Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected with Babylon.Toolbar & ChatZum Search & More [Solved]

Started by cherdon , Sep 22 2012 02:34 AM

This topic is locked

#1
cherdon

Posted 22 September 2012 - 02:34 AM

Member

Member
21 posts

I noticed my puter slowing up quite abit and when I would click on stuff, alot of times it would freeze and I would have to reboot or I would get numerous windows along my taskbar and would have one heck of a time trying to delete them all. I ran ESET Smart Security and it turns out I had Widgi.Toolbar, IncrediBar, SweetIM, Statcounter & Babylon.Toolbar. Supposedly it got rid of everything but Babylon. Its not in add/remove. I checked toolbars & extensions in add ons and nothing is there. I scanned with Spybot Search & Destroy. I did a scan with Malwarebytes and then it showed Babylon but said it cant be fixed because of it being in use in registry..something to that effect. But while I was running Malwarebytes scan the Installing Adobe Shockwave Player came up (which I didn't want) and is determined for me to intall google toolbar which I dont want and theres no way to delete it or x it out. All there is is a next button so CTRL ALT DEL is my only alternative. I also ran hijack this but have no clue what can be deleted. Please help me fix these issues. Your help in this matter would be greatly appreciated. I have Windows XP and use IE8.

#2
Essexboy

Posted 22 September 2012 - 04:33 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there lets have a look see for you

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#3
cherdon

Posted 22 September 2012 - 10:15 AM

Member

Topic Starter
Member
21 posts

Hi Essexboy

I ran AdwCleaner the OTL and have posted both logs below. Will check back often. Appreciate your help. Thanks.

OTL logfile created on: 9/22/2012 11:42:16 AM - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\Cheryl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.40% Memory free
3.84 Gb Paging File | 3.35 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 214.87 Gb Free Space | 72.08% Space Free | Partition Type: NTFS

Computer Name: CHERYL-A778CF1B | User Name: Cheryl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 10:37:19 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/21 00:57:02 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/16 16:22:48 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/05/16 16:17:30 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2012/03/14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 08:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012/03/14 08:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012/03/14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{FE11CF33-D391-4897-934E-C275DFD256EF}: "URL" = http://search.chatzu...q={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\InprocServer32 File not found
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzu...q={searchTerms}
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes\{250C7536-B7B6-4F09-81CE-E24F48991F60}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes\{FE11CF33-D391-4897-934E-C275DFD256EF}: "URL" = http://www.google.co...1I7ADFA_enCA484
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/09/21 23:11:06 | 000,000,000 | ---D | M]

[2012/09/16 22:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/09/22 02:38:02 | 000,444,321 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15263 more lines...
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..Trusted Domains: blogspot.ca ([mama-nibbles] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342092933781 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/16 16:11:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 10:37:13 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2012/09/22 04:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2012/09/22 04:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Start Menu\Programs\HiJackThis
[2012/09/22 02:53:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/22 02:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 01:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/22 01:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/09/21 23:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\ESET
[2012/09/21 23:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\ESET
[2012/09/21 23:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/09/21 23:06:29 | 001,374,624 | ---- | C] (ESET) -- C:\Documents and Settings\Cheryl\Desktop\eset_smart_security_live_installer.exe
[2012/09/20 14:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/09/20 14:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\GFI Software
[2012/09/20 14:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\Avg2013
[2012/09/18 22:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\TuneUp Software
[2012/09/18 22:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/09/18 22:26:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/18 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\MFAData
[2012/09/18 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/18 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/18 00:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/18 00:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/09/17 14:32:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cheryl\Recent
[2012/09/16 22:17:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/09/16 22:17:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/09/16 22:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/15 11:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/22 11:28:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/22 10:57:35 | 000,512,737 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\adwcleaner.exe
[2012/09/22 10:56:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/22 10:37:19 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2012/09/22 04:02:46 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\HiJackThis.lnk
[2012/09/22 03:05:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/09/22 03:03:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\registered copy malwarebytes.rtf
[2012/09/22 02:53:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 02:38:02 | 000,444,321 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/22 01:31:02 | 000,001,064 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/09/22 01:08:42 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Spybot - Search & Destroy.lnk
[2012/09/21 23:06:36 | 001,374,624 | ---- | M] (ESET) -- C:\Documents and Settings\Cheryl\Desktop\eset_smart_security_live_installer.exe
[2012/09/21 22:51:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/21 21:15:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{30802A31-A78A-4571-AA68-EA7AA678B793}.job
[2012/09/21 11:16:39 | 000,000,359 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\registration code for kespersky 2012.rtf
[2012/09/21 11:12:31 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db
[2012/09/20 15:00:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2012/09/20 03:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/09/19 13:43:48 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/09/18 22:17:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/18 00:28:17 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/17 14:34:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/31 21:41:37 | 000,015,234 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\293478_4339416124823_1175473176_n.jpg
[2012/08/29 19:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe
[2012/08/25 18:34:10 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/22 10:57:33 | 000,512,737 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\adwcleaner.exe
[2012/09/22 04:02:24 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\HiJackThis.lnk
[2012/09/22 02:56:04 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\registered copy malwarebytes.rtf
[2012/09/22 02:53:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 01:30:56 | 000,001,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/09/22 01:08:42 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Spybot - Search & Destroy.lnk
[2012/09/21 22:51:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/21 11:16:38 | 000,000,359 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\registration code for kespersky 2012.rtf
[2012/09/21 11:12:29 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db
[2012/09/20 15:00:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2012/09/20 14:58:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012/09/19 13:43:56 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/08/31 21:43:07 | 000,015,234 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\293478_4339416124823_1175473176_n.jpg
[2012/08/29 19:15:30 | 003,782,214 | ---- | C] () -- C:\chatzum_nt.exe
[2012/06/20 21:48:12 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/05/26 21:49:01 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/16 20:24:29 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 17:03:41 | 000,205,652 | ---- | C] () -- C:\WINDOWS\hpoins50.dat
[2012/05/16 17:03:41 | 000,001,241 | ---- | C] () -- C:\WINDOWS\hpomdl50.dat
[2012/05/16 16:40:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/16 16:26:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2012/05/16 16:13:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/16 16:09:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/16 12:03:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/16 12:02:32 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/05/31 23:08:23 | 000,060,442 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\cheryl\n.JPG
[2010/03/11 16:08:46 | 001,097,640 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\soph\u.JPG
[2009/10/09 00:20:14 | 002,500,956 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\Sweet Sophie\l.jpg
[2009/10/09 00:20:14 | 002,568,745 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\Sweet Sophie\n.jpg
[2010/11/15 01:05:47 | 001,166,454 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\pics from carries FB\n.bmp

========== LOP Check ==========

[2012/09/18 22:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/20 14:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/09/18 22:26:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/20 14:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/05/26 23:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2012/09/21 23:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/05/25 01:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/09/20 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/16 20:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/07/25 11:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/05/27 11:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2012/05/16 17:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/27 12:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\EasiestSoft
[2012/09/21 23:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\ESET
[2012/07/25 01:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\IObit
[2012/05/28 12:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Media Player Lite
[2012/05/16 16:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Oracle
[2012/09/18 22:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\TuneUp Software
[2012/07/25 11:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Visan
[2012/05/27 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Wondershare Video Converter Ultimate

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 08:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 08:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 08:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 08:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 08:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 08:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 08:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 08:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 08:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 08:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 08:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 08:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 08:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 08:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 08:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 08:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 08:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 08:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 08:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 08:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 08:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 08:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 08:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 08:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 08:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 08:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/14 08:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 08:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2012/08/29 19:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 08:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2008/04/14 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/07/27 16:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 08:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2012/05/26 23:14:59 | 000,001,602 | ---- | M] () MD5=1491F408074122E50AE5309F86B1E5F8 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 03:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >
[2012/05/16 16:10:31 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012/05/16 16:14:29 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/05/16 16:28:37 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/05/16 17:39:16 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{30802A31-A78A-4571-AA68-EA7AA678B793}.job
[2012/05/26 23:14:31 | 000,000,384 | ---- | C] () -- C:\WINDOWS\Tasks\ErrorEND.job

< End of report >

Attached Files

AdwCleanerS3.txt 726bytes 97 downloads
OTL.Txt 80.18KB 90 downloads

#4
Essexboy

Posted 22 September 2012 - 12:19 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you post the malwarebytes log please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL
IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{FE11CF33-D391-4897-934E-C275DFD256EF}: "URL" = http://search.chatzu...q={searchTerms}
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\InprocServer32 File not found
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
O3 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#5
cherdon

Posted 22 September 2012 - 03:04 PM

Member

Topic Starter
Member
21 posts

Hi Essexboy

Unfortunately I didn't save the Malwarebytes log when I first did scan before I joined this forum as I never thought of it at the time to do so. I did do an earlier scan today and it said nothing was found but I know how my puter normally runs and there is a big difference. I will send you a log if you still want it. I did run OTL and after copying and pasting the entire message shown in red below, I clicked on Run Fix. I didn't touch it but after 2 hours and nothing, I figured maybe the screen froze or something. Not sure how long this normally takes..could you give me an idea so I will know whether its working properly or not and whether I should see movement when killing processes are taking place. I'm not going to do it again until I hear back from you. Will check back real soon. Thanks

PS - Was I to copy & paste the OTL section as well as the Command section or was I only suppose to copy & paste Commands section and does that include copying heading OTL & Heading Command or just whats underneath ???? Please clarify as this is important.

:OTL
IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{FE11CF33-D391-4897-934E-C275DFD256EF}: "URL" = http://search.chatzu...q={searchTerms}
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\InprocServer32 File not found
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
O3 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

#6
Essexboy

Posted 22 September 2012 - 03:43 PM

GeekU Moderator

Retired Staff
69,964 posts

Ok it is MBAM blocking OTL so I will revise the script to get it to run .. Try this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL 
IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms} 
IE - HKLM\..\SearchScopes\{FE11CF33-D391-4897-934E-C275DFD256EF}: "URL" = http://search.chatzu...q={searchTerms} 
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - SOFTWARE\Classes\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}\InprocServer32 File not found 
IE - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
O3 - HKU\S-1-5-21-1214440339-1659004503-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. 
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present 
 
:Commands 
[purity] 
[resethosts] 
[emptyjava] 
[CREATERESTOREPOINT] 
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#7
cherdon

Posted 22 September 2012 - 04:06 PM

Member

Topic Starter
Member
21 posts

It worked

I have posted log you asked for.

OTL logfile created on: 9/22/2012 5:56:22 PM - Run 4
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Documents and Settings\Cheryl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.26% Memory free
3.84 Gb Paging File | 3.41 Gb Available in Paging File | 88.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 214.84 Gb Free Space | 72.07% Space Free | Partition Type: NTFS

Computer Name: CHERYL-A778CF1B | User Name: Cheryl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/22 10:37:19 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/21 00:57:02 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/16 16:22:48 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012/05/16 16:17:30 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2012/03/14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 08:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012/03/14 08:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012/03/14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzu...q={searchTerms}
IE - HKCU\..\SearchScopes\{250C7536-B7B6-4F09-81CE-E24F48991F60}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{FE11CF33-D391-4897-934E-C275DFD256EF}: "URL" = http://www.google.co...1I7ADFA_enCA484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12EI\Installr\1.bin\NP12EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/09/21 23:11:06 | 000,000,000 | ---D | M]

[2012/09/16 22:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/09/22 17:53:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blogspot.ca ([mama-nibbles] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342092933781 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03A1F3B4-09A7-4F3D-A3F2-2786877B1477}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/16 16:11:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 15:15:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/22 10:37:13 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2012/09/22 04:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2012/09/22 04:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Start Menu\Programs\HiJackThis
[2012/09/22 02:53:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/22 02:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/22 01:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/09/22 01:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/09/21 23:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\ESET
[2012/09/21 23:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\ESET
[2012/09/21 23:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/09/21 23:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/09/21 23:06:29 | 001,374,624 | ---- | C] (ESET) -- C:\Documents and Settings\Cheryl\Desktop\eset_smart_security_live_installer.exe
[2012/09/20 14:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/09/20 14:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\GFI Software
[2012/09/20 14:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\Avg2013
[2012/09/18 22:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Application Data\TuneUp Software
[2012/09/18 22:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/09/18 22:26:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/18 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\MFAData
[2012/09/18 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/18 00:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/18 00:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/18 00:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2012/09/17 14:32:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cheryl\Recent
[2012/09/16 22:17:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2012/09/16 22:17:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\searchplugins
[2012/09/16 22:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/15 11:59:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/22 17:56:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/22 17:55:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/22 17:53:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/09/22 15:07:53 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\printscreen of Malwarebytes Scan.bmp
[2012/09/22 12:28:11 | 000,058,854 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\untitled.bmp
[2012/09/22 12:23:39 | 000,020,728 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\cute_hospital_get_well_soon_card-p137063454824366692b2icl_400.jpg
[2012/09/22 10:57:35 | 000,512,737 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\adwcleaner.exe
[2012/09/22 10:37:19 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cheryl\Desktop\OTL.exe
[2012/09/22 04:02:46 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\HiJackThis.lnk
[2012/09/22 03:05:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/09/22 03:03:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\registered copy malwarebytes.rtf
[2012/09/22 02:53:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 01:31:02 | 000,001,064 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/09/22 01:08:42 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\Spybot - Search & Destroy.lnk
[2012/09/21 23:06:36 | 001,374,624 | ---- | M] (ESET) -- C:\Documents and Settings\Cheryl\Desktop\eset_smart_security_live_installer.exe
[2012/09/21 22:51:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/21 21:15:18 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{30802A31-A78A-4571-AA68-EA7AA678B793}.job
[2012/09/21 11:16:39 | 000,000,359 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\registration code for kespersky 2012.rtf
[2012/09/21 11:12:31 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db
[2012/09/20 15:00:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2012/09/20 03:00:00 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/09/19 13:43:48 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/09/18 22:17:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/18 00:28:17 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/17 14:34:01 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/31 21:41:37 | 000,015,234 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\293478_4339416124823_1175473176_n.jpg
[2012/08/29 19:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe
[2012/08/25 18:34:10 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/22 15:07:52 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\printscreen of Malwarebytes Scan.bmp
[2012/09/22 12:28:11 | 000,058,854 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\untitled.bmp
[2012/09/22 12:23:52 | 000,020,728 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\cute_hospital_get_well_soon_card-p137063454824366692b2icl_400.jpg
[2012/09/22 10:57:33 | 000,512,737 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\adwcleaner.exe
[2012/09/22 04:02:24 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\HiJackThis.lnk
[2012/09/22 02:56:04 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\registered copy malwarebytes.rtf
[2012/09/22 02:53:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/22 01:30:56 | 000,001,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/09/22 01:08:42 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Cheryl\Desktop\Spybot - Search & Destroy.lnk
[2012/09/21 22:51:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/21 11:16:38 | 000,000,359 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\registration code for kespersky 2012.rtf
[2012/09/21 11:12:29 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\WebpageIcons.db
[2012/09/20 15:00:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2012/09/20 14:58:52 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012/09/19 13:43:56 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/08/31 21:43:07 | 000,015,234 | ---- | C] () -- C:\Documents and Settings\Cheryl\My Documents\293478_4339416124823_1175473176_n.jpg
[2012/08/29 19:15:30 | 003,782,214 | ---- | C] () -- C:\chatzum_nt.exe
[2012/06/20 21:48:12 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/05/26 21:49:01 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/16 20:24:29 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Cheryl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 17:03:41 | 000,205,652 | ---- | C] () -- C:\WINDOWS\hpoins50.dat
[2012/05/16 17:03:41 | 000,001,241 | ---- | C] () -- C:\WINDOWS\hpomdl50.dat
[2012/05/16 16:40:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/16 16:26:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2012/05/16 16:13:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/16 16:09:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/05/16 12:03:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/16 12:02:32 | 000,259,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/05/31 23:08:23 | 000,060,442 | ---- | M] () -- C:\Documents and Settings\Cheryl\Desktop\cheryl\n.JPG
[2010/03/11 16:08:46 | 001,097,640 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\soph\u.JPG
[2009/10/09 00:20:14 | 002,500,956 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\Sweet Sophie\l.jpg
[2009/10/09 00:20:14 | 002,568,745 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\My Pictures\Sweet Sophie\n.jpg
[2010/11/15 01:05:47 | 001,166,454 | ---- | M] () -- C:\Documents and Settings\Cheryl\My Documents\pics from carries FB\n.bmp

========== LOP Check ==========

[2012/09/18 22:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/09/20 14:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/09/18 22:26:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/20 14:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/05/26 23:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2012/09/21 23:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/05/25 01:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/09/20 14:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/05/16 20:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2012/07/25 11:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/05/27 11:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2012/05/16 17:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/27 12:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\EasiestSoft
[2012/09/21 23:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\ESET
[2012/07/25 01:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\IObit
[2012/05/28 12:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Media Player Lite
[2012/05/16 16:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Oracle
[2012/09/18 22:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\TuneUp Software
[2012/07/25 11:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Visan
[2012/05/27 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cheryl\Application Data\Wondershare Video Converter Ultimate

========== Purity Check ==========

< End of report >

Attached Files

OTL.Txt Run Fix Log.txt 51.62KB 86 downloads

#8
Essexboy

Posted 22 September 2012 - 04:10 PM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaviing now ?

#9
cherdon

Posted 22 September 2012 - 04:55 PM

Member

Topic Starter
Member
21 posts

Well its hard to say, will know better once i start doing a few things on here like i normally do. One thing I did notice was after rebooting I got one message from ESET Smart Security that said Detected ICMP Flodding Attack then it gives an IP Remote Addy which I wasn't sure if I should post it or not so I didn't and another message that said Detected Covert Channel, Exploit in ICMP Packet Remote ID etc etc etc. This came up on another reboot. Have no idea what they mean. When I bring up my IE 8 I am still seeing ChatZum Search (top right next to addy bar). I did a print screen to show you. When you click on drop down list it says ChatZum Search (Default) which I have tried to change numerous times and it keeps coming back. I always use Google Search as my default and nothing else. Can these issues be fixed and if so, how?

Attached Files

ChatZum Search.bmp 576.05KB 158 downloads

#10
Essexboy

Posted 23 September 2012 - 04:35 AM

GeekU Moderator

Retired Staff
69,964 posts

My apologies one slipped by me

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Posted Image

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzu...q={searchTerms}
O2 - BHO: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - No CLSID value found.

:Commands
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#11
cherdon

Posted 23 September 2012 - 08:01 AM

Member

Topic Starter
Member
21 posts

No apologies necessary Essexboy. I know your busy and considering that fact you have succeeded in responding to my problems very quickly. I have noticed a considerable difference on how my puter is performing since using OTL and adwcleaner. I play numerous games on Facebook at one time and was able to have 5 games going for quite some time before it started slowing up where I had to reboot. Below is the log you asked for. If you have a moment, can you give me an idea as to what I might have done to cause this to happen as to avoid doing so in the future. My husband loves using Google Earth but since this has happened an error box comes up saying something to the fact that the drivers are missing which is odd as he has always used it without a problem. Hopefully he can do so once again after today. Thank you again for all your help. I couldn't have done this on my own.

Attached Files

OTL.Txt 45.88KB 80 downloads

#12
Essexboy

Posted 23 September 2012 - 09:05 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi for Google Earth I would recommend an overinstall just download and run from here

The problem you experienced is due to installing programmes without checking that all the extras that are bundled with it are deselected. It happens to alll of us though, the amount of times I have to uninstall toolbars that I did not ask for
To that end I would recommend that you keep the link for AdwCleaner just in case

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptyflash]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. For AdwCleaner run the programme and press uninstall

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

#13
cherdon

Posted 23 September 2012 - 09:12 AM

Member

Topic Starter
Member
21 posts

Your the best Essexboy :thumbsup:

You managed to clean my puter and I will definantly do what you posted. Funny thing is, I know alot of downloads have checkmarks beside toolbars and I do uncheck them but I found a few of them downloaded anyways which really got me mad. I will be extra careful and hubby will be happy if he can again use Google Earth. I wont keep you but I will keep in touch. Have a wonderful day. Hope if I have any problems in the future, I am lucky enough to get you.

#14
Essexboy

Posted 23 September 2012 - 09:18 AM

GeekU Moderator

Retired Staff
69,964 posts

In that case may I never see you again :rofl:

Keep safe now

#15
cherdon

Posted 23 September 2012 - 11:36 PM

Member

Topic Starter
Member
21 posts

Sorry Essexboy but I had to return. My puter is lagging when I have 4-5 pages up and running. I play different bingo games on Facebook and usually have a few going at the same time. Now I am finding I need to reboot frequently because pages are taking a long time to appear and then it freezes. I did exactly everything you last posted and as I said it was working good and still is if I only do 1 thing at a time but I should be able to do much more, did before this problem arose. I downloaded additional programs that this forum recommended such as Spyware Blaster, Spybot Search & Destroy, Super Anti Spyware, Microsoft Security Essentials, already had Malwarebytes, CC Cleaner and ESET Smart Security. I ran scans with them all. I did a print screen of issues but I guess I can only send 1 attachment at a time. Is there something else we can try and if is possible that some of these programs are in conflict with one another? :confused: