gb of ram 3gb free on 500gb hard drive.

i just checked my ram a couple of weeks ago, now when i right click my computer/properties it wont tell me my ram and specs.

Problem number one started a couple of months ago, but it wasn't that big because i had another computer. Basically my computer can no longer handle full screen movies, youtube videos, google videos, etc....if i put it in full screen mode the picture quality distorts then starts moving slow but the audio continues to play normal.

I'm use to having at least 10 tabs open at once now i can only have about 4 open before my computer starts doing some serious lagging. images now load slow.

more recently, In the past 2 weeks, i've been getting popups (bizcoaching)i also get some other popups, mostly when on yahoo games and yahoo. Malwarebytes did catch and supposedly remove 7 major threats. but my computer is running the same and still has popups. The last mbam scan didn't detect any viruses. i'm currently on a trial Norton360 i don't know it seems to always find something but computer is still running buggy. thanks

# AdwCleaner v2.304 - Logfile created 07/04/2013 at 12:51:02
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - LENOVO_XP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdeapiojlnoobmiakapphlagdcegpohi
Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hngnokeooggfkbhdidaacijfcbkpamma
Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\weh874hs.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\weh874hs.default\searchplugins\EasyLife.xml
File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\funmoods.crx
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\weh874hs.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\weh874hs.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\weh874hs.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\SwvUpdater
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\DownTango
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Playbryte
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\saffE save
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SearchNewTab
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\saffE save
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\EasyLife
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Playbryte
Folder Deleted : C:\Program Files\Red Sky
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06A4C16E-B3BF-72F0-89AA-9D04EAAC3EC0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06A4C16E-B3BF-72F0-89AA-9D04EAAC3EC0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object
Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{06A4C16E-B3BF-72F0-89AA-9D04EAAC3EC0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Playbryte
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06A4C16E-B3BF-72F0-89AA-9D04EAAC3EC0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte
Key Deleted : HKLM\Software\Playbryte
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchy.easylifeapp.com/?pid=625&src=ie1&r=2013/06/29&hid=3453980942&lg=EN&cc=US --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchy.easylifeapp.com/?pid=625&src=ie1&r=2013/06/29&hid=3453980942&lg=EN&cc=US --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\weh874hs.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\weh874hs.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;e[...]
Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Deleted : user_pref("aol_toolbar.cookie.search", "");
Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
Deleted : user_pref("aol_toolbar.default.homepage.check", true);
Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.default.search.check", true);
Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_i[...]
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{5351EBC2-ECFB-67D0-85A1-9287EAB38E4E}");
Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9430");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "2");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "4");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "1");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "4");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "5");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1367545623813");
Deleted : user_pref("aol_toolbar.reset.flag", "1");
Deleted : user_pref("aol_toolbar.reset.style", "A");
Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Thu May 02 2013 21:47:06 GMT-0400 (Eastern Day[...]
Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "02-05-2013");
Deleted : user_pref("aol_toolbar.search.instd", "2013050110701880");
Deleted : user_pref("aol_toolbar.search.oid", "01-05-2013");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Deleted : user_pref("aol_toolbar.searchprotection.enabled", false);
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "23");
Deleted : user_pref("aol_toolbar.surf.lastDate", "2");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "4");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "455");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "456");
Deleted : user_pref("aol_toolbar.surf.week", "455");
Deleted : user_pref("aol_toolbar.surf.year", "455");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "16");
Deleted : user_pref("aol_toolbar.weather.degf", "60");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/33_n.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Clear");
Deleted : user_pref("aol_toolbar.weather.update", "1367545623879");
Deleted : user_pref("aol_toolbar.winamp.volume", "");
Deleted : user_pref("browser.search.defaultenginename", "EasyLife");
Deleted : user_pref("browser.search.defaultenginename,S", "EasyLife");
Deleted : user_pref("browser.search.defaulturl", "hxxp://searchy.easylifeapp.com/?pid=625&src=ff2&r=2013/06/29[...]
Deleted : user_pref("browser.search.order.1", "EasyLife");
Deleted : user_pref("browser.search.order.1,S", "EasyLife");
Deleted : user_pref("browser.search.selectedEngine,S", "EasyLife");
Deleted : user_pref("browser.startup.homepage", "hxxp://searchy.easylifeapp.com/?pid=625&src=ff1&r=2013/06/29&[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "102d60c00000000000000050b64d1ba9");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15624");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.718:24:21");
Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", "false");
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "3F8C4EF3A557274AA5CA857727C5D35F");
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.hrdid", "102d60c00000000000000050b64d1ba9");
Deleted : user_pref("extensions.funmoods.id", "102d60c00000000000000050b64d1ba9");
Deleted : user_pref("extensions.funmoods.instlDay", "15501");
Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Deleted : user_pref("extensions.funmoods.instlday", "15501");
Deleted : user_pref("extensions.funmoods.instlref", "adknlg");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:37:1");
Deleted : user_pref("extensions.funmoods.logicsmngrdailyrepo rttime", "07-07-2012");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Deleted : user_pref("extensions.funmoods.newtab", "false");
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "ec2bf18dedd26bff");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "");
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:37:1");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2217:37:1");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:37:1");
Deleted : user_pref("keyword.URL", "hxxp://searchy.easylifeapp.com/?pid=625&src=ff2&r=2013/06/29&hid=345398094[...]

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.4224] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://badoo.com/startpage/", "hxxp[...]

*************************

AdwCleaner[R1].txt - [30416 octets] - [04/07/2013 10:01:16]
AdwCleaner[S1].txt - [30749 octets] - [04/07/2013 12:51:02]

########## EOF - C:\AdwCleaner[S1].txt - [30810 octets] ##########

Results of screen317's Security Check version 0.99.68
Windows XP Service Pack 3 x86
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
SUPERAntiSpyware
CCleaner
Java 7 Update 21
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (22.0)
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````[/u]
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/4/2013 3:00:16 PM
mbam-log-2013-07-04 (15-00-16).txt

Scan type: Full scan (C:\|)
Objects scanned: 321107
Time elapsed: 1 hour(s), 18 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperDave · « **Reply #1 on:** July 04, 2013, 07:12:49 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

Quote

Basically my computer can no longer handle full screen movies, youtube videos, google videos, etc....if i put it in full screen mode the picture quality distorts then starts moving slow but the audio continues to play normal.

That could be a problem with bad RAM. Please run this check just to eliminate that possibility.

Test your RAM here.

Quote

Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)

Please defrag your harddrive. This could be part of the problem. If you need help with this, let me know.(SSD means Solid State Drive.)

Quote

i'm currently on a trial Norton360 i don't know it seems to always find something but computer is still running buggy. thanks

There's no evidence that Norton is installed on your computer. Here are some free AV's. I recommend MicroSoft Security Essentials.
*************************************
Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
**********************************************
How much free space do you have on your harddrive.
Click Start> Computer> right click the C Drive and choose Properties>

**************************************************************

goodie2010 · « **Reply #2 on:** July 04, 2013, 07:39:55 PM »

Thanks so much Dave! is there another ram testing app i can use? i try opening with daemon tools lite and it doesn't work and i don't have a cd to burn in to. i even tried isobuster.

far as defrag, i know absolutely nothing about defrag, i thought i may have done a defrag maybe a decade ago and i thought i ended up losing all my info?

norton360 is on here, the icon is in my bar right now. it says i have 24 days left.

SuperDave · « **Reply #3 on:** July 05, 2013, 01:14:19 PM »

Quote

Thanks so much Dave! is there another ram testing app i can use? i try opening with daemon tools lite and it doesn't work and i don't have a cd to burn in to. i even tried isobuster.

Ok, just forget about that part for now and we'll see if we have to test the RAM later.
far as defrag, i know absolutely nothing about defrag, i thought i may have done a defrag maybe a decade ago and i thought i ended up losing all my info?

To defrag click on Start, All Programs, Accessories, System Tools and select disk Defragmenter and select Defragment. It shouldn't take too long. Did you find how much free space you have?

goodie2010 · « **Reply #4 on:** July 05, 2013, 01:49:23 PM »

I have 2.89gb free out of 465gb

so far as the defrag, there's no risk? it wont delete my hard drive? i can't remember if it was defrag but i did something over a decade ago that caused me to erase my drive. thanks

goodie2010 · « **Reply #5 on:** July 05, 2013, 01:58:17 PM »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Fri 07/05/2013 at 15:59:02.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3A816AC7-CEFD-415F-AD9C-D4800FEE171C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B594F098-BDCB-4F31-B010-8D5AF2E73540}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D56E01A2-CCF8-438D-93D8-C625E593F307}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\stronghold_llc"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\strongvault online backup"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/05/2013 at 16:04:00.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SuperDave · « **Reply #6 on:** July 05, 2013, 04:59:56 PM »

Quote

I have 2.89gb free out of 465gb

That is part of the problem. Windows requires at least 15% ( 70 Gb) of free space to operate effectively. You will need to free up some space. You can do this by uninstalling unwanted or no longer used programs. You can also save important videos, pictures, music and other important data to an external harddrive or DVD's.

Quote

so far as the defrag, there's no risk? it wont delete my hard drive? i can't remember if it was defrag but i did something over a decade ago that caused me to erase my drive. thanks

The only way to erase your hard drive is by re-formatting it or deliberately erasing everything by hand which is virtually impossible. Eventually your computer will shut down and won't start again. When data and programs are stored on your hard drive it gets fragmented. When you start a program or open a file the computer has to search all over the drive in order to get all the parts of the program or file. Defragging a drive helps to bunch up all those different segments and makes your computer run faster with less effort.
Please let me know when you have freed up some space. The magic number is 70Gbs.

goodie2010 · « **Reply #7 on:** July 05, 2013, 06:30:27 PM »

thanks Dave, I cleared up some space because it wouldn't even let me run defrag. without a certain percent of free space. so I went from 2.8GB to 107GB!!!

i proceeded to defrag, it took 4 hours.

Volume Lenovo XP (C:)
Volume size = 466 GB
Cluster size = 4 KB
Used space = 359 GB
Free space = 106 GB
Percent free space = 22 %

Volume fragmentation
Total fragmentation = 5 %
File fragmentation = 11 %
Free space fragmentation = 0 %

File fragmentation
Total files = 219,180
Average file size = 2 MB
Total fragmented files = 35
Total excess fragments = 114,066
Average fragments per file = 1.52

Pagefile fragmentation
Pagefile size = 2.00 GB
Total fragments = 178

Folder fragmentation
Total folders = 14,495
Fragmented folders = 3
Excess folder fragments = 25

Master File Table (MFT) fragmentation
Total MFT size = 424 MB
MFT record count = 238,998
Percent MFT in use = 55 %
Total MFT fragments = 72

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
5 1,015 bytes \
14 991 bytes \Documents and Settings\Administrator\Cookies
3,880 1.78 GB \Program Files\Propellerhead\Reason\West End Refills\VINTAGE HORNS.rfl
18,613 1.79 GB \Program Files\Propellerhead\Reason\Miroslav String Ensembles Refill.rfl
31,720 1.95 GB \Documents and Settings\Administrator\Desktop\VSTS\PHAEDRA\PHAEDRA0.NKX
186 1.95 GB \Program Files\Zero-G\Phaedra\PHAEDRA0.NKX
4,828 1.95 GB \Documents and Settings\Administrator\Desktop\VSTS\PHAEDRA\PHAEDRA1.NKX
7 1.95 GB \Program Files\Zero-G\Phaedra\PHAEDRA1.NKX
11,346 3.12 GB \Program Files\Propellerhead\Reason\West End Refills\VINTAGE VIBE REFILL.rfl
9,123 4.17 GB \Documents and Settings\Administrator\Desktop\VSTS\ALESIS FUSION INITIAL BACKUP.bkf
8,480 4.27 GB \Documents and Settings\All Users\Documents\DAEMON Tools Images\Komplete Elements Mk2.mdx
9,963 5.62 GB \Documents and Settings\All Users\Documents\DAEMON Tools Images\CXSP100.mdx

did you see i posted my junkware removal tool a few post up? i'm still getting this bizcoaching popup. thanks Dave your Super!

SuperDave · « **Reply #8 on:** July 06, 2013, 04:22:10 PM »

What browser are you using?

Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

goodie2010 · « **Reply #9 on:** July 08, 2013, 05:39:07 AM »

i replied yesterday and have no idea where my response went.

anyhow combofix ran for 2 hours or more restarted, and ran for another hour before getting stuck on something that read like...

combofix found an infected and is attempting to restore c/windows/system32/midimap it got stuck there for several hours. I closed combofix and rebooted. I tried it again, the first part ran for about 2 hours, restarted ran all these stages which took over an hour, then once again it got stuck on attempting to restore c/windows/system32/midimap i slept for 5 hours, woke up and it was still stuck on attempting to restore midimap. thanks

SuperDave · « **Reply #10 on:** July 08, 2013, 04:32:10 PM »

I thought I had responded but my post is gone also. Oh well, try running ComboFix in Safe Mode.

goodie2010 · « **Reply #11 on:** July 09, 2013, 04:07:48 PM »

same results super dave, it got through the first section a lil faster, then when it rebooted, it ran i think around 70 stages or something...maybe it was 50 then it got to the part trying to restore midimap. i came back home about 7 hours later and it was still stuck on trying to restore midimap. this bizcoaching popup is still here also.

SuperDave · « **Reply #12 on:** July 09, 2013, 04:14:26 PM »

Please download and run MicroSoft Safety Scanner. This will take about 20 minutes to run and will produce a log if your computer was infected. Please post the log. This scanner only has a shelf life of 10 days so you will need to download a new one if you want to run a scan after the trial period has expired.

goodie2010 · « **Reply #13 on:** July 09, 2013, 04:35:23 PM »

thanks do i run the quick or full scan?

goodie2010 · « **Reply #14 on:** July 10, 2013, 05:53:01 AM »

ok i ran the full scan, that was about 4 hours. It said 256 files infected then when the scan results came up it showed about 7 trojans. It said it needed to reboot to remove the rest. unfortunately when it never produced a results log, so i ran the full scan again while i was sleeping.

the second full scan found 2 trojans, again no log, but thankfully i copied the 2 files found.

Trojan:Win32/Malagent

VirTool:Win32/VBInject.gen!BO

this time it says they were partially removed and it didn't tell me to restart to completely remove and this bizcoaching popup is still running wild on my computer.

SuperDave · « **Reply #15 on:** July 10, 2013, 01:06:42 PM »

Ok. Run AdwCleaner and MBAM again and post the logs.

Please download AdwCleaner by Xplode onto your Desktop.

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

**************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

goodie2010 · « **Reply #16 on:** July 10, 2013, 02:59:44 PM »

# AdwCleaner v2.304 - Logfile created 07/10/2013 at 15:26:04
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - LENOVO_XP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\adwcleaner_2.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registry] *****

Key Deleted : HKLM\Software\SProtector

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\weh874hs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [30416 octets] - [04/07/2013 10:01:16]
AdwCleaner[R2].txt - [1281 octets] - [10/07/2013 15:21:30]
AdwCleaner[S1].txt - [30880 octets] - [04/07/2013 12:51:02]
AdwCleaner[S2].txt - [1216 octets] - [10/07/2013 15:26:04]

########## EOF - C:\AdwCleaner[S2].txt - [1276 octets] ##########

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/10/2013 4:10:27 PM
mbam-log-2013-07-10 (16-10-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 310586
Time elapsed: 41 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperDave · « **Reply #17 on:** July 10, 2013, 05:19:57 PM »

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

goodie2010 · « **Reply #18 on:** July 10, 2013, 09:36:48 PM »

Thanks Dave

RogueKiller V8.6.2 [Jul 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 07/10/2013 23:40:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] Lightshot.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\4.3.0.0\LightShot.exe [7] -> KILLED [TermProc]
[SUSP PATH] Badoo.Desktop.exe -- C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 17 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : LightShot (C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7]

) -> FOUND

[RUN][SUSP PATH] HKCU\[...]\Run : Badoo Desktop (C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [7]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2025429265-861567501-1417001333-500\[...]\Run : LightShot (C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue [7]

) -> FOUND

[RUN][SUSP PATH] HKUS\S-1-5-21-2025429265-861567501-1417001333-500\[...]\Run : Badoo Desktop (C:\Documents and Settings\All Users\Application Data\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe [7]) -> FOUND
[DNS] HKLM\[...]\CCSet\[...]\{06956AD2-24F6-46CB-954E-A1507AE22562} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\CCSet\[...]\{C5F3C407-F0CD-40C7-8E5E-54F1B199F2FD} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\CCSet\[...]\{F26FE20F-BA46-4770-8889-15F4E1B67646} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{06956AD2-24F6-46CB-954E-A1507AE22562} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{C5F3C407-F0CD-40C7-8E5E-54F1B199F2FD} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\CS001\[...]\{F26FE20F-BA46-4770-8889-15F4E1B67646} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{06956AD2-24F6-46CB-954E-A1507AE22562} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{C5F3C407-F0CD-40C7-8E5E-54F1B199F2FD} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\CS002\[...]\{F26FE20F-BA46-4770-8889-15F4E1B67646} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 updates.presonus.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 4f75e196dd3c1b2c4a302dfe238a8d94
[BSP] 7a13bb6a8558b48e73bab4a19efcb5bb : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07102013_234058.txt >>

SuperDave · « **Reply #19 on:** July 11, 2013, 01:29:22 PM »

Please run RogueKiller again and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

goodie2010 · « **Reply #20 on:** July 11, 2013, 03:32:00 PM »

C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\parkrd2.part05.rar   probably a variant of Win32/Autorun.NEWCBCX worm
C:\System Volume Information\_restore{4394E035-A384-4F8C-8CD5-D37F35EDE2EA}\RP594\A0070974.dll   a variant of Win32/Adware.MultiPlug.I application
C:\System Volume Information\_restore{4394E035-A384-4F8C-8CD5-D37F35EDE2EA}\RP594\A0070976.dll   a variant of Win32/Adware.MultiPlug.I application
C:\System Volume Information\_restore{4394E035-A384-4F8C-8CD5-D37F35EDE2EA}\RP594\A0070980.dll   a variant of Win32/Adware.MultiPlug.I application
C:\System Volume Information\_restore{4394E035-A384-4F8C-8CD5-D37F35EDE2EA}\RP594\A0070997.exe   a variant of MSIL/Adware.iBryte.A application
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\weh874hs.default\extensions\[email protected]\content\bg.js   Win32/Adware.MultiPlug.H application   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\dap_pre.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\d_a_p.v8.6.6.2-mkdev.team_by_cyborg.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d3.part32.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d3.part33.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d3.part34.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d3.part35.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d5.part29.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d5.part30.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d5.part31.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d5.part32.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d6.part16.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d6.part17.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\KEY\bv\pcz2\ssos_d6.part18.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\Desktop\VSTS\mpc\ssos_d6.part33.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Compressed\VSO.Convert.X.To.DVD.3.6.4.158.Full\VSO.Convert.X.To.DVD.3.6.4.158.Full\Keygen.rar   multiple threats   deleted - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\downloadmanager_Setup.exe   a variant of Win32/Adware.iBryte.G application   cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\Extreme_Flash_Player_Setup.exe   a variant of Win32/Adware.iBryte.G application   cleaned by deleting - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\fantom_x_facsimile_1.part09.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\fantom_x_facsimile_1.part10.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\fantom_x_facsimile_1.part11.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\fantom_x_facsimile_2.part04.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\fantom_x_facsimile_2.part15.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\fantom_x_facsimile_2.part16.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\parkrd1.part06.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\parkrd1.part07.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\parkrd1.part08.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\parkrd1.part09.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Demo Songs\ssos_d4.part14.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\New Folder\korg triton refill.part41.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\HiFi Kit\fantom_x_facsimile_2.part05.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\Hip Hop Kit1\parkrd1.part10.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\Hip Hop Kit2\fantom_x_facsimile_2.part06.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\Hip Hop Kit2\fantom_x_facsimile_2.part07.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\Hip Hop Kit2\fantom_x_facsimile_2.part08.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\Hip Hop Kit2\fantom_x_facsimile_2.part16.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\Hip Hop Kit2\fantom_x_facsimile_3.part01.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\Hip Hop Kit2\parkrd1.part11.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\Hip Hop Kit2\parkrd1.part12.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\Refills\WAV's\Hip Hop Kit2\parkrd1.part13.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Binary Finary\Redrum\Subtle Effects\korg triton refill.part42.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\fantom_x_facsimile_2.part09.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\fantom_x_facsimile_2.part10.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\fantom_x_facsimile_2.part11.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\fantom_x_facsimile_2.part12.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\fantom_x_facsimile_3.part01.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\fantom_x_facsimile_3.part02.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\fantom_x_facsimile_3.part03.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\parkrd1.part14.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\parkrd1.part15.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\parkrd1.part16.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\parkrd1.part17.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Chemical Comedown NN-19\Pads & Themes 3\ssos_d4.part15.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\NN-XT\fantom_x_facsimile_2.part13.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\NN-XT\fantom_x_facsimile_2.part14.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\NN-XT\fantom_x_facsimile_2.part15.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\NN-XT\fantom_x_facsimile_3.part02.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\NN-XT\fantom_x_facsimile_3.part04.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\NN-XT\parkrd1.part18.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\NN-XT\parkrd1.part19.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\NN-XT\parkrd1.part20.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\Redrum\Hat\fantom_x_facsimile_2.part16.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\G-Funk-Era\Redrum\Hat\parkrd2.part01.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Organic Chemistry\Rex2\Electro Acoustic Beats\100bpm\korg triton refill.part43.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\110bpm\fantom_x_facsimile_3.part01.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\fantom_x_facsimile_3.part02.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\fantom_x_facsimile_3.part03.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\fantom_x_facsimile_3.part05.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\fantom_x_facsimile_3.part06.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\lip-max_payne_dvdrip.part1.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\parkrd2.part02.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\parkrd2.part03.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\parkrd2.part04.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined

SuperDave · « **Reply #21 on:** July 11, 2013, 04:16:52 PM »

Wow, that was a lot of infections. Please run ESET again to make sure we got all of it. Are you using a P2P program to download music?

goodie2010 · « **Reply #22 on:** July 11, 2013, 04:27:30 PM »

no p2p apps on my computer, those files that say Reason, that's a music program i bought at Guitar Center, now those refills were legally downloaded online, but i've had all those on my computer for at least 3 years and haven't used them recently so i don't see how that could be the problem. i'm still getting all of these coupon popups.

i'm running again! thanks

goodie2010 · « **Reply #23 on:** July 12, 2013, 06:37:05 AM »

C:\Program Files\Propellerhead\Reason\give me a Reason\The Big Reason\Planet Bliss Loops Rex2\120bpm 1\parkrd2.part05.rar   probably a variant of Win32/Autorun.NEWCBCX worm   deleted - quarantined
C:\System Volume Information\_restore{4394E035-A384-4F8C-8CD5-D37F35EDE2EA}\RP594\A0070974.dll   a variant of Win32/Adware.MultiPlug.I application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{4394E035-A384-4F8C-8CD5-D37F35EDE2EA}\RP594\A0070976.dll   a variant of Win32/Adware.MultiPlug.I application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{4394E035-A384-4F8C-8CD5-D37F35EDE2EA}\RP594\A0070980.dll   a variant of Win32/Adware.MultiPlug.I application   cleaned by deleting - quarantined
C:\System Volume Information\_restore{4394E035-A384-4F8C-8CD5-D37F35EDE2EA}\RP594\A0070997.exe   a variant of MSIL/Adware.iBryte.A application   cleaned by deleting - quarantined

goodie2010 · « **Reply #24 on:** July 12, 2013, 12:49:43 PM »

Also as I mentioned at the start of the thread, when i right click my computer/properties it no longer told me how much ram i had but everything else showed up.

I decided to go inside since I did recently move, everything seemed intact but i pulled my 4 sticks (two 1 gb sticks and 2 smaller ones). I placed them back in and rebooted, now it says 2.00GHZ and 2.99gb of Ram!

That's what its suppose to say but i played some videos and again, when i put it in full screen or ever double the size, it starts stuttering, pausing and the video becomes distorted.

The ram did appear a little warm when i pulled it. thanks

SuperDave · « **Reply #25 on:** July 12, 2013, 07:09:28 PM »

Did you run the RAM test?

goodie2010 · « **Reply #26 on:** July 13, 2013, 11:25:11 PM »

thanks Dave, sorry for my late response, remember i tried running it on the first page but it wouldn't work, after looking into things, looks like i'll need to burn it on cd and run it. i'll pick up some tomorrow. thanks

Computer Hope Forum

News:

Author Topic: Computer can no longer handle full screen videos, multiple tabs, and has popups (Read 14342 times)

goodie2010

SuperDave

goodie2010

SuperDave

goodie2010

goodie2010

SuperDave

goodie2010

SuperDave

goodie2010

SuperDave

goodie2010

SuperDave

goodie2010

goodie2010

SuperDave

goodie2010

SuperDave

goodie2010

SuperDave

goodie2010

SuperDave

goodie2010

goodie2010

goodie2010

SuperDave

goodie2010