Supreme Savings Adware problem on my Windows 7 Toshiba laptop

[anon0mouse]

I have a Toshiba laptop with Windows 7, noticed recently on my Facebook and Match.com websites that there are an annoying amount of new advertisements, popups, and underlined links to ads that when mouse is hovered, open a window promoting the ad (also says Supreme Savings).

I have the following on my laptop - AVG free and ZoneAlarm firewall and identity / data protection.

I have run Spybot and it selected many problems which I ran a fix on for removal but the problem still persists.

I have also run AVG and Malwarebytes after the Spybot clean up and neither of them show any threats found.

I may have gotten this virus/infection from a free film viewing site called Megashare which offers online streaming for viewing current movie theatre movies. Doh, yes, I realize the stupidity of that now and even as I clicked on it.

Thanks for help and suggestions.OTL pasted below:

11:26 AM 5/11/2013

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013/04/23 23:03:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/21 01:10:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/02 18:04:05 | 000,000,000 | ---D | M]

[2013/04/23 23:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheryl\AppData\Roaming\Mozilla\Extensions

[2012/06/23 21:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/10/13 22:25:41 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

[2012/08/04 20:59:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/04/21 01:10:22 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml

[2012/06/14 17:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

[2012/06/14 17:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.npr.org/

CHR - default_search_provider: Bing (Enabled)

CHR - default_search_provider: search_url = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={08CC23D9-AA0A-11E2-BF96-00266CC4D248}

CHR - default_search_provider: suggest_url = ,

CHR - homepage: http://www.npr.org/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Updater By SweetPacks = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0\

CHR - Extension: Pinterest = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\

CHR - Extension: Supreme Savings = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.51_0\crossrider

CHR - Extension: Supreme Savings = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.51_0\

CHR - Extension: Gmail = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Google Drive = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Updater By SweetPacks = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.566_0\

CHR - Extension: Pinterest = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\

CHR - Extension: Supreme Savings = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.51_0\crossrider

CHR - Extension: Supreme Savings = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.23.51_0\

CHR - Extension: Gmail = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll ()

O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)

O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

O3 - HKLM\..\Toolbar: (BFlix Toolbar) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll ()

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [searchProtection] C:\ProgramData\Search Protection\_run.bat File not found

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\Cheryl\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1c366f26e1ff47d385d8d16f2a203bbb-346b299148d44860c5159de3eb809358438aa83d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59EBFE04-5FB8-42BD-A09D-7B94A1DA698F}: DhcpNameServer = 209.18.47.61 209.18.47.62

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/09 19:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/05/05 19:54:11 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\Desktop\farm

[2013/05/04 22:22:43 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\{0B9E83B5-C694-40FB-8871-F044436C4891}

[2013/04/28 22:49:33 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\Desktop\Jarrett J. Krosoczka How a boy became an artist Video on TED.com_files

[2013/04/28 04:40:37 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\AVG2013

[2013/04/28 04:38:59 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\TuneUp Software

[2013/04/28 04:38:22 | 000,000,000 | -H-D | C] -- C:\$AVG

[2013/04/28 04:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2013/04/28 04:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2013/04/28 04:19:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2013/04/28 04:19:51 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\MFAData

[2013/04/28 04:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013/04/28 04:19:51 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\Avg2013

[2013/04/23 23:03:34 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\Documents\ForceField Shared Files

[2013/04/23 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\CheckPoint

[2013/04/23 23:03:18 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\Mozilla

[2013/04/23 23:03:18 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\Mozilla

[2013/04/23 23:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint

[2013/04/23 23:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point

[2013/04/23 22:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD

[2013/04/23 22:59:45 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\Check Point Software Technologies LTD

[2013/04/23 22:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint

[2013/04/23 22:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint

[2013/04/23 22:52:24 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\Malwarebytes

[2013/04/23 22:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/23 22:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/23 22:52:05 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2013/04/23 22:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/04/23 21:00:41 | 000,000,000 | --SD | C] -- C:\windows\SysWow64\Microsoft

[2013/04/21 20:58:36 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\{8E16A699-325B-4676-8138-7E9421FDC431}

[2013/04/21 18:00:24 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\Spotify

[2013/04/21 17:58:57 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\Spotify

[2013/04/21 01:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations

[2013/04/21 01:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection

[2013/04/21 01:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2013/04/21 00:56:24 | 000,014,456 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys

[2013/04/20 22:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus

[2013/04/20 22:15:55 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\LavasoftStatistics

[2013/04/20 22:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/04/20 22:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/04/20 22:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2013/04/20 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2013/04/20 21:56:39 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\Ad-Aware Antivirus

[2013/04/20 17:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller

[2013/04/20 17:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks

[2013/04/20 17:32:37 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\Programs

[2013/04/20 17:32:36 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\Supreme Savings

[2013/04/20 17:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2013/04/20 17:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Supreme Savings

[2013/04/14 18:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013/04/12 19:51:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2013/04/12 19:51:54 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2013/04/12 19:51:53 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2013/04/12 19:51:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll

[2013/04/12 19:51:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll

[2013/04/12 19:51:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe

[2013/04/12 19:51:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe

[2013/04/12 19:51:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2013/04/12 19:51:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2013/04/12 19:51:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2013/04/12 19:51:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2013/04/12 19:51:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2013/04/12 19:51:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2013/04/12 19:51:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2013/04/12 19:51:41 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/11 10:58:56 | 000,001,472 | ---- | M] () -- C:\Users\Cheryl\Desktop\OTL (1) - Shortcut.lnk

[2013/05/11 10:50:54 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/11 10:50:54 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/11 10:47:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/05/11 10:43:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/05/11 10:43:08 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/11 10:38:02 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4025698951-3597766224-2063219151-1001UA.job

[2013/05/11 07:08:49 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/05/11 07:08:49 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/05/11 07:08:49 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/05/10 18:04:45 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4025698951-3597766224-2063219151-1001Core.job

[2013/05/09 19:14:22 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/04/28 22:49:33 | 000,180,573 | ---- | M] () -- C:\Users\Cheryl\Desktop\Jarrett J. Krosoczka How a boy became an artist Video on TED.com.htm

[2013/04/28 21:22:18 | 000,000,012 | ---- | M] () -- C:\windows\Brownie.ini

[2013/04/28 21:22:18 | 000,000,011 | ---- | M] () -- C:\windows\BRVIDEO.INI

[2013/04/23 23:09:42 | 000,417,507 | ---- | M] () -- C:\windows\SysNative\drivers\vsconfig.xml

[2013/04/23 23:03:00 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk

[2013/04/23 22:52:08 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/21 18:00:23 | 000,001,821 | ---- | M] () -- C:\Users\Cheryl\Desktop\Spotify.lnk

[2013/04/21 01:08:21 | 000,001,297 | ---- | M] () -- C:\Users\Cheryl\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/04/21 01:08:21 | 000,001,273 | ---- | M] () -- C:\Users\Cheryl\Desktop\Spybot - Search & Destroy.lnk

[2013/04/21 00:56:23 | 000,014,456 | ---- | M] (GFI Software) -- C:\windows\SysNative\drivers\gfibto.sys

[2013/04/21 00:49:57 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt

[2013/04/13 10:07:14 | 000,349,848 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/04/12 22:11:29 | 000,011,377 | ---- | M] () -- C:\Users\Cheryl\Documents\wavygirl.jpg

[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/11 10:58:56 | 000,001,472 | ---- | C] () -- C:\Users\Cheryl\Desktop\OTL (1) - Shortcut.lnk

[2013/04/28 22:49:32 | 000,180,573 | ---- | C] () -- C:\Users\Cheryl\Desktop\Jarrett J. Krosoczka How a boy became an artist Video on TED.com.htm

[2013/04/28 21:22:18 | 000,000,012 | ---- | C] () -- C:\windows\Brownie.ini

[2013/04/28 04:38:59 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/04/23 23:03:28 | 000,417,507 | ---- | C] () -- C:\windows\SysNative\drivers\vsconfig.xml

[2013/04/23 23:03:00 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk

[2013/04/23 22:52:08 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/21 18:00:23 | 000,001,821 | ---- | C] () -- C:\Users\Cheryl\Desktop\Spotify.lnk

[2013/04/21 18:00:23 | 000,001,807 | ---- | C] () -- C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

[2013/04/21 01:08:21 | 000,001,297 | ---- | C] () -- C:\Users\Cheryl\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/04/21 01:08:21 | 000,001,273 | ---- | C] () -- C:\Users\Cheryl\Desktop\Spybot - Search & Destroy.lnk

[2013/04/12 22:11:28 | 000,011,377 | ---- | C] () -- C:\Users\Cheryl\Documents\wavygirl.jpg

[2012/12/01 00:25:54 | 000,127,599 | ---- | C] () -- C:\Users\Cheryl\photo 2.JPG

[2012/12/01 00:25:54 | 000,094,395 | ---- | C] () -- C:\Users\Cheryl\photo 1.JPG

[2012/12/01 00:25:54 | 000,088,159 | ---- | C] () -- C:\Users\Cheryl\photo 3.JPG

[2012/08/15 16:40:39 | 000,000,011 | ---- | C] () -- C:\windows\BRVIDEO.INI

[2012/08/15 16:40:39 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini

[2012/08/15 16:40:01 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

[AdvancedSetup]

Hello and welcome to Malwarebytes

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thank you

[anon0mouse]

Thank you Larry, your suggestions as outlined in your email worked and now the problem is solved, your response and directions are greatly appreciated.