Solved how can i stop chrome script?

Hewlett-packard / BRIO
August 24, 2014 at 05:52:35
Specs: Windows Vista, 2 gb
i am actually using xp pro. the thing wouldn't let me change it here.

i am using firefox, with noscript. i do not have chrome anywhere on this computer. when i did try to install it, the thing said that my hardware didn't support chrome.

yet, i keep getting stupid chrome unresponsive script messages, either browser, or noscript overlay.
how do i completely stop this chrome menace from even trying to write script? on a couple of sites, it causes it to take almost half an hour to load a page.


See More: how can i stop chrome script?

Report •


#1
August 24, 2014 at 06:23:41
✔ Best Answer
You have something going on that is not normal.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/


Report •

#2
August 24, 2014 at 09:04:06
okay. i did the scan, and actually got four logs. when i clicked on the "fix" though, it said that there was no "fixdst.txt" and wouldn't do anything.

i also uploaded the loogs to the zippy place, but, it won't give me any kind of link. i guess that there are supposed to be all kinds of links in that box, but it is just blank


Report •

#3
August 24, 2014 at 16:12:27
Put the logs on a thumb/usb drive & upload them using a good computer.

Report •

Related Solutions

#4
August 25, 2014 at 01:23:51
that's the problem. my good dell, doesn't want to boot. it was working okay until i moved it. it was lying on its side for thirty miles, but otherwise, didn't get dropped or anything.
that's why i'm having to use the hp.

i just don't understand the zippys. it says that the upload is complete, but the box for the url is blank


Report •

#5
August 25, 2014 at 01:34:49
Doesn't matter where you upload them to, as long as I don't have to open an account.

message edited by Johnw


Report •

#6
August 25, 2014 at 01:43:14
would it be possible to just email them to you? i don't know where to upload them to, except photobucket, and you have to have an account there.

message edited by iamjumbo


Report •

#7
August 25, 2014 at 01:53:17
Instructions on how to use Zippy.

http://i.imgur.com/xkqqIyu.gif
http://i.imgur.com/mrOm0aX.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#8
August 25, 2014 at 02:53:07
i don't know what i was doing yesterday, but the thing worked today. very strange

http://www9.zippyshare.com/v/392880...


Report •

#9
August 25, 2014 at 03:00:58
i had the same difficulty with the add list, but, finally, on the fourth try, i got it

http://www5.zippyshare.com/v/460423...


Report •

#10
August 25, 2014 at 03:02:08
I did mail you, EDIT your email address out of post #6

Report •

#11
August 25, 2014 at 03:04:25
"The first time the tool is run, it makes also another log (Addition.txt)"
Still waiting on this log.

Report •

#12
August 25, 2014 at 03:16:50
thak you. post 9 is the add log

Report •

#13
August 25, 2014 at 03:23:48
Copy & Paste the text below ( starting > URLSearchHook: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

URLSearchHook: HKCU - MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
BHO: MyIdentityDefender -> {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -> No File
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> No File
Toolbar: HKLM - MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
Toolbar: HKCU - MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
Toolbar: HKCU - No Name - {9DE4BA90-3A79-481F-803E-D1204101FCDE} - No File
C:\Documents and Settings\Administrator\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\looksafe-setup-looksftnc1-1-.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\prismsetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SearchProtectINT.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SettingsManagerSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\switchsetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe


Report •

#14
August 25, 2014 at 03:52:12
i have done as instructed, and this is the log


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-08-2014 01
Ran by Administrator at 2014-08-25 05:44:18 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
URLSearchHook: HKCU - MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
BHO: MyIdentityDefender -> {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} -> No File
BHO: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> No File
Toolbar: HKLM - MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
Toolbar: HKCU - No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Toolbar: HKCU - No Name - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
Toolbar: HKCU - MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
Toolbar: HKCU - No Name - {9DE4BA90-3A79-481F-803E-D1204101FCDE} - No File
C:\Documents and Settings\Administrator\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\looksafe-setup-looksftnc1-1-.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\prismsetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sd.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SearchProtectINT.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SettingsManagerSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\switchsetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe
*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} => value deleted successfully.
"HKCR\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" => Key deleted successfully.
"HKCR\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => Key deleted successfully.
"HKCR\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} => value deleted successfully.
"HKCR\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => value deleted successfully.
"HKCR\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} => value deleted successfully.
"HKCR\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} => value deleted successfully.
"HKCR\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} => value deleted successfully.
"HKCR\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9DE4BA90-3A79-481F-803E-D1204101FCDE} => value deleted successfully.
"HKCR\CLSID\{9DE4BA90-3A79-481F-803E-D1204101FCDE}" => Key not found.
C:\Documents and Settings\Administrator\Local Settings\Temp\BackupSetup.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\looksafe-setup-looksftnc1-1-.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\prismsetup.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sd.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\SearchProtectINT.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\SettingsManagerSetup.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\setup_wm.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\SSUPDATE.EXE => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\switchsetup.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe => Moved successfully.

==== End of Fixlog ====


Report •

#15
August 25, 2014 at 03:54:06
Nice work Jim, you are getting into the swing of it now.

Run both of these, in this order.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#16
August 25, 2014 at 04:17:34
i am running the adw now, but, i might not be able to do the other one today. i have to leave in awhile, and will be gone most of the day.
if i can't today, i will do it first thing in the morning. i truly do appreciate your help

Report •

#17
August 25, 2014 at 04:20:04
" i might not be able to do the other one today"
Ok Jim.

Report •

#18
August 25, 2014 at 04:45:11
okay. this is the adw log.
this computer is quite slow, but, it seems like it took an inordinate amount of time to load the firefox after this reboot.

# AdwCleaner v3.308 - Report created 25/08/2014 at 06:27:17
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Administrator - JIMSCOMPUTER
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gt

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\smdmf
Folder Deleted : C:\Documents and Settings\All Users\Application Data\VideoEgg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Freeze.com
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Program Files\Freeze.com
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Linkey
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1li77v8.default\Extensions\extension@linkeyproject.com
File Deleted : C:\Documents and Settings\All Users\Desktop\Streaming Music - MediaPass.lnk
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\WINDOWS\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gt.sys
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1li77v8.default\searchplugins\default-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1li77v8.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : RegClean Pro_DEFAULT
Task Deleted : RegClean Pro_UPDATES

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\videoegg.activexloader
Key Deleted : HKLM\SOFTWARE\Classes\videoegg.activexloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{168DC258-1455-4E61-8590-9DAC2F27B675}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1A8642F1-DC80-4EDC-A39D-0FB62A58B455}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F91EB90-EF62-44EE-A685-FAC29AF111CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C29C7E4-5321-4CAD-BE2E-877666BED5DF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83DFB6EE-AB18-41B5-86D4-B544A141D67E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88D6CF0E-CF70-4C24-BF6E-E4E414BC649C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F6A82A2-D7B1-443E-BB9F-F7DC887DD618}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9856E2D8-FFB2-4FE5-8CAD-D5AD6A35A804}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3D06987-C35E-49E4-8FE2-AC67B9FBFB4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A58C497B-3EE2-45E7-9594-DACA6BE2A0D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD0A3058-FD49-4F98-A514-FD055201835E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD5915EA-B61A-4DBA-B5C8-EF4B2DF0A3C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB187C0D-6F53-4F3E-9590-98FD3A7364A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C5041FD9-4819-4DC4-B20E-C950B5B03D2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D17726CC-D4DD-4C4A-9671-471D56E413B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB8CCE99-59C6-4552-8BFC-058FEB38D6CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DC3A04EE-CDD7-4407-915C-A5502F97EECD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1A63484-A022-4D42-830A-FBD411514440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E282C728-189D-419E-8EE2-1601F4B39BA5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B7D3E479-CC68-42B5-A338-938ECE35F419}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IEBarProperties
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\P2P Networking
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\VideoEgg
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\MGShareware
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\VideoEgg
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoEgg

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\f1li77v8.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "default-search.net");
Line Deleted : user_pref("browser.search.order.1", "default-search.net");

*************************

AdwCleaner[R0].txt - [9381 octets] - [25/08/2014 06:13:09]
AdwCleaner[S0].txt - [9524 octets] - [25/08/2014 06:27:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9584 octets] ##########


Report •

#19
August 25, 2014 at 04:48:32
"but, it seems like it took an inordinate amount of time to load the firefox after this reboot"
We will get your speed back eventually Jim.

Report •

#20
August 25, 2014 at 05:39:41
that would be great.

i did manage to get the jrt done while i was in the shower

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Mon 08/25/2014 at 7:06:36.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{53E29D7E-78F4-4032-986E-F36F3684E910}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{53E29D7E-78F4-4032-986E-F36F3684E910}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\start menu\programs\free registry cleaner"

~~~ FireFox

Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\f1li77v8.default\minidumps [2 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/25/2014 at 7:34:39.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#21
August 25, 2014 at 05:44:21
Amazing what we do whilst waiting for something to finish on a comp.

Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif


Report •

#22
August 26, 2014 at 00:08:23
yeah. on the dell, when it's working, i can usually do other things on the computer while something is downloading, on this, i can't. i just have to wait.
it didn't used to be this way, but, now, i have comcast internet, but with this hp, it is actually slower than dial up.

anyway, this is the malwarebytes log. i sure was surprised at all of this popping up

Malwarebytes' Anti-Malware 1.36
Database version: 2009
Windows 5.1.2600 Service Pack 2

4/19/2009 8:09:52 PM
mbam-log-2009-04-19 (20-09-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 103307
Time elapsed: 1 hour(s), 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 46
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyGlobalSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Delete on reboot.
C:\Program Files\RegistryBot (Rogue.RegistryBot) -> Delete on reboot.
C:\Program Files\RegistryBot\Log (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Registry Backups (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AntiSpywareDAT (Rogue.TotalAntispyware) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_08_04_55_11.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_08_09_05_08.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_08_10_22_15.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_08_11_23_28.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_08_12_19_52.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_09_06_08_28.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_09_08_45_44.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_10_07_28_49.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_11_04_59_45.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_11_12_04_09.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_12_04_53_58.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_12_12_43_39.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_13_06_17_25.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_13_06_32_09.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_13_14_17_31.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_14_07_14_42.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_15_07_18_21.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_16_06_11_06.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_16_12_57_49.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_17_06_12_25.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_18_06_31_04.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_18_12_50_51.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_18_13_59_00.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_19_05_37_13.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_20_06_01_59.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_20_15_31_32.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_21_05_04_42.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_21_09_32_08.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_21_12_10_52.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_21_12_17_12.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Log\log_2007_04_22_05_43_46.eklog (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Registry Backups\2007-04-07_09-26-05.reg (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Program Files\RegistryBot\Registry Backups\2007-04-07_15-10-57.reg (Rogue.RegistryBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Favorites\MP3 Download, music mp3 downloads. ALLOFMP3..url (Rogue.Link) -> Quarantined and deleted successfully.


Report •

#23
August 26, 2014 at 01:02:07
" it is actually slower than dial up"
That is because you have problems,

"Malwarebytes' Anti-Malware 1.36
Database version: 2009
Windows 5.1.2600 Service Pack 2

4/19/2009 8:09:52 PM
mbam-log-2009-04-19 (20-09-51).txt"
You have given me a very, very old log.


Report •

#24
August 26, 2014 at 02:15:12
i don't understand that. that is the first time that malwarebytes has ever been run on this computer. the scan thing noticed that. when i started, it said that this computer had never been scanned. that is the log that came up.

okay, after much scratching of head, i finally figured out how to find another one. this one was hidden in app files.

<?xml version="1.0" encoding="UTF-16" ?>
- <mbam-log>
- <header>
<date>2014/08/25 16:34:45 -0500</date>
<logfile>mbam-log-2014-08-25 (16-34-43).xml</logfile>
<isadmin>yes</isadmin>
</header>
- <engine>
<version>2.00.2.1012</version>
<malware-database>v2014.08.25.05</malware-database>
<rootkit-database>v2014.08.21.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
- <system>
<osversion>Windows XP Service Pack 2</osversion>
<arch>x86</arch>
<username>Administrator</username>
<filesys>NTFS</filesys>
</system>
- <summary>
<type>threat</type>
<result>completed</result>
<objects>302253</objects>
<time>8304</time>
<processes>0</processes>
<modules>0</modules>
<keys>9</keys>
<values>1</values>
<datas>1</datas>
<folders>1</folders>
<files>9</files>
<sectors>0</sectors>
</summary>
- <options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
- <items>
- <key>
<path>HKU\S-1-5-21-861567501-1606980848-842925246-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}</path>
<vendor>Rogue.WinAntiVirus</vendor>
<action>success</action>
<hash>dbbeae1b78032f07118e20772cd6758b</hash>
</key>
- <key>
<path>HKU\S-1-5-21-861567501-1606980848-842925246-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E596DF5F-4239-4D40-8367-EBADF0165917}</path>
<vendor>Rogue.Installer</vendor>
<action>success</action>
<hash>7524a2270e6dc57128aff0a61be7f40c</hash>
</key>
- <key>
<path>HKLM\SOFTWARE\Screensavers.com</path>
<vendor>Adware.Comet</vendor>
<action>success</action>
<hash>1287ac1df8836fc718ea3a7056ad53ad</hash>
</key>
- <key>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TABQUERY</path>
<vendor>Adware.TabQuery</vendor>
<action>success</action>
<hash>19804a7f790247ef9126aa90cf34817f</hash>
</key>
- <key>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_TABQUERY_SERVICE</path>
<vendor>Adware.TabQuery</vendor>
<action>success</action>
<hash>aeeb9831e5968bab922356e420e31ee2</hash>
</key>
- <key>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TabQuery Service</path>
<vendor>Adware.TabQuery</vendor>
<action>success</action>
<hash>8e0be2e7b1ca340205afed4dc63db34d</hash>
</key>
- <key>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ClearThink</path>
<vendor>PUP.Optional.ClearThink.A</vendor>
<action>success</action>
<hash>0f8ae9e08cefb1852829aea3749056aa</hash>
</key>
- <key>
<path>HKU\S-1-5-21-861567501-1606980848-842925246-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RegistrySmart</path>
<vendor>Rogue.RegistrySmart</vendor>
<action>success</action>
<hash>ebae8148c8b371c50ba8a4ec16ed5ba5</hash>
</key>
- <key>
<path>HKU\S-1-5-21-861567501-1606980848-842925246-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@videoegg.com/Publisher,version=1.5</path>
<vendor>Adware.VideoEgg</vendor>
<action>success</action>
<hash>c7d2b019adce37ff9c75157b43c043bd</hash>
</key>
- <value>
<path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TABQUERY</path>
<valuename>DisplayName</valuename>
<vendor>Adware.TabQuery</vendor>
<action>success</action>
<valuedata>TabQuery 1.0 build 119</valuedata>
<hash>19804a7f790247ef9126aa90cf34817f</hash>
</value>
- <data>
<path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>
<valuename>Search Bar</valuename>
<vendor>Hijack.SearchPage</vendor>
<action>replaced</action>
<valuedata>http://www.mirarsearch.com/?useie5=1&q=</valuedata>
<baddata>http://www.mirarsearch.com/?useie5=1&q=</baddata>
<gooddata>http://www.google.com</gooddata>
<hash>92079e2bb2c99a9cb12925b505ff7f81</hash>
</data>
- <folder>
<path>C:\Documents and Settings\Administrator\Application Data\AntiSpywareDAT</path>
<vendor>Rogue.TotalAntiSpyware</vendor>
<action>success</action>
<hash>20793891aad15dd96f31208f25dd7888</hash>
</folder>
- <file>
<path>C:\Documents and Settings\Administrator\Desktop\internet explorer 9 setup.exe</path>
<vendor>PUP.Optional.Soft32.A</vendor>
<action>success</action>
<hash>7029a0290c6f22143d1ecf756d94d030</hash>
</file>
- <file>
<path>C:\Documents and Settings\Administrator\Local Settings\Temp\nsbB.tmp\Convert.dll</path>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<hash>d4c5c108e4979f97d99143706c95c63a</hash>
</file>
- <file>
<path>C:\Documents and Settings\Administrator\Local Settings\Temp\nsmF4\tbicon.exe</path>
<vendor>PUP.Optional.Linkey.A</vendor>
<action>success</action>
<hash>3e5baf1aa1da9a9c1e07157e27da13ed</hash>
</file>
- <file>
<path>C:\Documents and Settings\Administrator\Local Settings\Temp\nsmF4\nsrF8.tmp\mediabar.exe</path>
<vendor>PUP.Optional.Linkey.A</vendor>
<action>success</action>
<hash>2f6a418855263501c4e2a2d56f9225db</hash>
</file>
- <file>
<path>C:\Documents and Settings\Administrator\Local Settings\Temp\nsmF4\nsrF8.tmp\pack.exe</path>
<vendor>PUP.Optional.SettingsManager.A</vendor>
<action>success</action>
<hash>b9e082472a51ed490f72aaf8847de51b</hash>
</file>
- <file>
<path>C:\Documents and Settings\Administrator\Local Settings\Temp\nsmF4\nsrF8.tmp\SettingsManagerMediaBar.exe</path>
<vendor>PUP.Optional.Linkey.A</vendor>
<action>success</action>
<hash>fc9d6a5f8af131054165017647ba649c</hash>
</file>
- <file>
<path>C:\Documents and Settings\Administrator\Local Settings\Temp\nsrA.tmp\Convert.dll</path>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<hash>1089ebde3744989e0d5d9023778a837d</hash>
</file>
- <file>
<path>C:\Documents and Settings\Administrator\Local Settings\Temp\nst11A\Uninstall.exe</path>
<vendor>PUP.Optional.Linkey.A</vendor>
<action>success</action>
<hash>76235178d3a872c4d8cee394b051e917</hash>
</file>
- <file>
<path>C:\Documents and Settings\Administrator\My Documents\Firefox.exe</path>
<vendor>PUP.Optional.OutBrowse</vendor>
<action>success</action>
<hash>0990e9e0f18a0333f07a496abb46cb35</hash>
</file>
</items>
</mbam-log>


Report •

#25
August 26, 2014 at 03:16:17
"after much scratching of head"
I have no idea why you used that file Jim, all you had to do was follow my link.
http://i.imgur.com/eLcvyZD.gif

message edited by Johnw


Report •

#26
August 26, 2014 at 06:59:08
i wasn't able to copy that. i brought it up a couple of times and tried, but, it wouldn't copy

doesn't that log show what it did?


Report •

#27
August 26, 2014 at 15:25:24
"doesn't that log show what it did?"
Too hard to decipher.

Update & run Malwarebytes again, post a new log.
http://i.imgur.com/U9IqcVj.gif

message edited by Johnw


Report •

#28
August 27, 2014 at 03:01:51
okey dokey, but, how do i copy that?

Report •

#29
August 27, 2014 at 07:15:57
Sorry about the delay, got friends from the country staying with us.

1: As soon you finish the scan, click on > View detailed log as per the screenshot.
http://i.imgur.com/U9IqcVj.gif

2: Go down to > Copy to clipboard as per this SS.
http://i.imgur.com/zHMG6J9.gif

3: Paste into your next reply.

Hopefully it will work this time for you.


Report •

#30
August 27, 2014 at 14:36:09
no problem. i've been in and out the past couple of days anyway.
here is what i got this time, i hope. it didn't find anything this time. it got rid of 20+ last time

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/27/2014
Scan Time: 11:55:09 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.27.02
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 2
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 302824
Time Elapsed: 3 hr, 27 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#31
August 27, 2014 at 15:38:10
Beautiful.

RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Download it onto your Desktop If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

After you run TFC & reboot, what issues do you have.


Report •

#32
August 29, 2014 at 00:34:08
so far this morning, an hour, i have only had firefox hang when i tried to go from the yahoo home page to mail.
this thing does seem to be a little faster, though not as fast as i'd like it. it's an old machine though, so i suppose i have to accept that.

i will let you know if the problem crops up again. i certainly must have the cleanest computer around. thanks


Report •

#33
August 29, 2014 at 03:02:43
Here is an example of what you let be installed ( shall cover this in more detail later )
http://i.imgur.com/tRA9fgU.gif
Uninstall the following programs ( if still listed in IObit )
RegClean Pro
DriverCure
ParetoLogic
Spyware Doctor

Use IObit Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/IObit-...
http://www.majorgeeks.com/files/det...
http://www.iobit.com/advanceduninst...
Do a Standard Uninstall & then the Powerful Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif
http://i.imgur.com/HuWkaZo.gif


Report •

#34
August 29, 2014 at 04:45:32
as usual, i have to leave. i'll try and get it this afternoon. that regpro garbage put itself on, and wouldn't let me get rid of it.

Report •

#35
August 30, 2014 at 04:57:38
i did the obit thing. the only thing on your list that showed up was the paretologic. it did successfully get rid of that. the other things weren't listed. how would i put them in?
also, while i was there, i decided to get rid of the imageshack toolbar. windows decided that it couldn't "install" because the file might be corrupted.
what is with that?

Report •

#36
August 30, 2014 at 05:23:04
" how would i put them in?"
No need to do that.

"that it couldn't "install" because the file might be corrupted"
Don't know, you don't need it.
imageshack toolbar internet explorer
http://is.gd/TopKAM

" i certainly must have the cleanest computer around"
Not quite.

Run both of these, in this order.
Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif


Report •


Ask Question