TravisB
join:2000-02-22 Colorado Springs, CO |
Toshiba Laptop - Windows 7 - Lots of Services / IssuesI am working on a computer for someone and ran the first few steps. He complained first about not being able to get on the internet, the computer running extremely slow, and pop-ups. I noticed that he is not getting an IP address. Ran TFC, then ADW, then MBAM. Ran the other tools to get the logs. I do not have an internet connection at this moment so I wasn't able to do the online scan, it's still stuck on Acquiring IP Address. I have posted the logs (except for ADW which has disappeared and now the computer comes up clean when running ADW).
I noticed there are TONS of services set for Automatic that don't seem legitimate, however, I don't know the first thing about checking them. |
actions · 2014-Mar-21 12:24 pm · (locked) |
TravisB |
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org
Database version: v2013.04.04.07
Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Family :: THOMAS [administrator]
3/15/2014 10:55:38 AM mbam-log-2014-03-15 (10-55-38).txt
Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 233132 Time elapsed: 12 minute(s), 2 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully. HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 4 HKCR\.exe| (Hijacked.exeFile) -> Bad: () Good: (exefile) -> Delete on reboot. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 2 C:\Program Files\ResultBrowse (Adware.ResultBrowse) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ResultBrowse (Adware.ResultBrowse) -> Quarantined and deleted successfully.
Files Detected: 103 C:\WINDOWS\system32\FINEPIX_PCC.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iolo_srv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\RR2IOMod.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\BCMTPM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\acedrv07.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\aniwzcsdservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\BQ47v8Twr.com__ (Backdoor.Agent.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\btwhid.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cfsvcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mi-raysat_3dsmax9_32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mqdmbus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\netwg311.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opcenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\papycpu2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\PEVSystemStart.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\raidmsvr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ramaint.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\savscan.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SDdriver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\spupdsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\SQLAgent$MICROSOFTSMLBIZ.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TIEHDUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WDM_YAMAHAAC97.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ZY202_XP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NxSysMon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\0.041242485500795345fdrgs.exe (Spyware.Password) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\0.04275440537616104.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\0.11345929312883385.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\0.6781976861894342.exe (Trojan.Agent.PE5) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\edbqsqfd.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hki155065.exe (Backdoor.Agent.H) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hki157599.exe (Backdoor.Agent.H) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hki159917.exe (Backdoor.Agent.H) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\85252.42922196371.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\qodpq.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\sp31329.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\trgfuf.exe (Trojan.CryptMar.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.0625561013584578.exe (Trojan.Dropper.Hosts) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.22047202412738476.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.24460594596829766.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\fka0.3509157898208619.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\fka0.47119542290562577.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\717920.0726406681.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.0637782441789112.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.12855091349101666.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.12871906380633147.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.20598818261310592.exe (Spyware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.2798869469590659.exe (Spyware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.29265421830784644.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.3376905620782825.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.41390639962172815.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.44414868075580216.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.4769534091737273.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.4803823502278074.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.48581265535319307.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.5515877921882117.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.618888935389385.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.6531892094617456.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.6815570602630856.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.7005526392365238.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.7781882511095065.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.8778924179472143.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\lgeg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\mos0.8556052076630436.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oleda0.6626151196983586.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\gdfyghret.exe (Trojan.Dropper.Hosts) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.45259020541181516.exe (Spyware.Password) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.47172886682443627.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.5268450135536066.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.5290364952007828.exe (Spyware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.5333288624430002.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.5545591325707763.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.5782639786777269.exe (Spyware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.6193462863812402.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.6537918659445762.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.6625994086865452.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.6882372843771726.exe (Trojan.CryptMar.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.7227014446501653.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.7803883422349152.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.8042521598646392.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oleda0.6496646688357051.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\p9pl6512669807191865829.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\p9pl6677042539283288318.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\omombqc.exe (Spyware.Password) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\p9pl1497859018860397988.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\p9pl2746395002049733477.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\p9pl5273528712244123954.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.3988427639403499.exe (Trojan.CryptMar.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.8564205909983856.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\zkzbmbq.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hwdtdv\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SIQF8GVX\upgrade[1].cab (Adware.Agent.ZGen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\fka0.3461853597593171.exe (Exploit.Drop.7) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.5052627906857509.exe (Exploit.Drop.7) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.7616109652352486.exe (Exploit.Drop.7) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oiu0.8372889405507119.exe (Exploit.Drop.7) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oleda0.9989750222054834.exe (Exploit.Drop.7) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.6725955687060932.exe (Exploit.Drop.7) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.9239807595492523.exe (Exploit.Drop.7) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tue0.34384084942526916.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
(end) |
actions · 2014-Mar-21 12:28 pm · (locked) |
|
TravisB |
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org
Database version: v2014.03.10.06
Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Family :: THOMAS [administrator]
3/21/2014 9:12:42 AM mbam-log-2014-03-21 (09-12-42).txt
Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 235810 Time elapsed: 10 minute(s), 31 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 29 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully. HKCR\buenosearch.buenosearchdskBnd (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKCR\buenosearch.buenosearchdskBnd.1 (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKCR\buenosearch.buenosearchHlpr (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKCR\buenosearch.buenosearchHlpr.1 (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKCR\esrv.buenosearchESrvc (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKCR\esrv.buenosearchESrvc.1 (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\buenosearch LTD (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully. HKCU\Software\albrechto (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully. HKCU\Software\AppDataLow\Software\TidyNetwork (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. HKCU\Software\MozillaPlugins\@tnt2npapi.com/Plugin (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\buenosearch LTD (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKLM\Software\albrechto (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. HKCR\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{246F923E-6491-4B90-90DA-22CEC225719B} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. HKCR\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. HKCR\CLSID\{E844D5C4-98C4-4A90-9411-4005C360CE81} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E844D5C4-98C4-4A90-9411-4005C360CE81} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. HKCR\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874} (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKCR\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76} (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B} (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\buenosearch (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E844D5C4-98C4-4A90-9411-4005C360CE81} (PUP.Optional.TidyNetwork.A) -> Data: ÄÕDèÄ%u02DCJ"@Ã`Î -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{E844D5C4-98C4-4A90-9411-4005C360CE81} (PUP.Optional.TidyNetwork.A) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 18 C:\Documents and Settings\Family\Local Settings\Application Data\TNT2 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Common (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2\Profiles\10743 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0 (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7 (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Application Data\buenosearch LTD (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Application Data\buenosearch LTD\buenosearch (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
Files Detected: 83 C:\Documents and Settings\Family\My Documents\Downloads\Comodo-Internet-Security.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\My Documents\Downloads\VideoDownloadConvert.exe (PUP.Optional.MindSpark.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\My Documents\Downloads\WallpapersSetup.exe (PUP.Optional.ToolBarInstaller.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\My Documents\Downloads\java.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\Autorun.inf (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\crx.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\GameApps.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\GameEngine.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\log.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\MinecraftShims64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\npTNT2.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\npTNT2Ghost.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\progress.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\tnt2chrome.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\TNT2User.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UnInjLib.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UnInjLib64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\untar.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\xpi.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Common\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Common\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\icon.ico (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\inst.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\os10743.xml (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\PARTNER.1.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\partner.dat (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\runt.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\tnt_32x32.png (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\toolbar10743@findwide.com.xpi (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\yah10743.xml (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\174800aa848d25a8046ebe0627075e40 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\2acb3d320e6d06a1f53e26c88680578d (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\33d24483a26d2821cdf1424a88101c64 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\3b4af445da352763e9d749e3903a2a74 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\53347a1539592b7d0a13dee56d899d9d (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\6548291f8a8708c759468d383b69c32d (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\69eabf03002c2f08dc31f764265e0e84 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\9272262bbd60e7676a5afab5416ef7cb (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\ac7829f5a96db79589f0014e26c21af1 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\bbdc194061ce660e5e4224f5179609b8 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\e00c254ae55a4ba7b4eebbe03f39152c (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2\2.0.0.1702\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2\2.0.0.1702\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2\Profiles\10743\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Program Files\TNT2\Profiles\10743\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\build.json (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\manifest.json (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\script.js (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchApp.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchEng.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchsrv.exe (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\GUninstaller.exe (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\sqlite3.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\uninstall.exe (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Family\Application Data\buenosearch LTD\sqlite3.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
(end) |
actions · 2014-Mar-21 12:28 pm · (locked) |
TravisB |
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org
Database version: v2014.03.10.06
Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Family :: THOMAS [administrator]
3/21/2014 9:30:21 AM mbam-log-2014-03-21 (09-30-21).txt
Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 287296 Time elapsed: 56 minute(s), 39 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 0 (No malicious items detected)
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 0 (No malicious items detected)
Folders Detected: 0 (No malicious items detected)
Files Detected: 9 C:\AdwCleaner\Quarantine\C\Program Files\albrechto\updatealbrechto.exe.vir (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\albrechto\bin\utilalbrechto.exe.vir (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\w3i\InstallIQUpdater\InstallIQUpdater.exe.vir (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP649\A0251045.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP652\A0254424.exe (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP652\A0254428.exe (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP652\A0254435.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\15.03.2014_10.45.01\rtkt0000\zafs0000\tsk0005.dta (PUP.BitMiner) -> Quarantined and deleted successfully.
(end) |
actions · 2014-Mar-21 12:29 pm · (locked) |
TravisB |
Results of screen317's Security Check version 0.99.81 Windows XP Service Pack 3 x86 Internet Explorer 7 [color=red]Out of date![/color] [u]``````````````Antivirus/Firewall Check:``````````````[/u] [color=red]Windows Security Center service is not running! This report may not be accurate![/color] Windows Firewall Enabled! Microsoft Security Essentials [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 12.0.0.70 Adobe Reader XI Mozilla Firefox 27.0.1 [color=red]Firefox out of Date![/color] Google Chrome 33.0.1750.146 [u]````````Process Check: objlist.exe by Laurent````````[/u] Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Dropbox Apps Virus Removal & Spyware Step 5 - SecurityCheck (Logs).exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C:: 15% [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color] [u]````````````````````End of Log``````````````````````[/u] |
actions · 2014-Mar-21 12:29 pm · (locked) |
TravisB |
OTL Extras logfile created on: 3/21/2014 10:46:45 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.37 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 60.20% Memory free 1.88 Gb Paging File | 1.27 Gb Available in Paging File | 67.35% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 136.05 Gb Free Space | 91.28% Space Free | Partition Type: NTFS Drive E: | 29.81 Gb Total Space | 29.52 Gb Free Space | 99.02% Space Free | Partition Type: FAT32
Computer Name: THOMAS | User Name: Family | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] "DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] "DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.) "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series "{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}" = InstallIQ Updater "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype 6.14 "{7BBDFB3E-F8BE-4D52-98BA-B6087F8F1D58}" = PS7700 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update "{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001 "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "albrechto" = albrechto "Google Chrome" = Google Chrome "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "lvdrivers_12.10" = Logitech Webcam Software Driver Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "OpenAL" = OpenAL "RealPlayer 15.0" = RealPlayer "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "winusb0100" = Microsoft WinUsb 1.0 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ] Error - 3/11/2014 9:22:08 AM | Computer Name = THOMAS | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: with error: This network connection does not exist.
Error - 3/15/2014 1:06:16 PM | Computer Name = THOMAS | Source = JavaQuickStarterService | ID = 1 Description =
Error - 3/15/2014 1:34:33 PM | Computer Name = THOMAS | Source = Application Error | ID = 1000 Description = Faulting application vid.exe, version 6.1.6909.0, faulting module vid.exe, version 6.1.6909.0, fault address 0x000b1533.
Error - 3/15/2014 2:25:16 PM | Computer Name = THOMAS | Source = Application Error | ID = 1000 Description = Faulting application skype.exe, version 6.14.0.104, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x0000984e.
Error - 3/15/2014 2:28:15 PM | Computer Name = THOMAS | Source = .NET Runtime | ID = 1023 Description = .NET Runtime version 2.0.50727.3615 - Fatal Execution Engine Error (7A0360B0) (80131506)
Error - 3/15/2014 2:28:17 PM | Computer Name = THOMAS | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application msiexec.exe, version 3.1.4001.5512, stamp 4802526c, faulting module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0, fault address 0x001c60b0.
Error - 3/15/2014 2:46:06 PM | Computer Name = THOMAS | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 3/15/2014 2:46:35 PM | Computer Name = THOMAS | Source = Microsoft Security Client | ID = 5000 Description =
Error - 3/16/2014 12:08:04 PM | Computer Name = THOMAS | Source = Microsoft Security Client | ID = 5000 Description =
Error - 3/21/2014 11:00:46 AM | Computer Name = THOMAS | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
[ System Events ] Error - 3/21/2014 11:36:19 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001 Description = The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: %%1058
Error - 3/21/2014 11:36:21 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001 Description = The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: %%1058
Error - 3/21/2014 11:36:26 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001 Description = The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: %%1058
Error - 3/21/2014 11:36:26 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001 Description = The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: %%1058
Error - 3/21/2014 11:36:26 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001 Description = The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: %%1058
Error - 3/21/2014 11:36:27 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001 Description = The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: %%1058
Error - 3/21/2014 11:38:52 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001 Description = The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: %%1058
Error - 3/21/2014 11:44:36 AM | Computer Name = THOMAS | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.167.2096.0 Update Source: %%859 Update Stage: %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM
Current Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
Error - 3/21/2014 11:46:26 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001 Description = The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: %%1058
Error - 3/21/2014 11:52:39 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001 Description = The Network Location Awareness (NLA) service depends on the AFD service which failed to start because of the following error: %%1058 |
actions · 2014-Mar-21 12:32 pm · (locked) |
TravisB |
The OTL log is not posting due to file size. I don't have a good way to post it right now, but will as soon as I get home. |
actions · 2014-Mar-21 12:33 pm · (locked) |
TravisB |
Found the ADW logs:
# AdwCleaner v3.003 - Report created 15/03/2014 at 11:35:21 # Updated 07/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Family - THOMAS # Running from : E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware\AdwCleaner.exe # Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\WINDOWS\Tasks\EPUpdater.job Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} Folder Found : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} Folder Found C:\Documents and Settings\All Users\Application Data\Conduit Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker Folder Found C:\Documents and Settings\Family\Application Data\BabSolution Folder Found C:\Documents and Settings\Family\Application Data\Inbox Toolbar Folder Found C:\Documents and Settings\Family\Application Data\SiteRanker Folder Found C:\Documents and Settings\Family\Local Settings\Application Data\Conduit Folder Found C:\Documents and Settings\Family\My Documents\optimizer pro Folder Found C:\Documents and Settings\LocalService\Application Data\SiteRanker Folder Found C:\Program Files\Conduit Folder Found C:\Program Files\Inbox Toolbar Folder Found C:\Program Files\Search Toolbar Folder Found C:\Program Files\SiteRanker
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Freecause Key Found : HKCU\Software\BabSolution Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\ConduitSearchScopes Key Found : HKCU\Software\Inbox Toolbar Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\SiteRanker Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKCU\Software\Zugo Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\b Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Found : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Inbox.AppServer Key Found : HKLM\SOFTWARE\Classes\Inbox.IBX404 Key Found : HKLM\SOFTWARE\Classes\Inbox.JSServer Key Found : HKLM\SOFTWARE\Classes\Inbox.Toolbar Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2746180 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3059010 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Freeze.com Key Found : HKLM\Software\Inbox Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Found : HKLM\Software\TENCENT Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InstallIQUpdater] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxToolbar]
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.17091
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\prefs.js ]
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\prefs.js ]
-\\ Google Chrome v33.0.1750.146
[ File : C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9313 octets] - [15/03/2014 11:35:21]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9373 octets] ##########
# AdwCleaner v3.003 - Report created 15/03/2014 at 11:40:33 # Updated 07/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Family - THOMAS # Running from : E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware\AdwCleaner.exe # Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\Inbox Toolbar Folder Deleted : C:\Program Files\Search Toolbar Folder Deleted : C:\Program Files\SiteRanker Folder Deleted : C:\Documents and Settings\LocalService\Application Data\SiteRanker Folder Deleted : C:\Documents and Settings\Family\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Family\Application Data\BabSolution Folder Deleted : C:\Documents and Settings\Family\Application Data\Inbox Toolbar Folder Deleted : C:\Documents and Settings\Family\Application Data\SiteRanker Folder Deleted : C:\Documents and Settings\Family\My Documents\optimizer pro Folder Deleted : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File Deleted : C:\WINDOWS\Tasks\EPUpdater.job
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404 Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxToolbar] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2746180 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3059010 Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InstallIQUpdater] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\Inbox Toolbar Key Deleted : HKCU\Software\SiteRanker Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\Zugo Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Freecause Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\Inbox Toolbar Key Deleted : HKLM\Software\TENCENT Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.17091
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\prefs.js ]
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\prefs.js ]
-\\ Google Chrome v33.0.1750.146
[ File : C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9453 octets] - [15/03/2014 11:35:21] AdwCleaner[S0].txt - [9433 octets] - [15/03/2014 11:40:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9493 octets] ########## |
actions · 2014-Mar-21 12:53 pm · (locked) |
TravisB |
# AdwCleaner v3.022 - Report created 21/03/2014 at 08:51:44 # Updated 13/03/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Family - THOMAS # Running from : E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware\Step 3 - ADW.exe # Option : Scan
***** [ Services ] *****
Service Found : Update Albrechto Service Found : Util Albrechto
***** [ Files / Folders ] *****
Folder Found C:\Documents and Settings\All Users\Application Data\w3i Folder Found C:\Program Files\albrechto Folder Found C:\Program Files\w3i
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1881A451-F7FB-44BC-85B2-FCEA4B1403E3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Found : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore Key Found : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Found : HKLM\SOFTWARE\Classes\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{828DC97A-2277-4E10-92A9-4907FA0922A9}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.17091
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://search.findwide.com/?guid={246F923E-6491-4B90-90DA-22CEC225719B}&serpv=22 Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://search.findwide.com/?guid={246F923E-6491-4B90-90DA-22CEC225719B}&serpv=22
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\prefs.js ]
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\prefs.js ]
-\\ Google Chrome v33.0.1750.146
[ File : C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9453 octets] - [15/03/2014 11:35:21] AdwCleaner[R1].txt - [3623 octets] - [21/03/2014 08:51:44] AdwCleaner[S0].txt - [9573 octets] - [15/03/2014 11:40:33]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3743 octets] ##########
# AdwCleaner v3.022 - Report created 21/03/2014 at 08:53:06 # Updated 13/03/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Family - THOMAS # Running from : E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware\Step 3 - ADW.exe # Option : Clean
***** [ Services ] *****
[#] Service Deleted : Update Albrechto [#] Service Deleted : Util Albrechto
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\w3i Folder Deleted : C:\Program Files\albrechto Folder Deleted : C:\Program Files\w3i
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1881A451-F7FB-44BC-85B2-FCEA4B1403E3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{828DC97A-2277-4E10-92A9-4907FA0922A9}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.17091
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\prefs.js ]
[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\prefs.js ]
-\\ Google Chrome v33.0.1750.146
[ File : C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9453 octets] - [15/03/2014 11:35:21] AdwCleaner[R1].txt - [3823 octets] - [21/03/2014 08:51:44] AdwCleaner[S0].txt - [9573 octets] - [15/03/2014 11:40:33] AdwCleaner[S1].txt - [3650 octets] - [21/03/2014 08:53:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3710 octets] ########## |
actions · 2014-Mar-21 12:53 pm · (locked) |
lilhurricaneCrunchin' For Cures Numquam oblita join:2003-01-11 Purple Zone |
Hi Travis!
Someone will be reviewing shortly Just the logs from the first run of an app is needed |
actions · 2014-Mar-21 1:26 pm · (locked) |
2 recommendations |
to TravisB
You are not going to be happy. That computer has been, and most likely still is, so heavily infected that even if we could get it clean, the stability of the OS is questionable.
The only recommendation I will give is to flatten and repave. In simple terms, do a full reformat, and start over.
Note: Come April 8, 2014, Windows XP ceases to be a supported product |
actions · 2014-Mar-21 6:20 pm · (locked) |
TravisB
join:2000-02-22 Colorado Springs, CO
1 recommendation |
I appreciate the honest answer. I knew it was bad when I saw service after service that seemed completely random. He brought it to me just to make sure it was bad as he expected. I'll let him know about XP although he will probably just go with a new machine after this. Thank you for taking the time to help! |
actions · 2014-Mar-23 2:39 am · (locked) |
|
to TravisB
You're welcome Travis, anytime. |
actions · 2014-Mar-23 10:18 am · (locked) |
your moderator at work
hidden : Friendly delete
|