Persistent malware calls itself bitdefender

[JToma]

Here is the new log: Rebooting now.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-12-2013 01
Ran by Toma at 2013-12-31 14:40:22 Run:4
Running from C:\Users\Toma\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [Eltiodad] - C:\Users\Toma\AppData\Roaming\Viulxa\keyphui.exe [221872 2013-12-30] (BitBefender S.R.L.)
C:\Users\Toma\AppData\Roaming\Viulxa
C:\Users\Toma\AppData\Local\Temp\ntdll_dump.dll
End



*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Eltiodad => Value deleted successfully.
C:\Users\Toma\AppData\Roaming\Viulxa => Moved successfully.
C:\Users\Toma\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

==== End of Fixlog
 

[JToma]

Unfortunately the processes are still present in a clean mode reboot. However, in the process of typing this, one of the processes crashed and windows asked if I wanted to troubleshoot. I clicked view details and it gave me this. Don't know if this helps any.

Problem Event Name:    APPCRASH
  Application Name:    keyphui.exe
  Application Version:    0.224.42054.35529
  Application Timestamp:    5287b82d
  Fault Module Name:    StackHash_0a9e
  Fault Module Version:    0.0.0.0
  Fault Module Timestamp:    00000000
  Exception Code:    c0000005
  Exception Offset:    003b821c
  OS Version:    6.1.7601.2.1.0.768.3
  Locale ID:    4105
  Additional Information 1:    0a9e
  Additional Information 2:    0a9e372d3b4ad19135b953a78882e789
  Additional Information 3:    0a9e
  Additional Information 4:    0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\windows\system32\en-US\erofflps.txt

 

[kevinf80]

Leave the clean boot mode settings as they are for now,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

• Ensure that Combofix is saved directly to the Desktop <--- Very important
   
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
   
  
• Close any open browsers and any other programs you might have running
   
  
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
   
  
• Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
   
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
   
  
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
  

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*

• 
  

    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

[JToma]

I left the Clean Boot settings on and closed all programs. Here is the Combofix log.

 

ComboFix.txt

[kevinf80]

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache:Registry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Eltiodad"=-File::c:\users\Toma\AppData\Roaming\Viulxa\keyphui.exeFolder::c:\users\Toma\AppData\Roaming\Viulxa

 

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter. When finished type exit Tap enter, re-boot your PC.

***Note the space between sfc and /scannow.

To get report, at command promt type or copy and paste:
findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt  

 

Next,

 

If the infection did return run the following, please ensure all security is off, all browsers are closed.

 

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

 

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur

 

Altenative mirror

 

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply here:

Temporarily disable Security

 

Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on  NO
   Then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  
  • IAT/EAT
    
  • Drives/Partition other than Systemdrive (typically C:\)
    
  • Show All (don't miss this one)
     
    
    Click the image to enlarge it
     
    

  [*] Then click the Scan button & wait for it to finish.

  [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" 

  [*]Save the log where you can easily find it, such as your desktop.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

Please copy and paste the report into your Post.

 

Let me see logs from Combofix, sfc /scannow and GMER if applicable....

 

[JToma]

Happy New Year Kevin!

Anywho, the combofix seemed to do the trick, although I am still booted in a Clean Mode. Here are the two logs, and I did not run the GMER as the processes haven't shown up since. I had trouble opening up the SFC details.txt using that string and the file on my desktop under that name is blank. I located the CBS log though if that helps.

 

ComboFix.txt

CBS.log

[kevinf80]

Happy New Year to you and your family, ok do the following....

 

Reset the start up mode back to Normal:

 

1. Click Start, type msconfig.exe in the Start Search box, and then press Enter.
2. Note If you are prompted for an administrator password or for confirmation, you should type the password or click Continue.
3. On the General tab, click the Normal Startup option, and then click OK.
4. When you are prompted to restart the computer, click Restart.

Run FRST once more and post a fresh log.....

[JToma]

Crossing my fingers that everything is well. No more processes popping up at this time. Hopefully it stays that way.

Here is the new log:

FRST.txt

[kevinf80]

We have the nuisance back again....Sigh, we need to get the OS back to clean boot state....

 

Put the PC back to clean boot mode, once in that state, run FRST one more time and post fresh log, we do a kill run and re-boot (still in clean boot mode) and see what happens...

[JToma]

Okay, so, back in Clean Mode and here is the new log:

 

FRST.txt

[kevinf80]

OK, no sign of infection in that mode, I want you to run FRST from outside of windows, a USB stick is needed for this function, also a spare PC to d/l and save FRST to the usb stick, if that is possible we continue:

 

Please download Farbar Recovery Scan Tool from here:
                                                                   
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select Your Country as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.
  

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select Your Country as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.
  

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  

 

[JToma]

Okay, sorry for the late reply. My USB flash drives weren't showing up so I had to buy CD RWs to ensure I'd get the log file after the scan. Here is the FRST log from the CD after following the instructions

FRST.txt

[kevinf80]

Thanks for the update and the log, well that log is clean, no bad entries. Can you boot into windows, still in the clean boot mode. Now d/l and install CCleaner:

 

Download and install CCleaner from here:

 

http://www.piriform.com/ccleaner/builds  Ensure to select Slim version. (No Toolbar)

 

Run CCleaner, do not alter the settings, default ones are fine, From the main GUI select > Tools > Start up > with the "Windows" tab selected look to the bottom right corner, you will see "Save to text file" please do that and post that file to next reply....

 

Kevin...

[JToma]

That link didn't work for me but I managed to download CCleaner. No mention of a 'slim' version. Here is the text of the start-up file:

No    HKCU:Run    DAEMON Tools Lite    DT Soft Ltd    "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
No    HKCU:Run    Skype    Skype Technologies S.A.    "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
No    HKCU:Run    Steam    Valve Corporation    "C:\Program Files (x86)\Steam\steam.exe" -silent
No    HKLM:Run    Adobe ARM    Adobe Systems Incorporated    "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No    HKLM:Run    APSDaemon    Apple Inc.    "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
No    HKLM:Run    BLEServicesCtrl    Intel Corporation    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
No    HKLM:Run    BTMTrayAgent    Microsoft Corporation    rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
No    HKLM:Run    Eltiodad        "C:\Users\Toma\AppData\Roaming\Viulxa\keyphui.exe"
No    HKLM:Run    ETDCtrl    ELAN Microelectronics Corp.    %ProgramFiles%\Elantech\ETDCtrl.exe
No    HKLM:Run    HotKeysCmds    Intel Corporation    C:\windows\system32\hkcmd.exe
No    HKLM:Run    IAStorIcon    Intel Corporation    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
No    HKLM:Run    IgfxTray    Intel Corporation    C:\windows\system32\igfxtray.exe
No    HKLM:Run    IntelTBRunOnce    Microsoft Corporation    wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
No    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
No    HKLM:Run    Monitor    LeapFrog Enterprises, Inc.    "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
No    HKLM:Run    MSC    Microsoft Corporation    "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
No    HKLM:Run    Persistence    Intel Corporation    C:\windows\system32\igfxpers.exe
No    HKLM:Run    RTHDVCPL    Realtek Semiconductor    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
No    HKLM:Run    S-Bar    Micro-Star International Co.,Ltd.    %PROGRAMFILES%\S-Bar\S-Bar.exe
No    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No    HKLM:Run    Super-Charger    MSI    C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
No    HKLM:Run    THX Audio Control Panel    Creative Technology Ltd    "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
No    HKLM:Run    THXCfg64    Microsoft Corporation    C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
No    HKLM:Run    UpdReg    Creative Technology Ltd.    C:\windows\UpdReg.EXE
No    HKLM:Run    USB3MON    Intel Corporation    "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
No    HKLM:Run    YouCam Mirage    CyberLink    "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
No    HKLM:Run    YouCam Tray    CyberLink Corp.    "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s

 

[kevinf80]

Not sure if you still have System Look available, if so no need to d/l again. run again:

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 

• 
  

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 

:filefindkeyphui.exe:regfindEltiodad

 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[JToma]

Here is the log from SystemLook"

SystemLook 30.07.11 by jpshortstuff
Log created at 14:43 on 02/01/2014 by Toma
Administrator - Elevation successful

========== filefind ==========

Searching for "keyphui.exe"
C:\FRST\Quarantine\Viulxa\keyphui.exe    --a---- 221872 bytes    [22:35 29/12/2013]    [22:35 29/12/2013] 62296242ED1A019551288D5A2795C3EF
C:\FRST\Quarantine\Viulxa\Viulxa\keyphui.exe    --a---- 221872 bytes    [22:08 30/12/2013]    [22:08 30/12/2013] 62296242ED1A019551288D5A2795C3EF

========== regfind ==========

Searching for "Eltiodad"
[HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Eltiodad"="C:\Users\Toma\AppData\Roaming\Viulxa\keyphui.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eltiodad]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eltiodad]
"item"="Eltiodad"
[HKEY_USERS\S-1-5-21-2932977328-2380656773-45066812-1001\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Eltiodad"="C:\Users\Toma\AppData\Roaming\Viulxa\keyphui.exe"

-= EOF =-

[kevinf80]

If you still have OTM no need to d/l again....

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Reg :Reg
  
  

  :Reg[HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Eltiodad"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eltiodad][HKEY_USERS\S-1-5-21-2932977328-2380656773-45066812-1001\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Eltiodad"=-:FilesC:\Users\Toma\AppData\Roaming\Viulxa:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Let me see that log...

[JToma]

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Eltiodad deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eltiodad\ not found.
Registry value HKEY_USERS\S-1-5-21-2932977328-2380656773-45066812-1001\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Eltiodad not found.
========== FILES ==========
File/Folder C:\Users\Toma\AppData\Roaming\Viulxa not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Toma
->Temp folder emptied: 2675 bytes
->Temporary Internet Files folder emptied: 2512243962 bytes
->Java cache emptied: 116908 bytes
->FireFox cache emptied: 500840149 bytes
->Flash cache emptied: 37745 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200710 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38098 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13511730 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49315 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,887.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01022014_174720

Files moved on Reboot...
C:\Users\Toma\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Toma\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Toma\AppData\Local\Mozilla\Firefox\Profiles\cj32ouy0.default\startupCache\startupCache.8.little moved successfully.
C:\Users\Toma\AppData\Local\Mozilla\Firefox\Profiles\cj32ouy0.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Toma\AppData\Local\Mozilla\Firefox\Profiles\cj32ouy0.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Toma\AppData\Local\Mozilla\Firefox\Profiles\cj32ouy0.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Toma\AppData\Local\Mozilla\Firefox\Profiles\cj32ouy0.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Toma\AppData\Local\Mozilla\Firefox\Profiles\cj32ouy0.default\urlclassifier3.sqlite moved successfully.
C:\windows\temp\FireFly(2014010213231274C).log moved successfully.
C:\windows\temp\integratedoffice.exe_c2ruidll(2014010213231274C).log moved successfully.
C:\windows\temp\integratedoffice.exe_streamserver(2014010213231674C).log moved successfully.
File move failed. C:\windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 

[kevinf80]

Re-run CCleaner, select > tools > start up > windows tab. Look through the start up list, if the following entry is still present select it then select  "Delete" from the right hand pane.

 

No    HKLM:Run    Eltiodad        "C:\Users\Toma\AppData\Roaming\Viulxa\keyphui.exe"

 

Next,

 

Select > Cleaner > Run Cleaner > all temp files and caches will be deleted/emptied

 

Next,

 

Select > Registry > "Scan for Issues" > with all found entries checked select > "Fix Selected Issues" follow prompts to make back up and remove all entries...

 

Next,

 

 

•  

   

• Open msconfig...

   

   

• On the General tab, click Normal Startup - load all device drivers and services, and then click OK.

   

   

• When you are prompted, click Restart.

   

   

 

 

Run FRST again and post fresh log, If this issue returns yet again we need to run GMER......

 

Thanks,

 

Kevin

[JToma]

Here is the latest FRST log.

FRST.txt

[kevinf80]

Bingo... A clean log at last. Can you do this please:

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log, also let me know how your system is responding and if any apparent issues or concerns..

 

Cheers,

 

Kevin.....

[JToma]

Here is the full MBAM scanned log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.03.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Toma :: TOMA-MSI [administrator]

03/01/2014 8:15:29 AM
mbam-log-2014-01-03 (08-15-29).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 695821
Time elapsed: 1 hour(s), 35 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 252
C:\FRST\Quarantine\zyivwiga.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\Viulxa\keyphui.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\Viulxa\Viulxa\keyphui.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Absuam\emxua.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Abufbai\uhalq.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Acbomana\igxyduo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Addaak\qaxou.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Adwubo\sazay.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Afniti\kowievr.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Aftoyweb\guyvdy.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ageluwu\agwot.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Agocleri\eryxvyt.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ahidsy\buahacv.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Akzifoy\orqyd.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Alofaze\nifoha.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Amiqihon\egohiny.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Amuwada\peowmyr.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Anfaacm\ywozi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Anogah\ovxau.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Apehus\tekuili.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Asymcya\uvhoil.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Atackii\ilakdu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Atpeaw\yfwup.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Avcauqc\yvrikes.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Awqeywux\ekofe.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Awyggo\yqluy.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Babiwob\ycdamia.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Baotqaoz\elryak.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Basuyhod\kiuku.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Bidebubu\uzepyxe.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Boinni\muakper.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Buufivo\kuute.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Cabosos\nyise.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Caosytlo\ulwiet.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Caudeqa\hivue.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Caunyts\geegb.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Cawyhyyt\seibo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ceawni\tekun.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ceogozy\ruviamb.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Cofanao\ibesno.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Coowuk\weilseo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Cuawneqo\anibh.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Cuocit\nekio.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Cuohuhis\lucayl.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Cyamytef\piovere.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Damayzih\tuqii.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Dezuluzo\ugomse.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Doubcua\fyulfu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Doyladol\okewt.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Duogibxa\dyroari.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Duviwi\boqyi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Dyahuw\ikcaydb.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Dyoning\zakuo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Edhiysyl\usnouti.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ekfucoo\icuhpov.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Elheocu\kiygu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Emahans\syylulo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Emdoiqe\elniy.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Epvuir\wyitza.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Erifyq\xyitxoe.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Erqevyub\vyseo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Esdylyi\iqcaz.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Esisan\ossoecf.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ezbowy\wauxub.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ezyzko\ybbipy.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Faosqafo\zyeboqo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Feareci\udkead.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Fiamubi\arsei.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Fuisak\owminel.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Fybionc\nogopor.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Fygohopi\cycyhuu.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Fyuvur\iwpau.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Garuec\hyqeyli.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Giufali\opfucu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Gyaqgy\qeihlao.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Gypykee\hufou.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Hexiarky\ybwaev.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Hiegara\zairbo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Hosybiu\yfsao.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Huytxai\roaqib.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ibecadb\osolg.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Icguqa\fabino.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Icoqvuk\iffyvyv.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ifarkeyb\avtad.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ifcuhio\qeexzyu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Igkozut\muamg.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Igolatic\niasz.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ihocxik\amfun.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ihpeat\zedauqs.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ikwafy\kuafedo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Imanzaux\feniazi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Imseec\pukezi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Inevonk\awurak.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Inhaluo\naofyxa.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ipkuar\idodfu.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Iqadapoq\abahyqp.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Iqbuzauh\zyict.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Iqicer\geapw.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Iqutcayh\ufzaeru.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Iquxxa\fegeevu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Irefuxb\weupi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Irfuuxu\ynodpi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Irtyhee\ovurgiw.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Irymhem\ymkefy.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Isabiq\ecytavw.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Islyalvo\izycvaf.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Isocnee\miykra.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Isuzucr\istuot.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Isyfpy\nuybytb.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Itoqseg\ivyhord.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Iwisog\doziomd.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Izogunte\yhzuqi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Kaqewely\urytovf.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Kidugud\uwdeu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Koylog\culisar.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Kuqaaqes\evigvou.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Kyelsago\fixif.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Lacetooh\ypumim.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Leemomv\zukueh.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Levihu\azufl.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Luoxhyi\etrunuo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Lyehyr\hiiwad.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Maywmafe\ufazd.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Meafyty\befauq.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Moytmes\huelwu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Muulih\sahopi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Muwoewbu\ylpyygs.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Myutwy\naylu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Neguok\nougypi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Niroif\ocnuugf.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Nuqeco\reexom.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Nywoaso\gyyqutb.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Obapeb\owkay.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Odkipe\paatra.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ogcowiow\oqugi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ognowov\epkeel.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ohurow\ibuzaks.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Oketko\lepoeh.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Okidemt\ewnou.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Okodax\novihe.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Okyndoas\esowbio.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Oqisfau\avzaw.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Oqykdoy\ixopkoc.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Orahir\idgedui.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Otukuvaz\vyfiyfu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Otykutoh\xuetf.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Owmeykis\ytytvio.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Oxezedo\edohbi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Oxteuz\cuxiba.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ozruez\ezygr.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Peugwyy\wefyof.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Pouxhofy\odqoz.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Pyqopous\zoteyxl.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Qeedekud\leozh.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Qocuwage\veoxkon.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Qoesopa\mihyb.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Quidpyg\tuumemf.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Quiryw\ernoryl.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Qusyim\erpoe.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Qydikai\ucamip.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Qyfuqea\ovmob.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Raoqvudi\acodq.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Roostaci\wiyhu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Rotumu\vomeyw.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Sacyweo\weiwf.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Saqyehe\ynixnaa.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Seebowy\izywl.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Semeirod\waoqg.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Sexuymy\aracy.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Sipehamy\yqhyxii.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Soawxeor\oweltu.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Someycq\evaka.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Soocuzom\awalotz.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Suelvyem\kyuke.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Sunaub\felouli.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Suxuaq\owutky.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Suzuxi\esqaol.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Taillea\tiupa.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Taodru\yguke.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Teonucu\uhqiox.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Tiompo\udneeq.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Tipidea\yweva.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Tivyihq\kouqerd.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Tuwuyxeq\danyle.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ugruvomo\ugymqu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ukedyt\itezbu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ukyfcou\edcymui.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Unfias\vaibub.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Unninywi\axise.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Uqodanfe\syurci.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Uqpayz\ericb.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Urubono\toilyg.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Utmoedq\zoimnyc.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Uvcooxyz\axykm.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Uvrosaom\ivgoqay.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Uvrymy\qaohib.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Uxudko\yqero.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Uzgyyq\terybok.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Vecarofy\aworim.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Veewwyi\loyqxio.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Vikevuu\remyh.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Viulxa\keyphui.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Vovyobly\rigiyn.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Vufyugyp\yhxom.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Weywnog\iczobi.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Wezeuzxa\giyxryz.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Wiceukn\atwuba.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Wihoekaw\yswyad.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Wynuoc\emyldyc.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Wyzusuap\ogiqy.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Xaesava\bumis.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Xeqeelm\tekuiru.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Xibyivuf\liqeixh.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Xisepu\unenu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Xyaxar\bepie.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Xygaapw\azybyxq.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Xynupye\qoityw.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Xyosxio\uqixiry.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ybdyenu\idziz.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ybqeis\utykfov.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ybydduki\umbua.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ycaknac\zuutduh.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ycmayn\uwkyyvk.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ycymolyf\honuz.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Yddaikhi\awcyfo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Yfazpo\odecu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Yfewoh\cutufuy.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Yfohno\qyegiwa.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Yhsiozre\uhsoep.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ykylbyy\byaszy.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ylbuik\ugpaa.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ylufab\ubteawf.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ylvaviet\efseog.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ylydxuxo\elota.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ynupof\roafiwn.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ynykomz\ukyqqu.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ypeduhly\fuuzobh.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ypuqpy\maige.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Yqexnu\vaipte.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ytiletav\nadusee.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ytuvkyv\kanou.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Yvfaofi\bymot.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Ywozity\quocbo.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Yxbayfgy\ocihhev.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Yzyxzisu\yhokoz.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Zaxiupe\labire.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Zeosdi\alery.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Zeqado\emygom.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Zolyiwh\alkod.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Zyepyv\nogicuq.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Zymyefx\otuwze.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Toma\AppData\Roaming\Zyyhfea\gioxen.exe.vir (Trojan.Zbot.RRE) -> Quarantined and deleted successfully.

(end)

[JToma]

So at this point the processes have not returned. Everything seems back to normal which is a relief. Time to purchase MBAM to help prevent this in the future. I'll definitely send another donation in the near future and thank you for all your help Kevin. Crossing my fingers it stays good for a while.

[kevinf80]

Yep the malwarebytes log only shows items that were held in quarantine, no other issues show up. This has been a journey for sure against that persistent nuisance, at least we seem to have won this time.

 

Regarding upgrading to the Pro version of Malwarebytes, yes I agree a very wise decision. We still need to clean up, remove tools etc....

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete that log if successful.

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

• Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  
• Double click icon to start the program.
  If you are using Vista or Windows 7 accept UAC
  
• Then Click the big button.
  
• You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.
  
• This will remove tools we have used and itself.
  

 

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

 

Any tools/logs remaining on the Desktop or downloads folder can be deleted. Such as:

 

DDS plus its logs

RogueKiller pluse its folder RK_Quarantine

TDSSKiller

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

• 
     
• Activate UAC
     
• Remove disinfection tools
     
• Create registry backup
     
• Purge System Restore
     
• Reset system settings
  

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Let me know if those steps complete OK, also if any remaining issues or concerns...

 

Kevin...

 

fixlist.txt

[JToma]

All the steps went perfectly. After one last reboot, nothing unwanted is popping up or draining memory. Feels good to have a clean computer again.