dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2883

TravisB

join:2000-02-22
Colorado Springs, CO

TravisB

Toshiba Laptop - Windows 7 - Lots of Services / Issues

I am working on a computer for someone and ran the first few steps. He complained first about not being able to get on the internet, the computer running extremely slow, and pop-ups. I noticed that he is not getting an IP address. Ran TFC, then ADW, then MBAM. Ran the other tools to get the logs. I do not have an internet connection at this moment so I wasn't able to do the online scan, it's still stuck on Acquiring IP Address. I have posted the logs (except for ADW which has disappeared and now the computer comes up clean when running ADW).

I noticed there are TONS of services set for Automatic that don't seem legitimate, however, I don't know the first thing about checking them.
TravisB

TravisB

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Family :: THOMAS [administrator]

3/15/2014 10:55:38 AM
mbam-log-2014-03-15 (10-55-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233132
Time elapsed: 12 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKCR\.exe| (Hijacked.exeFile) -> Bad: () Good: (exefile) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 2
C:\Program Files\ResultBrowse (Adware.ResultBrowse) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ResultBrowse (Adware.ResultBrowse) -> Quarantined and deleted successfully.

Files Detected: 103
C:\WINDOWS\system32\FINEPIX_PCC.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iolo_srv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RR2IOMod.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BCMTPM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\acedrv07.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aniwzcsdservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BQ47v8Twr.com__ (Backdoor.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\btwhid.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cfsvcs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efs.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mi-raysat_3dsmax9_32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mqdmbus.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netwg311.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opcenum.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\papycpu2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PEVSystemStart.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\raidmsvr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ramaint.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\savscan.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SDdriver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spupdsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SQLAgent$MICROSOFTSMLBIZ.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysaudio.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TIEHDUSB.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WDM_YAMAHAAC97.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ZY202_XP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NxSysMon.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.041242485500795345fdrgs.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.04275440537616104.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.11345929312883385.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0.6781976861894342.exe (Trojan.Agent.PE5) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\edbqsqfd.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hki155065.exe (Backdoor.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hki157599.exe (Backdoor.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hki159917.exe (Backdoor.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\85252.42922196371.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qodpq.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sp31329.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\trgfuf.exe (Trojan.CryptMar.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.0625561013584578.exe (Trojan.Dropper.Hosts) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.22047202412738476.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.24460594596829766.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fka0.3509157898208619.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fka0.47119542290562577.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\717920.0726406681.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.0637782441789112.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.12855091349101666.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.12871906380633147.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.20598818261310592.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.2798869469590659.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.29265421830784644.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.3376905620782825.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.41390639962172815.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.44414868075580216.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.4769534091737273.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.4803823502278074.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.48581265535319307.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.5515877921882117.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.618888935389385.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.6531892094617456.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.6815570602630856.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.7005526392365238.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.7781882511095065.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.8778924179472143.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lgeg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mos0.8556052076630436.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oleda0.6626151196983586.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gdfyghret.exe (Trojan.Dropper.Hosts) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.45259020541181516.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.47172886682443627.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.5268450135536066.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.5290364952007828.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.5333288624430002.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.5545591325707763.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.5782639786777269.exe (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.6193462863812402.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.6537918659445762.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.6625994086865452.exe (Trojan.Downloader.CBCGen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.6882372843771726.exe (Trojan.CryptMar.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.7227014446501653.exe (Trojan.CryptPro.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.7803883422349152.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.8042521598646392.exe (Rogue.Chameleon2012) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oleda0.6496646688357051.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl6512669807191865829.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl6677042539283288318.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\omombqc.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl1497859018860397988.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl2746395002049733477.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\p9pl5273528712244123954.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.3988427639403499.exe (Trojan.CryptMar.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.8564205909983856.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zkzbmbq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hwdtdv\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SIQF8GVX\upgrade[1].cab (Adware.Agent.ZGen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fka0.3461853597593171.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.5052627906857509.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.7616109652352486.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oiu0.8372889405507119.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oleda0.9989750222054834.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.6725955687060932.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.9239807595492523.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tue0.34384084942526916.exe (Exploit.Drop.7) -> Quarantined and deleted successfully.

(end)
TravisB

TravisB

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.10.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Family :: THOMAS [administrator]

3/21/2014 9:12:42 AM
mbam-log-2014-03-21 (09-12-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235810
Time elapsed: 10 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 29
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20FEC4E7-F7B7-438B-8191-33D2EFC5EBEA} (PUP.Optional.ShopToWin.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{45470599-8237-486D-87B5-E89CD6AED154} (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKCR\buenosearch.buenosearchdskBnd (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKCR\buenosearch.buenosearchdskBnd.1 (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKCR\buenosearch.buenosearchHlpr (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKCR\buenosearch.buenosearchHlpr.1 (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKCR\esrv.buenosearchESrvc (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKCR\esrv.buenosearchESrvc.1 (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\buenosearch LTD (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKCU\Software\albrechto (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\TidyNetwork (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCU\Software\MozillaPlugins\@tnt2npapi.com/Plugin (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\buenosearch LTD (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWordTool (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKLM\Software\albrechto (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ABB8A8A5-FF98-40F6-B573-5841B063EA37} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{246F923E-6491-4B90-90DA-22CEC225719B} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E844D5C4-98C4-4A90-9411-4005C360CE81} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E844D5C4-98C4-4A90-9411-4005C360CE81} (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{8322EB6E-B594-41F6-A30B-CF3F800E1874} (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{4CC15FBA-46A4-4CB5-BFAF-F2335365AE76} (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B} (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\buenosearch (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E844D5C4-98C4-4A90-9411-4005C360CE81} (PUP.Optional.TidyNetwork.A) -> Data: ÄÕDèÄ%u02DCJ"@Ã`΁ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{E844D5C4-98C4-4A90-9411-4005C360CE81} (PUP.Optional.TidyNetwork.A) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 18
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Common (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2\2.0.0.1702 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2\Profiles (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2\Profiles\10743 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0 (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7 (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\buenosearch LTD (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\buenosearch LTD\buenosearch (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.

Files Detected: 83
C:\Documents and Settings\Family\My Documents\Downloads\Comodo-Internet-Security.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\My Documents\Downloads\VideoDownloadConvert.exe (PUP.Optional.MindSpark.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\My Documents\Downloads\WallpapersSetup.exe (PUP.Optional.ToolBarInstaller.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\My Documents\Downloads\java.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\Autorun.inf (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\crx.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\GameApps.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\GameEngine.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\GLOBALUNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\hmac.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\iestage2.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\INSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\log.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\MinecraftShims64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\npTNT2.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\npTNT2Ghost.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\PARTNER.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\pinnedSearch_FindWide.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\progress.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\regsvr.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\RemoteSkin.wms (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\sqlite.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\tnt2chrome.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\TNT2User.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\TntMagicDel.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UnInjLib.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UnInjLib64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UNINSTALL.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UninstallDlg.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\untar.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\UPDATE.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\xpi.tar (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\2.0.0.1702\zipunzip.1.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Common\GameConsole.exe (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Common\pinnedSearch.htm (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\icon.ico (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\inst.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\LastSession.log (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\os10743.xml (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\PARTNER.1.TNT (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\partner.dat (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\runt.ini (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\tnt_32x32.png (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\toolbar10743@findwide.com.xpi (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\yah10743.xml (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\174800aa848d25a8046ebe0627075e40 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\2acb3d320e6d06a1f53e26c88680578d (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\33d24483a26d2821cdf1424a88101c64 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\3b4af445da352763e9d749e3903a2a74 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\53347a1539592b7d0a13dee56d899d9d (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\6548291f8a8708c759468d383b69c32d (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\69eabf03002c2f08dc31f764265e0e84 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\9272262bbd60e7676a5afab5416ef7cb (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\ac7829f5a96db79589f0014e26c21af1 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\bbdc194061ce660e5e4224f5179609b8 (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\TNT2\Profiles\10743\Cache\e00c254ae55a4ba7b4eebbe03f39152c (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2\TNT2UserPS.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2\TNT2UserPS64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2\2.0.0.1702\IEToolbar.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2\2.0.0.1702\IEToolbar64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2\Profiles\10743\passport.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Program Files\TNT2\Profiles\10743\passport64.dll (PUP.Optional.TidyNetwork.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\build.json (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\manifest.json (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\djgojpphcoccgjoafgdhiomafpcopmfn\1_0\script.js (PUP.Optional.MyWordTool.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchApp.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchEng.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchsrv.exe (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\GUninstaller.exe (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\sqlite3.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\uninstall.exe (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Program Files\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Family\Application Data\buenosearch LTD\sqlite3.dll (PUP.Optional.BuenoSearch.A) -> Quarantined and deleted successfully.

(end)
TravisB

TravisB

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.10.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Family :: THOMAS [administrator]

3/21/2014 9:30:21 AM
mbam-log-2014-03-21 (09-30-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287296
Time elapsed: 56 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\AdwCleaner\Quarantine\C\Program Files\albrechto\updatealbrechto.exe.vir (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\albrechto\bin\utilalbrechto.exe.vir (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files\w3i\InstallIQUpdater\InstallIQUpdater.exe.vir (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP649\A0251045.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP652\A0254424.exe (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP652\A0254428.exe (PUP.Optional.Albrechto.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP652\A0254435.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\15.03.2014_10.45.01\rtkt0000\zafs0000\tsk0005.dta (PUP.BitMiner) -> Quarantined and deleted successfully.

(end)
TravisB

TravisB

Results of screen317's Security Check version 0.99.81
Windows XP Service Pack 3 x86
Internet Explorer 7 [color=red]Out of date![/color]
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
[color=red]Windows Security Center service is not running! This report may not be accurate![/color]
Windows Firewall Enabled!
Microsoft Security Essentials
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI
Mozilla Firefox 27.0.1 [color=red]Firefox out of Date![/color]
Google Chrome 33.0.1750.146
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Dropbox Apps Virus Removal & Spyware Step 5 - SecurityCheck (Logs).exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 15% [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color]
[u]````````````````````End of Log``````````````````````[/u]
TravisB

TravisB

OTL Extras logfile created on: 3/21/2014 10:46:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 60.20% Memory free
1.88 Gb Paging File | 1.27 Gb Available in Paging File | 67.35% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 136.05 Gb Free Space | 91.28% Space Free | Partition Type: NTFS
Drive E: | 29.81 Gb Total Space | 29.52 Gb Free Space | 99.02% Space Free | Partition Type: FAT32

Computer Name: THOMAS | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}" = InstallIQ Updater
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7BBDFB3E-F8BE-4D52-98BA-B6087F8F1D58}" = PS7700
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"albrechto" = albrechto
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"RealPlayer 15.0" = RealPlayer
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 3/11/2014 9:22:08 AM | Computer Name = THOMAS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 3/15/2014 1:06:16 PM | Computer Name = THOMAS | Source = JavaQuickStarterService | ID = 1
Description =

Error - 3/15/2014 1:34:33 PM | Computer Name = THOMAS | Source = Application Error | ID = 1000
Description = Faulting application vid.exe, version 6.1.6909.0, faulting module
vid.exe, version 6.1.6909.0, fault address 0x000b1533.

Error - 3/15/2014 2:25:16 PM | Computer Name = THOMAS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.14.0.104, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x0000984e.

Error - 3/15/2014 2:28:15 PM | Computer Name = THOMAS | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3615 - Fatal Execution Engine Error
(7A0360B0) (80131506)

Error - 3/15/2014 2:28:17 PM | Computer Name = THOMAS | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, stamp 4802526c,
faulting module mscorwks.dll, version 2.0.50727.3615, stamp 4be902c7, debug? 0,
fault address 0x001c60b0.

Error - 3/15/2014 2:46:06 PM | Computer Name = THOMAS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.4.304.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 3/15/2014 2:46:35 PM | Computer Name = THOMAS | Source = Microsoft Security Client | ID = 5000
Description =

Error - 3/16/2014 12:08:04 PM | Computer Name = THOMAS | Source = Microsoft Security Client | ID = 5000
Description =

Error - 3/21/2014 11:00:46 AM | Computer Name = THOMAS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ System Events ]
Error - 3/21/2014 11:36:19 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%1058

Error - 3/21/2014 11:36:21 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%1058

Error - 3/21/2014 11:36:26 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%1058

Error - 3/21/2014 11:36:26 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%1058

Error - 3/21/2014 11:36:26 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%1058

Error - 3/21/2014 11:36:27 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%1058

Error - 3/21/2014 11:38:52 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%1058

Error - 3/21/2014 11:44:36 AM | Computer Name = THOMAS | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.167.2096.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.10302.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 3/21/2014 11:46:26 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%1058

Error - 3/21/2014 11:52:39 AM | Computer Name = THOMAS | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the AFD service
which failed to start because of the following error: %%1058
TravisB

TravisB

The OTL log is not posting due to file size. I don't have a good way to post it right now, but will as soon as I get home.
TravisB

TravisB

Found the ADW logs:

# AdwCleaner v3.003 - Report created 15/03/2014 at 11:35:21
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Family - THOMAS
# Running from : E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\WINDOWS\Tasks\EPUpdater.job
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Documents and Settings\All Users\Application Data\Conduit
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker
Folder Found C:\Documents and Settings\Family\Application Data\BabSolution
Folder Found C:\Documents and Settings\Family\Application Data\Inbox Toolbar
Folder Found C:\Documents and Settings\Family\Application Data\SiteRanker
Folder Found C:\Documents and Settings\Family\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\Family\My Documents\optimizer pro
Folder Found C:\Documents and Settings\LocalService\Application Data\SiteRanker
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Inbox Toolbar
Folder Found C:\Program Files\Search Toolbar
Folder Found C:\Program Files\SiteRanker

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Inbox Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\SiteRanker
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Found : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Found : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Found : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2746180
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3059010
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Inbox Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\TENCENT
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InstallIQUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxToolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.17091

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\prefs.js ]

-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9313 octets] - [15/03/2014 11:35:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9373 octets] ##########

# AdwCleaner v3.003 - Report created 15/03/2014 at 11:40:33
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Family - THOMAS
# Running from : E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Program Files\SiteRanker
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\SiteRanker
Folder Deleted : C:\Documents and Settings\Family\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Family\Application Data\BabSolution
Folder Deleted : C:\Documents and Settings\Family\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Family\Application Data\SiteRanker
Folder Deleted : C:\Documents and Settings\Family\My Documents\optimizer pro
Folder Deleted : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\WINDOWS\Tasks\EPUpdater.job

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ClickPotato
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxToolbar]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2746180
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3059010
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InstallIQUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\SiteRanker
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.17091

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\prefs.js ]

-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9453 octets] - [15/03/2014 11:35:21]
AdwCleaner[S0].txt - [9433 octets] - [15/03/2014 11:40:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9493 octets] ##########
TravisB

TravisB

# AdwCleaner v3.022 - Report created 21/03/2014 at 08:51:44
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Family - THOMAS
# Running from : E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware\Step 3 - ADW.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update Albrechto
Service Found : Util Albrechto

***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\All Users\Application Data\w3i
Folder Found C:\Program Files\albrechto
Folder Found C:\Program Files\w3i

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1881A451-F7FB-44BC-85B2-FCEA4B1403E3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore
Key Found : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{828DC97A-2277-4E10-92A9-4907FA0922A9}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.17091

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://search.findwide.com/?guid={246F923E-6491-4B90-90DA-22CEC225719B}&serpv=22
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://search.findwide.com/?guid={246F923E-6491-4B90-90DA-22CEC225719B}&serpv=22

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\prefs.js ]

-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9453 octets] - [15/03/2014 11:35:21]
AdwCleaner[R1].txt - [3623 octets] - [21/03/2014 08:51:44]
AdwCleaner[S0].txt - [9573 octets] - [15/03/2014 11:40:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3743 octets] ##########

# AdwCleaner v3.022 - Report created 21/03/2014 at 08:53:06
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Family - THOMAS
# Running from : E:\DropboxPortableAHK\Dropbox\Apps\Virus Removal & Spyware\Step 3 - ADW.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update Albrechto
[#] Service Deleted : Util Albrechto

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\w3i
Folder Deleted : C:\Program Files\albrechto
Folder Deleted : C:\Program Files\w3i

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore
Key Deleted : HKLM\SOFTWARE\Classes\buenosearch.buenosearchappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1881A451-F7FB-44BC-85B2-FCEA4B1403E3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{828DC97A-2277-4E10-92A9-4907FA0922A9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{828DC97A-2277-4E10-92A9-4907FA0922A9}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.17091

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\oyh4jv13.default-1393971082370\prefs.js ]

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zjqgdm6.default\prefs.js ]

-\\ Google Chrome v33.0.1750.146

[ File : C:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [9453 octets] - [15/03/2014 11:35:21]
AdwCleaner[R1].txt - [3823 octets] - [21/03/2014 08:51:44]
AdwCleaner[S0].txt - [9573 octets] - [15/03/2014 11:40:33]
AdwCleaner[S1].txt - [3650 octets] - [21/03/2014 08:53:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3710 octets] ##########

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

Hi Travis!

Someone will be reviewing shortly
Just the logs from the first run of an app is needed

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

2 recommendations

LoPhatPhuud to TravisB

MVM

to TravisB
You are not going to be happy. That computer has been, and most likely still is, so heavily infected that even if we could get it clean, the stability of the OS is questionable.

The only recommendation I will give is to flatten and repave. In simple terms, do a full reformat, and start over.

Note: Come April 8, 2014, Windows XP ceases to be a supported product

TravisB

join:2000-02-22
Colorado Springs, CO

1 recommendation

TravisB

I appreciate the honest answer. I knew it was bad when I saw service after service that seemed completely random. He brought it to me just to make sure it was bad as he expected. I'll let him know about XP although he will probably just go with a new machine after this. Thank you for taking the time to help!

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to TravisB

MVM

to TravisB
You're welcome Travis, anytime.
Expand your moderator at work