Hi,
Thank you for the help. Nothing came up on malwarebytes scan. Here are the others.
# AdwCleaner v5.030 - Logfile created 18/01/2016 at 09:41:13
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - RICKSTER-9A6C19
# Running from : C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\My Documents\Downloads\adwcleaner_5.030(2).exe
# Option : Scan
# Support :
http://toolslib.net/forum***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Found : C:\Documents and Settings\All Users\Application Data\simplitec
Folder Found : C:\Program Files\4C4C4544-1440301071-4E10-8042-C8C04F4B4331
Folder Found : C:\Program Files\4C4C4544-1450045030-4E10-8042-C8C04F4B4331
Folder Found : C:\WINDOWS\system32\GroupPolicy\Adm
***** [ Files ] *****
File Found : C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
***** [ DLL ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
Key Found : HKCU\Software\360
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\WEBAPP
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
***** [ Web browsers ] *****
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js] [Preference] Found : user_pref("browser.search.defaulturl", "hxxp://websearch.searchoholic.info/?pid=21073&r=2015/01/05&hid=6257836138338365111&lg=EN&cc=US&unqvl=72&l=1&q=");
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js] [Preference] Found : user_pref("browser.search.order.1", "WebSearch");
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js] [Preference] Found : user_pref("browser.search.order.1,S", "WebSearch");
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js] [Preference] Found : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon[...]
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js] [Preference] Found : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js] [Preference] Found : user_pref("extensions.crossrider.bic", "14f58ec6c3e1fc090295ffaffd6384b3");
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js] [Preference] Found : user_pref("network.hxxp.request.max-start-delay", 0);
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : windows-7-easy-transfer-xp.en.softonic.com
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : www-searching.com
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : trovi.search
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found :
hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334623&octid=EB_ORIGINAL_CTID&ISID=MB30878B1-7BB7-40D1-85EA-72812B7079A7&SearchSource=58&CUI=&UM=8&UP=SP5866A263-5CA7-48E3-8F2B-EDBA007545E1&D=082215&q={searchTerms}&SSPV=[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : papbadoldddalgcjcicnikcfenodpghp
[C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found :
hxxp://www.trovi.com/?gd=&ctid=CT3334623&octid=EB_ORIGINAL_CTID&ISID=MB30878B1-7BB7-40D1-85EA-72812B7079A7&SearchSource=55&CUI=&UM=8&UP=SP5866A263-5CA7-48E3-8F2B-EDBA007545E1&D=082215&SSPV=########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [6853 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Limited) on Mon 01/18/2016 at 10:39:58.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Failed to delete: C:\WINDOWS\System32\wscm32.dll (File)
Deleted the following from C:\Documents and Settings\Administrator.RICKSTER-9A6C19.000\Application Data\Mozilla\Firefox\Profiles\kis557cd.default-1416876560906\prefs.js
user_pref(browser.search.defaultenginename,S, WebSearch);
user_pref(browser.search.defaulturl,
hxxp://websearch.searchoholic.info/?pid=21073&r=2015/01/05&hid=6257836138338365111&lg=EN&cc=US&unqvl=72&l=1&q=);user_pref(browser.search.order.1, WebSearch);
user_pref(browser.search.order.1,S, WebSearch);
user_pref(browser.search.selectedEngine,S, WebSearch);
user_pref(extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value, %7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22am
user_pref(extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__fifty_test_rules.value, %7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasi
user_pref(extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A%7B%22urls%22%3A%5B
user_pref(extensions.crossrider.bic, 14f58ec6c3e1fc090295ffaffd6384b3);
Registry: 1
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/18/2016 at 10:43:43.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Results of screen317's Security Check version 1.009
Windows XP x86
Out of date service pack!! Internet Explorer 6
Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled!
360 Total Security
Antivirus up to date! (On Access scanning
disabled!)
`````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! HijackThis 2.0.2
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
TuneUp Utilities 2014
Java 8 Update 25
Java 8 Update 51
Java version 32-bit out of Date! Adobe Flash Player 20.0.0.267
Mozilla Firefox (43.0.4)
Google Chrome (47.0.2526.106)
Google Chrome (47.0.2526.111)
````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````