Solved Possible Infection - Need Help

[MadforitSteve]

All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service MpKsl2e5a3d0f stopped successfully!
Service MpKsl2e5a3d0f deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{81DC1623-C5DB-4E23-A4CA-ACF4F02FAAE4}\MpKsl2e5a3d0f.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service DIRECTIO stopped successfully!
Service DIRECTIO deleted successfully!
File C:\Program Files\PerformanceTest\DirectIo32.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Error: No service named accwrd58 was found to stop!
Service\Driver key accwrd58 not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 66560 bytes
->Temporary Internet Files folder emptied: 23218664 bytes
->Google Chrome cache emptied: 10313241 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 5752 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: User
->Temp folder emptied: 1456971 bytes
->Temporary Internet Files folder emptied: 7261498 bytes
->Google Chrome cache emptied: 14125940 bytes
->Flash cache emptied: 5719 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12863 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: User

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: User
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07172013_122351
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4016.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4071.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4156.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF426F.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PM0PPRF0\follow_button.1372833608[1].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PM0PPRF0\hub[1].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PM0PPRF0\like[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PM0PPRF0\script[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\PM0PPRF0\uk_msn_com[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M9X3Q6XD\possible-infection-need-help[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M9X3Q6XD\xd_arbiter[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KTVJM0WS\hub[1].html moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KTVJM0WS\moneyadserve_cloudapp_net[1].htm moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KTVJM0WS\xd_arbiter[1].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[MadforitSteve]

Results of screen317's Security Check version 0.99.69
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
I
s
p
l
a
y
N
a
m
e
ECHO is off.
M
I
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
I
t
y
ECHO is off.
E
s
e
n
t
I
a
l
s
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 21
Java version out of Date!
Adobe Flash Player 11.7.700.224
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Microsoft Security Client Antimalware MsMpEng.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

 

[MadforitSteve]

Farbar Service Scanner Version: 13-07-2013
Ran by User (administrator) on 17-07-2013 at 12:32:08
Running from "C:\Documents and Settings\User\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.
**** End of log ****

 

[MadforitSteve]

Thanks,,,eset was cleaN

 

[MadforitSteve]

Although everything is coming up as clean there is still a problem now that I have re-installed google chrome,,,when trying to play any facebook app/game as soon as it is loaded a small window appears saying whoa, Google chrome has stopped working. I though this was part of what we fixed and have also tried getting the flash plug-in for chrome and still no difference,,If you can help me get to the bottom of this I would be grateful.,#

 

[Broni]

Reinstall Chrome...

• Close all Chrome windows and tabs.
• Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
• Click Programs and Features.
• Double-click Google Chrome.
• Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.

Install fresh copy.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

 

[Broni]

Still with me?

 

[MadforitSteve]

Yeah,,,sorry,,,just been a bit busy,,,please give me a couple of days and I will post the results that you asked for/

P.S.
Thanks for all of your exhaustive help so far,,,It really has helped get my mother's computer up and running a lot better again,,,and like I said it's only that one little problem that you are working on with me right now and then it will almost be back to like it was when she first bought it.

I may also be interested in training to help people with malware problems sometime in the near future so it would great if you could point me in the right direction to get started with that as well,,,I am above average with most computer related problems and also learn quickly too when I am trying to further my knowledge of anything computer related,

 

[Broni]

Try one of free schools: http://www.uniteagainstmalware.com/schools.php

 

[Broni]

The issue seems to be resolved.