After years of using PortableApps, kids using USB sticks, and now their gaming activities, mixed with my lack of knowledge in keeping things running well, I've got 3 messed up computers. My husband had installed BitDefender on all three, but it's now clear some damaging things got in. They are all very slow, poor screen refresh, some crashes, and very slow internet access.

Before discovering SpyBot, (and thinking BitDefender was taking care of viruses) I purchased RegZooka (came with SpyZooka) and who knows what it did to things. SpyZooka kept finding viruses (some the same ones) even after repeat consecutive runs. One was a trojan in the BitDefender folder and I followed some web process for manually removing it (took a SafeMode scan to find it), but still had the same performance problems.

In my effort to run my software and get my late taxes done (still not done), and during 2 weeks of horrible "support" from BitDefender, I repeatedly ran the RegZooka and opened up my Task Manager and randomly removed processes (mostly Chrome) that seemed to be eating up my memory. It helped, but after about an hour of leaving the computer on (computer #2) everything's hosed again.

So, I'm able to run Firefox on computer #1 (where I am now), and have some stability, so I removed BitDefender, RegZooka & SpyZooka, and installed Malwarebytes. It didn't find anything! So, I've now followed your "BEFORE You Post" directions and run ERUNT, SpyBot, and dds.scr on computer #1 (first backed up data & set a system restore point). I have several questions.

1. SpyBot found & cleared 71 tracking cookies. Could this alone explain the slowdowns? After a reboot, my task manager showed PF Usage of 1.0 GB with no applications running. Is this normal? I'm running Windows XP Professional V. 2002 Service Pack 3. Intel Core 2 CPU, 6320 @ 1.86GHz, 1.98 GB of RAM.

2. My external drive was connected during the scan, but I couldn't find a way to include it in the settings. Would it have been scanned? If not, how do I do that (along with all our USB sticks)?

3. Is there a way to restore or recover from any damage I've done by messing with my registries? What other tools should I use to diagnose and in what order? Would it be worthwhile to run SpyBot again in safe mode?

4. I'm getting ready to follow your procedures on my 2nd computer, but it's too slow to easily do a backup (would likely take days). How important is this? Can you recommend a good application for incremental backups that work well with various external drives?

Please forgive my relative lack of technical knowledge. Reading through the various forum posts often sounds like Greek to me. I'm an educator and am needing to get everything in order technically so I can start a blog for homeschooled children, in part to help them navigate through this stuff so they don't fall prey to bad advice as I've had. I appreciate any advice or support you can offer me. I did keep some of the early logs that showed what trojans had been found, if that's useful.

Thank You,

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

Registry cleaners are not recommended, remove the wrong entry or entries and you can make your computer unbootable. I have been into computing for many years and have never needed a registry cleaner, there is a way of removing entries for a program you just uninstalled but its not needed here at this point.

Let me explain the way the forum works, this forum is just for malware removal, if after running a few scans there is no malware than I can link you to a good windows support site that can help you

We can only work on one computer at a time in this thread or believe me it will get very complicated and confusing, so lets do this, pick you main computer your having the main issue with and lets work on that, when where done I will close this thread and you can start a new topic for the next one.

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Thank you very much Ken for your assistance. I've done my backups, tried to run ERDNT (but it was unable to create a file), and ran aswMBR (I assumed I was meant to agree to the popup box recommendation to download AVAST's latest virus definitions). Downloads are taking awhile (currently 7 KB/s).

My computer crashed while running the aswMBR. Do you want me to retry it?

Just to let you know what I'd done previously... I'm working on what I call Computer #2. This is my main computer (I don't have access right now to #1 and #3 has to be moved to be online). This one had been in the worst shape, and I'd done similar things as the one described previously (BitDefender, RegZooka, SpyZooka). After seeing no change after running SpyBot, I ran it again in SafeMode and it found/cleaned many "red level" viruses (they all said cookie trackers -- so I'm not sure if those are true viruses). It is running a bit more stable now, which allowed me to do backups.

This is a Windows7 Professional, Service Pack 1, 32-bit operating system with 2 GB RAM.

Thanks again,

2012-07-02, 11:03
We just missed one entry by ASK and I am also including entries for BitDefender, SpyZooka and RegZooka as you stated you uninstalled them

Also, tracking cookies would not slow your system down but running a system cleaner to clean out all the temp files and Temporary Internet files will help. When we ran OTL last time it did clean all those out and will do so again this time. I am going to include a nice system cleaner for you , maybe run it twice a month or so , but after running the OTL fix there is no need to run it now

As long as you got ESET to run there really is no need to run Housecall

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-21-985302526-3885216461-293028738-1007..\Run: [RegZooka] "C:\Program Files\RegZooka\RegZooka.exe" File not found



C:\Program Files\Bitdefender
C:\Program Files\SpyZooka
C:\Program Files\RegZooka

[start explorer]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

This cleaner is by the same author as OTL, he is a malware fighter and logs on as OldTimer, this is free and yours to keep

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

How are things running now, any better ?

2012-07-02, 13:22
Since it'd taken so long to download HouseCall, I went ahead and ran it anyway. It came back with no threats found (was the Quick scan). It had a little red checkbox next to conficker at the bottom, which I just read an unsettling 4 pg article about. Does that mean HouseCall (and other programs) are able to confidently scan for this?

Okay, on to your fixes. By the way, I'd like to uninstall the uTorrent and NTREGOPT which accidently got installed. Is it fine to do this after I finish with your fix?


2012-07-02, 13:38
TrendMicro is wanting to run on startup. Should I uninstall this?
Here's the OTE Fix Log...

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-985302526-3885216461-293028738-1007\Software\Microsoft\Windows\CurrentVersion\Run\\RegZooka deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Bitdefender folder moved successfully.
C:\Users\Jennifer\AppData\Local\SpyZooka\Reports folder moved successfully.
C:\Users\Jennifer\AppData\Local\SpyZooka folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6620121118270 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6620121117440 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q62120121113000 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6202012825310 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6202012527490 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka\Q6062012934580 folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Spyzooka folder moved successfully.
C:\Program Files\SpyZooka folder moved successfully.
C:\Program Files\RegZooka\Backups folder moved successfully.
C:\Program Files\RegZooka folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point


User: All Users

User: Andrew - School
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jennifer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6294580 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6322851 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Ryan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: SteveW
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 533246 bytes
RecycleBin emptied: 2067639 bytes

Total Files Cleaned = 15.00 mb

OTL by OldTimer - Version log created on 07022012_222402

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2012-07-02, 14:05
Yes, you can uninstall them both, also ESET

Housecall came back ok so looks like your on your way

2012-07-02, 14:08
Morning to You,

Maybe this isn't a malware issue, but something with my system. Restarts seem slow to me, but it's been so long since I've had a good system, I'm not sure what it should be. As soon as I restarted, I opened up my Task Manager and looked at my performance. This computer only has 1.8 GB RAM and before I opened any programs, my Physical Memory was at 78% (now about 85% with Chrome running). I don't know what info to give you, but here's what I see:

Physical Memory
Total 1840
Cached 308
Available 345
Free 39

So, what's happened in the past is that once I get several tabs opened and a few applications running (which is how I work best), things start to deteriorate. On a positive note, through this process, I've had my computer running for extended periods of time (downloading & scanning) with only a few hangs, which is an enormous improvement. I've not yet seen the funny black screen which erases to reveal my desktop when I roll my mouse around. But, I'm heading to bed now, so it won't get much of a test until tomorrow.

Thank you so much for your help so far. Oh, my Windows message center continues to tell me I don't have virus protection. Is there a recommended program for real-time malware protection, or should I just run SpyBot and Malwarebytes daily? I suppose I could buy something if it's needed.

Where should I go to get GOOD advice (have had plenty of inconsistent advice) on safe computing habits (especially in regards to browsers, shared devices over our wifi, scanning of external drives, flexible incremental backup software that can back external to external, etc)?

I don't want to use this forum inappropriately, I just know that an ounce of prevention's worth a pound of cure, and there's SO MUCH misinformation out there.


2012-07-02, 19:21

I am tied up at work at the moment but late afternoon I will be back online and we can go through some security information

2012-07-03, 00:17

Long day, sorry for the late reply

1. Dont ever ever use any form of File Sharing, you can infect your computer big time, the programs themselves are safe it just the files your downloading, you never know where they are coming from and some can be infected.

2. Just delete any spam email, dont even open them as some are coded and the author will know your email is valid and you will get more spam, almost 99.9 % of the links in Spam email will take you to a bogus site that can infect you.

3. Keep your Java up to date, outdated Java can let the bad guys in. Go to Start > Control Panel > Java then go to the General Tab > About and your should have Version 7 Update 5 ( which you dont ) so then go to the Update Tab and let it update, then you can go back into the Control Panel > Add Remove Programs and uninstall all older Java updates except Version 7 Update 5.

4. Malwarebytes, you have the free version which is fine but if you updated to the Pro version, it has a protection Moduale that will block bad websites from loading, the cost is minimal, a one time small fee and the program is yours, if you got rid of this computer, you could uninstall Malwarebytes and then reinstall it on your new one and use the same key code for the protection moduale, but this of course is your decision.

5. To put your mind at ease over Conflicker, you can take this quick test. Your not infected with it so not to worry

6. You can keep Spybot Search and Destroy but if you update Malwarebytes than disable the Teatimer or they will conflict

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect

7. Antivirus software, you only need one, more than one is overkill and can severely hamper system performance, just keep it updated and run weekly scans.
My choice would be Norton Internet Security, it contains Anti Virus, anti Malware and a Firewall


Or you can install the free one by Microsoft.....Microsoft Security Essentials.


8. I dont know how old your system is but your lacking adequate memory, adding more memory is the best way to update your system, this is the site I use, you can have them scan your system and it will tell you what you have and what you can upgrade to, its a simple upgrade, if you have never been inside your computer case I am sure you can find a local high school kid to do it for you, use the Crucial memory advisor, its safe to download and run


9. On my system, I have Norton Internet Security, Malwarebytes Pro Version, Spybot Search and Destroy ( TeaTimer disasbled ) This is all I really need, dont listen to friends that tell you need to install this or that, you can really bog down your system if you install to much

10. Stay away from Registry cleaners, if you run it and it removes unwanted entries you will see no difference in system performance, if it removes the wrong entry of entries it can leave your system unbootable

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn

2012-07-03, 06:33
Hello Again,

Please don't apologize for a late reply. I feel very appreciative that you put the time and effort in at all. A couple of things:

1. Do you consider DropBox and Evernote in the same class of file sharing as Peer-to-Peer, when I'm only sharing files to family & friends through invitation?

2. Just to be clear on SPAM, sometimes things accidentally get looked at (opened) that are spam. Other than sending a notification back to the spammer (and thus verifying your address), can just opening it cause infection if no links are clicked?

3. My control panel shows 2 versions of Java. The one I just updated is "JavaFX 2.1.1" and the other is "Java(TM) 7 Update 5" but with a date of June 1st. Should I delete either of these?

4-7. So if I upgrade to Malwarebytes, that will give me real-time malware (but not virus) protection, Microsoft Security Essentials will give me real-time virus and malware protection, and SpyBot can be run regularly as an extra layer of virus and malware protection. Do I need firewall protection, or would Microsoft Security Essentials provide this?

8. I'll take your advice on a system upgrade, and steering clear of registry cleaners. But since I'd already run RegZooka, which deleted hundreds of items, is there a tool I can run to make sure my registries are currently in order?

9. Does SpyBot include connected external drives or devices when it runs? From this point, now that this computer's clean, and once I upgrade my virus protection, will it be safe to simply connect externals and scan them (and will zipped or archived files get scanned)?

10. Should I now uninstall HouseCall, aswMBR, ERUNDT, OTL, and dds, or could they be useful to me in ongoing system care?

11. Is it ever recommended, or not recommended for a relative novice like me to scan for viruses/malware in safe mode?

I'll spend some time reading the pages you've linked to (this one's broken: http://forums.whatthetech.com/index.php?showtopic=57817). Thank you so much for your support. It's nice having a functioning computer again.


2012-07-03, 11:31

Try this one, it opened for me

These are fine
DropBox and Evernote

This is the developer version and came bundled with Version 7 Update 5 and can be uninstalled
JavaFX 2.1.1 <-- Uninstall

Spam is funny, you never know whats inside to its best just to not open them

When you run a scan with Malwarebytes we usually just run the Quick Scan but if you have your external drives connected a run the Full scan it will list connected drives and you can just put a checkmark in the ones you want scanned. Spybot may not have the same option.

As far as these, lets get rid of them as if you should need them in the future you should get updated versions
HouseCall, aswMBR, ERUNDT, OTL, and dds

OTL has a clean up feature, lets run it and it will remove most of the tools we used, the ones it did not you can uninstall or drag to the trash

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Ken :)

2012-07-05, 11:45
Thank you so very much Ken for your hand holding through something that didn't turn out to be so awful or difficult, but was needed anyway. I plugged my external hard drive and 2 USB sticks and re-ran SpyBot, Malwarebytes & Microsoft Security Essentials. It took forever, but I seemed to get them cleaned up (though I'm not sure if it scanned zipped or archived files -- I'm assuming they'll get scanned if and when they are opened).

Overall my computer's running much better, and my "Window's Experience" rating went up from a 3.9 to a 4.0. I think the next step is for me to take it into the shop for some upgrade options, and I'm still incorporating the advice from the various links you gave me. For future reference, what, in your opinion would be the best site for me to visit to get some sound advice on windows maintenance issues? I understand registry cleaners are out, but there are still other tools out there that promise all sorts of things.

I'm getting ready now to start doing some basic scans and upgrades on the other 2 computers using the same malware tools, so it may turn out that I don't need support after all. One of the computers is running Vista, and my husband and I are debating whether it would be best to upgrade to Windows 7. Do you have an opinion on that?

Thank you again for your help, and I will definitely make a donation to SpyBot to show my appreciation.


Oh, if it looks like my other computers are in need of additional malware removal support, should I contact you, or just post here again?

2012-07-05, 19:17
I understand registry cleaners are out, but there are still other tools out there that promise all sorts of things. <--Dont believe them. You will find all kinds of garbage on the internet, basically like I said, keep one Anti Virus program, keep both Malwarebytes and Spybot, run a cleaner now and then , a whole lot more are not really needed.

You can go to PcPitStop and run the free analyzer scan, keep the link when its done and you can paste it into a forum of your choice so they can see where you stand.


You can also post in this nice windows forum with help cleaning up your system

What I am going to do is close this thread and mark it as resolved, what you want to do when your ready is to come back to this forum and START A NEW TOPIC. Make sure you let them know its your second system, if I miss your post we have a great team of people and one of us will pick it up.

Ken :)

2012-07-06, 00:20
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.