Jump to content

UPDATEFLASHPLAYER_.exe virus


Recommended Posts

Hello,

So I opened one of these UPDATEFLASHPLAYER .EXE files saying I had a court date coming up. I probably tried to unzip the file 4 times in total, and now my computer is a mess. I can not even use my computer unless in safe mode, hence I am using my IPad to post this message. Please help.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

here is the FRST.txt log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by McBride (administrator) on MCBRIDE-PC on 08-06-2014 13:21:15
Running from C:\Users\McBride\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\McBride\AppData\Local\vuvuqpdj.exe
(Global Trade) C:\Users\McBride\AppData\Roaming\Ivytcuib\goipe.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Dropbox, Inc.) C:\Users\McBride\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\McBride\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Users\McBride\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-22] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6965792 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1451304 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [448376 2008-12-18] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1318912 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] => C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1007616 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [TPCHWMsg] => C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe [570736 2009-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1283384 2009-04-01] (TOSHIBA Corporation)
HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1087752 2009-11-26] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-06-15] (Google Inc.)
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [135680 2008-07-03] (Microsoft Corporation)
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [Google Update] => C:\Users\McBride\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-07-28] (Google Inc.)
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [abkvowdb] => C:\Users\McBride\AppData\Local\vuvuqpdj.exe [161792 2014-06-02] ()
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [cjctaxli] => C:\Users\McBride\AppData\Local\uruxvwwx.exe [208896 2014-06-02] ()
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [dhqxtfta] => C:\Users\McBride\AppData\Local\xlksvnnb.exe [208896 2014-06-02] ()
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [Pupeynfur] => C:\Users\McBride\AppData\Roaming\Ivytcuib\goipe.exe [324608 2013-06-15] (Global Trade)
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [tnfmfkbp] => C:\Users\McBride\AppData\Local\qcbksdiq.exe [212992 2014-06-02] ()
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [dlaliccx] => C:\Users\McBride\AppData\Local\drohihjp.exe [212992 2014-06-02] ()
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [beuvdecp] => C:\Users\McBride\AppData\Local\qhcpvoki.exe [212992 2014-06-02] ()
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [sulegbps] => C:\Users\McBride\AppData\Local\jfbcgkuj.exe [212992 2014-06-02] ()
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [sjvrjhgb] => C:\Users\McBride\AppData\Local\veciwsxq.exe [155648 2014-06-06] ()
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [udkngdbm] => C:\Users\McBride\AppData\Local\xduxouwe.exe [151552 2014-06-08] ()
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [Peryoxoku] => C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe [280679 2013-09-18] (Microsoft Corporation)
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\MountPoints2: {15c958cc-9a5e-11df-997e-001e33ca16b8} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\McBride\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\McBride\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.242.0.12
 
FireFox:
========
FF ProfilePath: C:\Users\McBride\AppData\Roaming\Mozilla\Firefox\Profiles\yg0n17j0.default
FF Homepage: Google.com
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 5643
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\McBride\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\McBride\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\McBride\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\McBride\AppData\Roaming\Mozilla\Firefox\Profiles\yg0n17j0.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-07-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-10-09]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009-10-09]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\McBride\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\McBride\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\McBride\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\McBride\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McBride\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Autodesk Homestyler) - C:\Users\McBride\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2011-09-05]
CHR Extension: (Google Wallet) - C:\Users\McBride\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR StartMenuInternet: Google Chrome - C:\Users\McBride\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [238328 2009-11-13] (WildTangent, Inc.)
R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [57344 2009-02-19] (TOSHIBA Corporation)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-14] (TOSHIBA Corporation)
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation)
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-09] (TOSHIBA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [500224 2009-03-09] (Realtek Semiconductor Corporation                           )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-08 13:21 - 2014-06-08 13:27 - 00024895 _____ () C:\Users\McBride\Downloads\FRST.txt
2014-06-08 13:20 - 2014-06-08 13:22 - 00000000 ____D () C:\FRST
2014-06-08 13:18 - 2014-06-08 13:18 - 01063424 _____ (Farbar) C:\Users\McBride\Downloads\FRST.exe
2014-06-08 13:16 - 2014-06-08 13:17 - 02072576 _____ (Farbar) C:\Users\McBride\Downloads\FRST64.exe
2014-06-08 13:16 - 2014-06-08 13:16 - 00000810 _____ () C:\Windows\Tasks\Security Center Update - 687410095.job
2014-06-08 13:16 - 2014-06-08 13:16 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ydmyuv
2014-06-08 13:15 - 2014-06-08 13:15 - 00151552 _____ () C:\Users\McBride\AppData\Local\xduxouwe.exe
2014-06-06 10:29 - 2014-06-06 10:29 - 00155648 _____ () C:\Users\McBride\AppData\Local\veciwsxq.exe
2014-06-06 10:28 - 2014-06-06 10:28 - 00113168 _____ () C:\Users\McBride\AppData\Local\pbekucqs.exe
2014-06-03 01:47 - 2014-06-03 02:00 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 219287187.job
2014-06-03 01:47 - 2014-06-03 01:47 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Nogoew
2014-06-03 00:26 - 2014-06-03 00:33 - 00002326 _____ () C:\Users\McBride\Desktop\Rkill.txt
2014-06-03 00:25 - 2014-06-03 00:25 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\McBride\Downloads\rkill.exe
2014-06-03 00:13 - 2014-06-03 00:13 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ocbopae
2014-06-02 22:28 - 2014-06-02 22:28 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Howomoos
2014-06-02 22:11 - 2014-06-02 22:11 - 00000917 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-02 21:49 - 2014-06-02 21:49 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Nuylub
2014-06-02 20:23 - 2014-06-02 20:23 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Mexemye
2014-06-02 18:13 - 2014-06-02 18:13 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Horeep
2014-06-02 17:57 - 2014-06-02 17:57 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Tyiscuha
2014-06-02 17:33 - 2014-06-02 17:33 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Apxoazot
2014-06-02 17:32 - 2014-06-02 17:32 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Qapuqa
2014-06-02 17:32 - 2014-06-02 17:32 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Orymom
2014-06-02 17:05 - 2014-06-02 17:05 - 00212992 _____ () C:\Users\McBride\AppData\Local\jfbcgkuj.exe
2014-06-02 16:00 - 2014-06-02 16:00 - 00212992 _____ () C:\Users\McBride\AppData\Local\qhcpvoki.exe
2014-06-02 15:40 - 2014-06-02 15:40 - 00212992 _____ () C:\Users\McBride\AppData\Local\drohihjp.exe
2014-06-02 15:23 - 2014-06-02 15:23 - 00212992 _____ () C:\Users\McBride\AppData\Local\qcbksdiq.exe
2014-06-02 14:43 - 2014-06-02 14:43 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Viduapta
2014-06-02 14:31 - 2014-06-02 14:31 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ubulycoc
2014-06-02 14:10 - 2014-06-02 14:10 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Iwgisi
2014-06-02 13:54 - 2014-06-02 13:54 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Gelyizoh
2014-06-02 12:52 - 2014-06-02 12:52 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Eqhiqui
2014-06-02 12:46 - 2014-06-02 12:46 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Pyripux
2014-06-02 12:37 - 2014-06-02 12:37 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ivytcuib
2014-06-02 11:50 - 2014-06-02 11:50 - 00068782 _____ () C:\Users\McBride\AppData\Local\mdwbroxh
2014-06-02 11:49 - 2014-06-02 11:49 - 00208896 _____ () C:\Users\McBride\AppData\Local\xlksvnnb.exe
2014-06-02 11:43 - 2014-06-02 11:43 - 00208896 _____ () C:\Users\McBride\AppData\Local\uruxvwwx.exe
2014-06-02 11:27 - 2014-06-02 11:27 - 00088520 _____ () C:\Users\McBride\Downloads\ID_Court_Notice_DN7429 (1).zip
2014-06-02 11:26 - 2014-06-02 11:26 - 00161792 _____ () C:\Users\McBride\AppData\Local\vuvuqpdj.exe
2014-05-15 07:13 - 2014-05-05 19:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 07:13 - 2014-05-05 19:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 07:13 - 2014-05-05 19:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 07:15 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-09 15:53 - 2014-05-09 15:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
==================== One Month Modified Files and Folders =======
 
2014-06-08 13:31 - 2009-10-04 19:49 - 00000000 ____D () C:\Users\McBride\AppData\Local\Temp
2014-06-08 13:27 - 2014-06-08 13:21 - 00024895 _____ () C:\Users\McBride\Downloads\FRST.txt
2014-06-08 13:27 - 2009-06-15 22:03 - 01442443 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 13:22 - 2014-06-08 13:20 - 00000000 ____D () C:\FRST
2014-06-08 13:18 - 2014-06-08 13:18 - 01063424 _____ (Farbar) C:\Users\McBride\Downloads\FRST.exe
2014-06-08 13:17 - 2014-06-08 13:16 - 02072576 _____ (Farbar) C:\Users\McBride\Downloads\FRST64.exe
2014-06-08 13:16 - 2014-06-08 13:16 - 00000810 _____ () C:\Windows\Tasks\Security Center Update - 687410095.job
2014-06-08 13:16 - 2014-06-08 13:16 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ydmyuv
2014-06-08 13:15 - 2014-06-08 13:15 - 00151552 _____ () C:\Users\McBride\AppData\Local\xduxouwe.exe
2014-06-08 13:10 - 2013-12-27 01:54 - 00000000 ___RD () C:\Users\McBride\Desktop\Dropbox
2014-06-08 13:10 - 2012-10-29 09:37 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Dropbox
2014-06-08 13:09 - 2014-05-06 23:52 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\DropboxMaster
2014-06-08 13:07 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 13:07 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 13:07 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 10:45 - 2010-07-28 12:00 - 00001356 _____ () C:\Users\McBride\AppData\Local\d3d9caps.dat
2014-06-06 10:45 - 2010-01-02 22:58 - 00327680 ____R () C:\Users\McBride\Hedgerow Homeowners Association.QBW.TLG
2014-06-06 10:45 - 2009-10-31 13:24 - 107114496 ____R () C:\Users\McBride\Hedgerow Homeowners Association.QBW
2014-06-06 10:45 - 2009-10-04 19:49 - 00000000 ____D () C:\Users\McBride
2014-06-06 10:29 - 2014-06-06 10:29 - 00155648 _____ () C:\Users\McBride\AppData\Local\veciwsxq.exe
2014-06-06 10:28 - 2014-06-06 10:28 - 00113168 _____ () C:\Users\McBride\AppData\Local\pbekucqs.exe
2014-06-06 10:27 - 2006-11-02 08:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-03 02:05 - 2006-11-02 09:01 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-03 02:00 - 2014-06-03 01:47 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 219287187.job
2014-06-03 01:51 - 2010-07-28 13:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871051671-912311258-1205727755-1000UA.job
2014-06-03 01:47 - 2014-06-03 01:47 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Nogoew
2014-06-03 01:18 - 2008-01-20 22:47 - 00284506 _____ () C:\Windows\PFRO.log
2014-06-03 00:33 - 2014-06-03 00:26 - 00002326 _____ () C:\Users\McBride\Desktop\Rkill.txt
2014-06-03 00:25 - 2014-06-03 00:25 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\McBride\Downloads\rkill.exe
2014-06-03 00:13 - 2014-06-03 00:13 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ocbopae
2014-06-03 00:10 - 2010-08-05 17:02 - 00087608 _____ () C:\Users\McBride\AppData\Roaming\inst.exe
2014-06-03 00:10 - 2010-08-05 17:02 - 00047360 _____ (VSO Software) C:\Users\McBride\AppData\Roaming\pcouffin.sys
2014-06-03 00:10 - 2010-08-05 17:02 - 00007887 _____ () C:\Users\McBride\AppData\Roaming\pcouffin.cat
2014-06-03 00:10 - 2010-08-05 17:02 - 00000033 _____ () C:\Users\McBride\AppData\Roaming\pcouffin.log
2014-06-03 00:10 - 2010-08-05 17:02 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Vso
2014-06-02 22:28 - 2014-06-02 22:28 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Howomoos
2014-06-02 22:11 - 2014-06-02 22:11 - 00000917 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-02 22:11 - 2010-07-28 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-06-02 22:11 - 2010-07-28 11:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-06-02 21:49 - 2014-06-02 21:49 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Nuylub
2014-06-02 21:23 - 2012-09-23 15:33 - 00002593 _____ () C:\Users\McBride\Desktop\Gingerbread.lnk
2014-06-02 21:16 - 2012-07-22 18:58 - 00002595 _____ () C:\Users\McBride\Desktop\Bunbun.lnk
2014-06-02 20:23 - 2014-06-02 20:23 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Mexemye
2014-06-02 18:21 - 2009-10-31 13:58 - 00000354 _____ () C:\Users\McBride\Hedgerow Homeowners Association.QBW.ND
2014-06-02 18:14 - 2006-11-02 06:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-02 18:13 - 2014-06-02 18:13 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Horeep
2014-06-02 17:57 - 2014-06-02 17:57 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Tyiscuha
2014-06-02 17:33 - 2014-06-02 17:33 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Apxoazot
2014-06-02 17:32 - 2014-06-02 17:32 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Qapuqa
2014-06-02 17:32 - 2014-06-02 17:32 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Orymom
2014-06-02 17:05 - 2014-06-02 17:05 - 00212992 _____ () C:\Users\McBride\AppData\Local\jfbcgkuj.exe
2014-06-02 16:00 - 2014-06-02 16:00 - 00212992 _____ () C:\Users\McBride\AppData\Local\qhcpvoki.exe
2014-06-02 15:40 - 2014-06-02 15:40 - 00212992 _____ () C:\Users\McBride\AppData\Local\drohihjp.exe
2014-06-02 15:23 - 2014-06-02 15:23 - 00212992 _____ () C:\Users\McBride\AppData\Local\qcbksdiq.exe
2014-06-02 14:43 - 2014-06-02 14:43 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Viduapta
2014-06-02 14:31 - 2014-06-02 14:31 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ubulycoc
2014-06-02 14:10 - 2014-06-02 14:10 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Iwgisi
2014-06-02 13:54 - 2014-06-02 13:54 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Gelyizoh
2014-06-02 12:52 - 2014-06-02 12:52 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Eqhiqui
2014-06-02 12:51 - 2010-07-28 13:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871051671-912311258-1205727755-1000Core.job
2014-06-02 12:46 - 2014-06-02 12:46 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Pyripux
2014-06-02 12:37 - 2014-06-02 12:37 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ivytcuib
2014-06-02 11:50 - 2014-06-02 11:50 - 00068782 _____ () C:\Users\McBride\AppData\Local\mdwbroxh
2014-06-02 11:49 - 2014-06-02 11:49 - 00208896 _____ () C:\Users\McBride\AppData\Local\xlksvnnb.exe
2014-06-02 11:43 - 2014-06-02 11:43 - 00208896 _____ () C:\Users\McBride\AppData\Local\uruxvwwx.exe
2014-06-02 11:27 - 2014-06-02 11:27 - 00088520 _____ () C:\Users\McBride\Downloads\ID_Court_Notice_DN7429 (1).zip
2014-06-02 11:26 - 2014-06-02 11:26 - 00161792 _____ () C:\Users\McBride\AppData\Local\vuvuqpdj.exe
2014-05-29 15:25 - 2011-10-13 01:06 - 00000000 ____D () C:\Users\McBride\AppData\Local\CutePDF Writer
2014-05-29 14:19 - 2010-01-25 00:58 - 00000000 ____D () C:\Users\McBride\Desktop\Job Stuff
2014-05-24 07:06 - 2013-12-27 01:51 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-19 20:15 - 2006-11-02 08:52 - 00082413 _____ () C:\Windows\setupact.log
2014-05-15 07:47 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 07:20 - 2013-08-15 08:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 07:16 - 2006-11-02 06:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-14 14:20 - 2013-11-19 16:58 - 00000000 ____D () C:\Users\McBride\Desktop\Carries School Stuff
2014-05-14 14:19 - 2013-10-18 13:55 - 00000000 ____D () C:\Users\McBride\Desktop\Morgans School Work
2014-05-11 10:00 - 2012-07-06 12:48 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-09 15:53 - 2014-05-09 15:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 
Some content of TEMP:
====================
C:\Users\McBride\AppData\Local\Temp\AskSLib.dll
C:\Users\McBride\AppData\Local\Temp\contentDATs.exe
C:\Users\McBride\AppData\Local\Temp\converter.exe
C:\Users\McBride\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa6tbyj.dll
C:\Users\McBride\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\McBride\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\McBride\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\McBride\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\McBride\AppData\Local\Temp\mssinstaller.exe
C:\Users\McBride\AppData\Local\Temp\QuickBooks_Password_Tool2.exe
C:\Users\McBride\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\McBride\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_0b016637.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_0c3ec79a.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_107e0907.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_155b33a1.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_15cf625f.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_323a6703.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_42e2cb7c.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_5c1b9619.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_75c1d804.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_77e15a5d.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_8712aa06.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_9108dc9a.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_9a05423e.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_a5a622c5.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_a8ba374b.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_afe41422.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_b438161b.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_bd5a3892.exe
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_d6efe619.exe
C:\Users\McBride\AppData\Local\Temp\x8c-adiu.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-06-08 13:16
 
==================== End Of Log ============================
Link to post
Share on other sites

here is the Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by McBride at 2014-06-08 13:32:12
Running from C:\Users\McBride\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{8A04B73D-8C7C-F661-72F0-6FF3B0DF24ED}) (Version: 3.0.723.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
C6300 (Version: 120.0.235.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0421.2132.36832 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0421.2132.36832 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Czech (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Danish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Dutch (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help English (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Finnish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help French (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help German (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Greek (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Italian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Japanese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Korean (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Polish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Russian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Spanish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Swedish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Thai (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Turkish (Version: 2009.0421.2131.36832 - ATI) Hidden
ccc-core-static (Version: 2009.0421.2132.36832 - ATI) Hidden
ccc-utility (Version: 2009.0421.2132.36832 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CTRL Center Solutions Toolkit (HKLM\...\ctrlcenter_stk_sop_stk) (Version: 31.0.46.0 - Support.com, Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Direct DiscRecorder (Version: 1.00.0000 - Corel Corporation) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
DVD MovieFactory for TOSHIBA (Version: 7.0.0 - Corel Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4 (HKLM\...\{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}) (Version: 12.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Indigo Renderer v3.6.26 (HKLM\...\Indigo Renderer v3.6.26) (Version: 3.6.26 - Glare Technologies Ltd.)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Netzero Internet Access Installer (HKLM\...\{5FFF9453-7B94-462A-B8F7-AC6D8D9EB1B5}) (Version: 1.0.Q1.09 - TOSHIBA Corporation)
Norton Internet Security (Version: 16.5.0.134 - Symantec Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC runtime (HKLM\...\{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}) (Version: 1 - Microsoft Corporation)
PS_AIO_04_C6300_Software_Min (Version: 120.0.235.000 - Hewlett-Packard) Hidden
QuickBooks (Version: 20.0.4005.807 - Intuit Inc.) Hidden
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
QuickBooks Pro 2010 (HKLM\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4005.807 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5809 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20130 - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0003 - Realtek)
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skins (Version: 2009.0421.2132.36832 - ATI) Hidden
Skype Launcher (HKLM\...\{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}) (Version: 1.0 - TOSHIBA Corporation)
smartmontools (HKLM\...\smartmontools) (Version: 5.39 2009-12-09 r2995 (sf-win32-5.39-1) - )
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.10.0 - Synaptics Incorporated)
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
TOSHIBA Agreement Notification Utility (HKLM\...\InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}) (Version: 1.0.11.0 - TOSHIBA Corporation)
TOSHIBA Agreement Notification Utility (Version: 1.0.11.0 - TOSHIBA Corporation) Hidden
Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 8.0.0.4 - Toshiba)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.10 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}) (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 2.11.09 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.0.2.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.2.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.0.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.0.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.00 - TOSHIBA Corporation)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.00 - TOSHIBA Corporation) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.3.1.0 - TOSHIBA Corporation)
Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
Toshiba Resources Page (HKLM\...\{21526716-DFD8-4B90-86D9-EF9F47057B3E}) (Version: 1.0.2.1 - TOSHIBA Corporation)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.6_Vista32 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.0.26 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version:  - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.02 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.8 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.8 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.0.1.8 - TOSHIBA Corporation)
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VoiceOver Kit (HKLM\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
WildTangent Games (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.66 - WildTangent)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
Zero Assumption Recovery Version 9 (HKLM\...\Zero Assumption Recovery_is1) (Version:  - )
 
==================== Restore Points  =========================
 
22-05-2014 12:30:05 Scheduled Checkpoint
23-05-2014 11:23:06 Scheduled Checkpoint
24-05-2014 11:57:45 Scheduled Checkpoint
25-05-2014 01:07:45 Scheduled Checkpoint
26-05-2014 13:58:43 Scheduled Checkpoint
27-05-2014 11:33:27 Scheduled Checkpoint
28-05-2014 11:07:24 Scheduled Checkpoint
29-05-2014 12:47:50 Scheduled Checkpoint
30-05-2014 11:59:41 Windows Update
31-05-2014 13:49:24 Scheduled Checkpoint
01-06-2014 13:46:59 Scheduled Checkpoint
02-06-2014 11:49:33 Scheduled Checkpoint
03-06-2014 01:58:59 Windows Defender Checkpoint
03-06-2014 05:44:30 Windows Update
08-06-2014 17:25:51 Windows Update
 
==================== Hosts content: ==========================
 
2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {021EA030-94E9-4CEC-BC1A-066C8E6A2D67} - System32\Tasks\Security Center Update - 1964310562 => C:\Users\McBride\AppData\Roaming\Ocbopae\ybukd.exe [2014-02-01] (Global Trade) <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {372D8AD6-C7E5-46BC-A246-807FCE83C7D5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3871051671-912311258-1205727755-1000Core => C:\Users\McBride\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28] (Google Inc.)
Task: {391C8459-A34C-492F-9CE6-DAB3CC3BCCB8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {C25942A1-6D3E-41CD-B42A-EA8272638805} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3871051671-912311258-1205727755-1000UA => C:\Users\McBride\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28] (Google Inc.)
Task: {CB4F3EF8-7460-4ECD-9F81-8383B95C1E2E} - System32\Tasks\Security Center Update - 219287187 => C:\Users\McBride\AppData\Roaming\Nogoew\yhzea.exe [2013-11-04] (Global Trade) <==== ATTENTION
Task: {CDC26F91-52B9-4F2D-8375-B776E7A2BD82} - System32\Tasks\Security Center Update - 687410095 => C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe [2013-09-18] (Microsoft Corporation) <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E8FE0894-7097-4623-BD48-32E2DA591FEF} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {EC79A2F4-BCF9-469E-9551-DA6597B3C795} - System32\Tasks\WebReg HP Photosmart C6300 series => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe [2008-10-16] (Hewlett-Packard Co.)
Task: {F66926CA-7145-4123-B1DC-0F2ED61FF4D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871051671-912311258-1205727755-1000Core.job => C:\Users\McBride\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871051671-912311258-1205727755-1000UA.job => C:\Users\McBride\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 219287187.job => C:\Users\McBride\AppData\Roaming\Nogoew\yhzea.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 687410095.job => C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe <==== ATTENTION
Task: C:\Windows\Tasks\WebReg HP Photosmart C6300 series.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-10-13 01:05 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2009-06-15 21:12 - 2009-04-22 01:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-03-07 16:15 - 2009-03-07 16:15 - 07005496 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-07-14 13:37 - 2008-07-14 13:37 - 00095544 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-05-03 23:29 - 2006-10-10 14:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 14:57 - 2006-10-07 14:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 20:55 - 2006-12-01 20:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-01-31 01:11 - 2009-01-31 01:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-06-02 11:26 - 2014-06-02 11:26 - 00161792 _____ () C:\Users\McBride\AppData\Local\vuvuqpdj.exe
2014-06-08 13:08 - 2014-06-08 13:08 - 00043008 _____ () c:\users\mcbride\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa6tbyj.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\McBride\AppData\Roaming\Dropbox\bin\libcef.dll
2009-06-15 21:14 - 2009-06-15 21:14 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-01-30 13:41 - 2009-01-30 13:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-06-15 21:14 - 2009-06-15 21:14 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-22 07:52 - 2014-05-13 19:40 - 04217672 _____ () C:\Users\McBride\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-22 07:52 - 2014-05-13 19:40 - 00414536 _____ () C:\Users\McBride\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-22 07:52 - 2014-05-13 19:40 - 01732424 _____ () C:\Users\McBride\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2015 Series
Description: HP LaserJet P2015 Series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/08/2014 01:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module Flash10d.ocx, version 10.0.42.34, time stamp 0x4ae7baed, exception code 0xc0000005, fault offset 0x000df343,
process id 0x1604, application start time 0xiexplore.exe0.
 
Error: (06/08/2014 01:19:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module Flash10d.ocx, version 10.0.42.34, time stamp 0x4ae7baed, exception code 0xc0000005, fault offset 0x00240ba8,
process id 0xd20, application start time 0xiexplore.exe0.
 
Error: (06/08/2014 01:08:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/06/2014 10:48:33 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
InitSystem CheckDBServerEnvironment failed
 
Error: (06/06/2014 10:47:59 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DMError Information:-6176Additional Info:We were unable to obtain the IP address this was probably caused because the file is on a distributed file system.
 
Error: (06/06/2014 10:47:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
InitSystem returned non success HRESULT 0x8004050e
 
Error: (06/06/2014 10:47:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
InitSystem CheckDBServerEnvironment failed
 
Error: (06/06/2014 10:47:48 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DMError Information:-6176Additional Info:We were unable to obtain the IP address this was probably caused because the file is on a distributed file system.
 
Error: (06/06/2014 10:47:33 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
InitSystem CheckDBServerEnvironment failed
 
Error: (06/06/2014 10:47:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2010":
DMError Information:-6176Additional Info:We were unable to obtain the IP address this was probably caused because the file is on a distributed file system.
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (06/08/2014 01:39:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mcupdate.EXE6.1.1000.183074b15b191KERNEL32.dll6.0.6002.1903452f2ec86e0434f4d0003fd1e176801cf833d7e1cbcd0
 
Error: (06/08/2014 01:36:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.16545531a4f73Flash10d.ocx10.0.42.344ae7baedc0000005000df343160401cf833fae682990
 
Error: (06/08/2014 01:19:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.16545531a4f73Flash10d.ocx10.0.42.344ae7baedc000000500240ba8d2001cf833c8b8af590
 
Error: (06/08/2014 01:08:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/06/2014 10:48:33 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro 2010InitSystem CheckDBServerEnvironment failed
 
Error: (06/06/2014 10:47:59 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro 2010DMError Information:-6176Additional Info:We were unable to obtain the IP address this was probably caused because the file is on a distributed file system.
 
Error: (06/06/2014 10:47:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro 2010InitSystem returned non success HRESULT 0x8004050e
 
Error: (06/06/2014 10:47:50 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro 2010InitSystem CheckDBServerEnvironment failed
 
Error: (06/06/2014 10:47:48 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro 2010DMError Information:-6176Additional Info:We were unable to obtain the IP address this was probably caused because the file is on a distributed file system.
 
Error: (06/06/2014 10:47:33 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro 2010InitSystem CheckDBServerEnvironment failed
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-09-25 14:36:21.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-25 14:36:21.095
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-25 14:36:20.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-25 14:36:20.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-25 14:36:20.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-12 00:58:20.104
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-12 00:58:19.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-12 00:58:19.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-12 00:58:18.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-09-12 00:58:18.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 83%
Total physical RAM: 2813.07 MB
Available physical RAM: 458.93 MB
Total Pagefile: 5862.71 MB
Available Pagefile: 3085.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.32 MB
 
==================== Drives ================================
 
Drive c: (TI100760V0G) (Fixed) (Total:287.88 GB) (Free:13.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 4C1F7021)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open: Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

 

Please Update and run a Quick scan

 

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Let me see those logs in your next reply..

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Thank you for your help!

When I clicked on the link for fixlist, it did not give me an option to download to my desktop, nor do I see anywhere to select RUN or to press a fix button. There was a log created however, but I have not posted incase it is the incorrect log.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:06-06-2014

Ran by McBride at 2014-06-08 19:41:19 Run:1

Running from C:\Users\McBride\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [abkvowdb] => C:\Users\McBride\AppData\Local\vuvuqpdj.exe [161792 2014-06-02] ()

C:\Users\McBride\AppData\Local\vuvuqpdj.exe

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [cjctaxli] => C:\Users\McBride\AppData\Local\uruxvwwx.exe [208896 2014-06-02] ()

C:\Users\McBride\AppData\Local\uruxvwwx.exe

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [dhqxtfta] => C:\Users\McBride\AppData\Local\xlksvnnb.exe [208896 2014-06-02] ()

C:\Users\McBride\AppData\Local\xlksvnnb.exe

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [Pupeynfur] => C:\Users\McBride\AppData\Roaming\Ivytcuib\goipe.exe [324608 2013-06-15] (Global Trade)

C:\Users\McBride\AppData\Roaming\Ivytcuib

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [tnfmfkbp] => C:\Users\McBride\AppData\Local\qcbksdiq.exe [212992 2014-06-02] ()

C:\Users\McBride\AppData\Local\qcbksdiq.exe 

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [dlaliccx] => C:\Users\McBride\AppData\Local\drohihjp.exe [212992 2014-06-02] ()

C:\Users\McBride\AppData\Local\drohihjp.exe

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [beuvdecp] => C:\Users\McBride\AppData\Local\qhcpvoki.exe [212992 2014-06-02] ()

C:\Users\McBride\AppData\Local\qhcpvoki.exe

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [sulegbps] => C:\Users\McBride\AppData\Local\jfbcgkuj.exe [212992 2014-06-02] ()

C:\Users\McBride\AppData\Local\jfbcgkuj.exe

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [sjvrjhgb] => C:\Users\McBride\AppData\Local\veciwsxq.exe [155648 2014-06-06] ()

C:\Users\McBride\AppData\Local\veciwsxq.exe

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [udkngdbm] => C:\Users\McBride\AppData\Local\xduxouwe.exe [151552 2014-06-08] ()

C:\Users\McBride\AppData\Local\xduxouwe.exe

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\Run: [Peryoxoku] => C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe [280679 2013-09-18] (Microsoft Corporation)

C:\Users\McBride\AppData\Roaming\Ydmyuv

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\MountPoints2: F - F:\LaunchU3.exe -a

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\...\MountPoints2: {15c958cc-9a5e-11df-997e-001e33ca16b8} - F:\LaunchU3.exe -a

FF NetworkProxy: "http", "127.0.0.1"

FF NetworkProxy: "http_port", 5643

FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"

FF NetworkProxy: "type", 0

2014-06-08 13:16 - 2014-06-08 13:16 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ydmyuv

2014-06-08 13:15 - 2014-06-08 13:15 - 00151552 _____ () C:\Users\McBride\AppData\Local\xduxouwe.exe

2014-06-06 10:29 - 2014-06-06 10:29 - 00155648 _____ () C:\Users\McBride\AppData\Local\veciwsxq.exe

2014-06-06 10:28 - 2014-06-06 10:28 - 00113168 _____ () C:\Users\McBride\AppData\Local\pbekucqs.exe

2014-06-03 01:47 - 2014-06-03 02:00 - 00000808 _____ () C:\Windows\Tasks\Security Center Update - 219287187.job

2014-06-03 01:47 - 2014-06-03 01:47 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Nogoew

2014-06-03 00:13 - 2014-06-03 00:13 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ocbopae

2014-06-02 22:28 - 2014-06-02 22:28 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Howomoos

2014-06-02 21:49 - 2014-06-02 21:49 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Nuylub

2014-06-02 20:23 - 2014-06-02 20:23 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Mexemye

2014-06-02 18:13 - 2014-06-02 18:13 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Horeep

2014-06-02 17:57 - 2014-06-02 17:57 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Tyiscuha

2014-06-02 17:33 - 2014-06-02 17:33 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Apxoazot

2014-06-02 17:32 - 2014-06-02 17:32 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Qapuqa

2014-06-02 17:32 - 2014-06-02 17:32 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Orymom

2014-06-02 17:05 - 2014-06-02 17:05 - 00212992 _____ () C:\Users\McBride\AppData\Local\jfbcgkuj.exe

2014-06-02 16:00 - 2014-06-02 16:00 - 00212992 _____ () C:\Users\McBride\AppData\Local\qhcpvoki.exe

2014-06-02 15:40 - 2014-06-02 15:40 - 00212992 _____ () C:\Users\McBride\AppData\Local\drohihjp.exe

2014-06-02 15:23 - 2014-06-02 15:23 - 00212992 _____ () C:\Users\McBride\AppData\Local\qcbksdiq.exe

2014-06-02 14:43 - 2014-06-02 14:43 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Viduapta

2014-06-02 14:31 - 2014-06-02 14:31 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ubulycoc

2014-06-02 14:10 - 2014-06-02 14:10 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Iwgisi

2014-06-02 13:54 - 2014-06-02 13:54 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Gelyizoh

2014-06-02 12:52 - 2014-06-02 12:52 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Eqhiqui

2014-06-02 12:46 - 2014-06-02 12:46 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Pyripux

2014-06-02 12:37 - 2014-06-02 12:37 - 00000000 ____D () C:\Users\McBride\AppData\Roaming\Ivytcuib

2014-06-02 11:50 - 2014-06-02 11:50 - 00068782 _____ () C:\Users\McBride\AppData\Local\mdwbroxh

2014-06-02 11:49 - 2014-06-02 11:49 - 00208896 _____ () C:\Users\McBride\AppData\Local\xlksvnnb.exe

2014-06-02 11:43 - 2014-06-02 11:43 - 00208896 _____ () C:\Users\McBride\AppData\Local\uruxvwwx.exe

2014-06-02 11:26 - 2014-06-02 11:26 - 00161792 _____ () C:\Users\McBride\AppData\Local\vuvuqpdj.exe

C:\Users\McBride\AppData\Local\Temp\AskSLib.dll

C:\Users\McBride\AppData\Local\Temp\contentDATs.exe

C:\Users\McBride\AppData\Local\Temp\converter.exe

C:\Users\McBride\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa6tbyj.dll

C:\Users\McBride\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\McBride\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe

C:\Users\McBride\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe

C:\Users\McBride\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

C:\Users\McBride\AppData\Local\Temp\mssinstaller.exe

C:\Users\McBride\AppData\Local\Temp\QuickBooks_Password_Tool2.exe

C:\Users\McBride\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\McBride\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_0b016637.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_0c3ec79a.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_107e0907.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_155b33a1.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_15cf625f.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_323a6703.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_42e2cb7c.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_5c1b9619.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_75c1d804.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_77e15a5d.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_8712aa06.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_9108dc9a.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_9a05423e.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_a5a622c5.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_a8ba374b.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_afe41422.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_b438161b.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_bd5a3892.exe

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_d6efe619.exe

C:\Users\McBride\AppData\Local\Temp\x8c-adiu.dll

Task: {021EA030-94E9-4CEC-BC1A-066C8E6A2D67} - System32\Tasks\Security Center Update - 1964310562 => C:\Users\McBride\AppData\Roaming\Ocbopae\ybukd.exe [2014-02-01] (Global Trade) <==== ATTENTION

Task: {CB4F3EF8-7460-4ECD-9F81-8383B95C1E2E} - System32\Tasks\Security Center Update - 219287187 => C:\Users\McBride\AppData\Roaming\Nogoew\yhzea.exe [2013-11-04] (Global Trade) <==== ATTENTION

Task: {CDC26F91-52B9-4F2D-8375-B776E7A2BD82} - System32\Tasks\Security Center Update - 687410095 => C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe [2013-09-18] (Microsoft Corporation) <==== ATTENTION

Task: C:\Windows\Tasks\Security Center Update - 219287187.job => C:\Users\McBride\AppData\Roaming\Nogoew\yhzea.exe <==== ATTENTION

Task: C:\Windows\Tasks\Security Center Update - 687410095.job => C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe <==== ATTENTION

End

*****************

 

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\abkvowdb => Value not found.

"C:\Users\McBride\AppData\Local\vuvuqpdj.exe" => File/Directory not found.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cjctaxli => Value not found.

"C:\Users\McBride\AppData\Local\uruxvwwx.exe" => File/Directory not found.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dhqxtfta => Value not found.

"C:\Users\McBride\AppData\Local\xlksvnnb.exe" => File/Directory not found.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pupeynfur => value deleted successfully.

C:\Users\McBride\AppData\Roaming\Ivytcuib => Moved successfully.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tnfmfkbp => Value not found.

"C:\Users\McBride\AppData\Local\qcbksdiq.exe" => File/Directory not found.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\dlaliccx => Value not found.

"C:\Users\McBride\AppData\Local\drohihjp.exe" => File/Directory not found.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\beuvdecp => Value not found.

"C:\Users\McBride\AppData\Local\qhcpvoki.exe" => File/Directory not found.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sulegbps => Value not found.

"C:\Users\McBride\AppData\Local\jfbcgkuj.exe" => File/Directory not found.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\sjvrjhgb => value deleted successfully.

C:\Users\McBride\AppData\Local\veciwsxq.exe => Moved successfully.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\udkngdbm => value deleted successfully.

C:\Users\McBride\AppData\Local\xduxouwe.exe => Moved successfully.

HKU\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Peryoxoku => value deleted successfully.

C:\Users\McBride\AppData\Roaming\Ydmyuv => Moved successfully.

'HKU\S-1-5-21-3871051671-912311258-1205727755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3871051671-912311258-1205727755-1000'=> Key not found.

'HKU\S-1-5-21-3871051671-912311258-1205727755-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15c958cc-9a5e-11df-997e-001e33ca16b8}' => Key deleted successfully.

'HKCR\CLSID\{15c958cc-9a5e-11df-997e-001e33ca16b8}'=> Key not found.

Firefox Proxy settings were reset.

Firefox Proxy settings were reset.

Firefox Proxy settings were reset.

Firefox Proxy settings were reset.

"C:\Users\McBride\AppData\Roaming\Ydmyuv" => File/Directory not found.

"C:\Users\McBride\AppData\Local\xduxouwe.exe" => File/Directory not found.

"C:\Users\McBride\AppData\Local\veciwsxq.exe" => File/Directory not found.

C:\Users\McBride\AppData\Local\pbekucqs.exe => Moved successfully.

C:\Windows\Tasks\Security Center Update - 219287187.job => Moved successfully.

C:\Users\McBride\AppData\Roaming\Nogoew => Moved successfully.

C:\Users\McBride\AppData\Roaming\Ocbopae => Moved successfully.

C:\Users\McBride\AppData\Roaming\Howomoos => Moved successfully.

C:\Users\McBride\AppData\Roaming\Nuylub => Moved successfully.

C:\Users\McBride\AppData\Roaming\Mexemye => Moved successfully.

C:\Users\McBride\AppData\Roaming\Horeep => Moved successfully.

C:\Users\McBride\AppData\Roaming\Tyiscuha => Moved successfully.

C:\Users\McBride\AppData\Roaming\Apxoazot => Moved successfully.

C:\Users\McBride\AppData\Roaming\Qapuqa => Moved successfully.

C:\Users\McBride\AppData\Roaming\Orymom => Moved successfully.

"C:\Users\McBride\AppData\Local\jfbcgkuj.exe" => File/Directory not found.

"C:\Users\McBride\AppData\Local\qhcpvoki.exe" => File/Directory not found.

"C:\Users\McBride\AppData\Local\drohihjp.exe" => File/Directory not found.

"C:\Users\McBride\AppData\Local\qcbksdiq.exe" => File/Directory not found.

C:\Users\McBride\AppData\Roaming\Viduapta => Moved successfully.

C:\Users\McBride\AppData\Roaming\Ubulycoc => Moved successfully.

C:\Users\McBride\AppData\Roaming\Iwgisi => Moved successfully.

C:\Users\McBride\AppData\Roaming\Gelyizoh => Moved successfully.

C:\Users\McBride\AppData\Roaming\Eqhiqui => Moved successfully.

C:\Users\McBride\AppData\Roaming\Pyripux => Moved successfully.

"C:\Users\McBride\AppData\Roaming\Ivytcuib" => File/Directory not found.

C:\Users\McBride\AppData\Local\mdwbroxh => Moved successfully.

"C:\Users\McBride\AppData\Local\xlksvnnb.exe" => File/Directory not found.

"C:\Users\McBride\AppData\Local\uruxvwwx.exe" => File/Directory not found.

"C:\Users\McBride\AppData\Local\vuvuqpdj.exe" => File/Directory not found.

C:\Users\McBride\AppData\Local\Temp\AskSLib.dll => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\contentDATs.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\converter.exe => Moved successfully.

"C:\Users\McBride\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa6tbyj.dll" => File/Directory not found.

C:\Users\McBride\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\mssinstaller.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\QuickBooks_Password_Tool2.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_0b016637.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_0c3ec79a.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_107e0907.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_155b33a1.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_15cf625f.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_323a6703.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_42e2cb7c.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_5c1b9619.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_75c1d804.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_77e15a5d.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_8712aa06.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_9108dc9a.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_9a05423e.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_a5a622c5.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_a8ba374b.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_afe41422.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_b438161b.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_bd5a3892.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_d6efe619.exe => Moved successfully.

C:\Users\McBride\AppData\Local\Temp\x8c-adiu.dll => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{021EA030-94E9-4CEC-BC1A-066C8E6A2D67}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{021EA030-94E9-4CEC-BC1A-066C8E6A2D67}' => Key deleted successfully.

C:\Windows\System32\Tasks\Security Center Update - 1964310562 => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1964310562' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB4F3EF8-7460-4ECD-9F81-8383B95C1E2E}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB4F3EF8-7460-4ECD-9F81-8383B95C1E2E}' => Key deleted successfully.

C:\Windows\System32\Tasks\Security Center Update - 219287187 => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 219287187' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDC26F91-52B9-4F2D-8375-B776E7A2BD82}' => Key deleted successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDC26F91-52B9-4F2D-8375-B776E7A2BD82}' => Key deleted successfully.

C:\Windows\System32\Tasks\Security Center Update - 687410095 => Moved successfully.

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 687410095' => Key deleted successfully.

C:\Windows\Tasks\Security Center Update - 219287187.job not found.

C:\Windows\Tasks\Security Center Update - 687410095.job => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.06.08.07

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

McBride :: MCBRIDE-PC [administrator]

 

6/8/2014 7:46:05 PM

mbam-log-2014-06-08 (19-46-05).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 296037

Time elapsed: 3 hour(s), 51 minute(s), 4 second(s)

 

Memory Processes Detected: 1

C:\Users\McBride\AppData\Roaming\Ivytcuib\goipe.exe (Trojan.PolyCrypt.Gen) -> 2016 -> Delete on reboot.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Pupeynfur (Trojan.PolyCrypt.Gen) -> Data: "C:\Users\McBride\AppData\Roaming\Ivytcuib\goipe.exe" -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 7

C:\Users\McBride\AppData\Roaming\Ivytcuib\goipe.exe (Trojan.PolyCrypt.Gen) -> Quarantined and deleted successfully.

C:\Users\McBride\AppData\Local\iqnublld.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 1219245631.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 1244627837.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 1599468786.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3097724372.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

C:\Windows\Tasks\Security Center Update - 3226918997.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.

 

(end)

 

 

 

 

 

 


RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software





 

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : McBride [Admin rights]

Mode : Scan -- Date : 06/09/2014  01:37:21

 

¤¤¤ Bad processes : 2 ¤¤¤

[suspicious.Path] koixgu.exe -- C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe[-] -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe[7] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 4 ¤¤¤

[suspicious.Path] HKEY_USERS\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run | ountcase : "C:\Users\McBride\AppData\Local\kfbsuseh.exe"  -> FOUND

[suspicious.Path] HKEY_USERS\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run | Peryoxoku : C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe  -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 2 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

[C:\Windows\System32\drivers\etc\hosts] ::1             localhost

 

¤¤¤ Antirootkit : 115 ¤¤¤

[EAT:Addr] (explorer.exe) WTSAPI32.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x745f152c

[EAT:Addr] (explorer.exe) WTSAPI32.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x745fc80a

[EAT:Addr] (explorer.exe) WTSAPI32.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x745edd2c

[EAT:Addr] (explorer.exe) WTSAPI32.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x745f7041

[EAT:Addr] (explorer.exe) WTSAPI32.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x745fc9a7

[EAT:Addr] (explorer.exe) WTSAPI32.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x745f1135

[EAT:Addr] (explorer.exe) WTSAPI32.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x745f7131

[EAT:Addr] (explorer.exe) WTSAPI32.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x745f118c

[EAT:Addr] (explorer.exe) WTSAPI32.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x745e7339

[EAT:Addr] (explorer.exe) WTSAPI32.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x745e5197

[EAT:Addr] (explorer.exe) WTSAPI32.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x745fc83a

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x745fb7e8

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x745fc776

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x745fc7b9

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x745fb81e

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x745fb9c1

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x745fc6e7

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x745f0020

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x745f0096

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x745f78fd

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x745fc7c9

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x745f7908

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x745f7913

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x745f791e

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x745fc735

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x745e630f

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x745fb639

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x745ea5b1

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x745e9f93

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x745eb046

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x745e3258

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x745fb5b0

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x745f84e4

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x745e3ef8

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x745e657d

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x745e76f9

[EAT:Addr] (explorer.exe) WTSAPI32.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x745fc646

[EAT:Addr] (explorer.exe) WTSAPI32.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x745fca90

[EAT:Addr] (explorer.exe) WTSAPI32.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x745fc30f

[EAT:Addr] (explorer.exe) WTSAPI32.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x745e6da8

[EAT:Addr] (explorer.exe) WTSAPI32.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x745fc19d

[EAT:Addr] (explorer.exe) WTSAPI32.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x745edc66

[EAT:Addr] (explorer.exe) WTSAPI32.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x745fc06b

[EAT:Addr] (explorer.exe) WTSAPI32.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x745f1cb5

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x745fcb05

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x745f705d

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x745fc527

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x745e7083

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x745f2d45

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x745fbe6f

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x745ece28

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x745fc5ba

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x745e7135

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x745e2d8e

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x745e540a

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x745fbfbb

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x745fbd35

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x745fbbe9

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x745fc3ca

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x745f232c

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x745ec94f

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x745ef459

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x745fb6c3

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x745fcbea

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x745e2c3b

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x745fce45

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x745efaf7

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x745fcd46

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x745fccd2

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x745fcc5e

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x745fb82e

[EAT:Addr] (explorer.exe) WTSAPI32.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x745fc933

[EAT:Addr] (explorer.exe) WTSAPI32.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x745fb8be

[EAT:Addr] (explorer.exe) WTSAPI32.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x745ee373

[EAT:Addr] (explorer.exe) WTSAPI32.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x745e3de5

[EAT:Addr] (explorer.exe) WTSAPI32.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x745fba7f

[EAT:Addr] (explorer.exe) WTSAPI32.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x745fb56c

[EAT:Addr] (explorer.exe) WTSAPI32.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x745f121d

[EAT:Addr] (explorer.exe) WTSAPI32.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x745fcdbc

[EAT:Addr] (explorer.exe) WTSAPI32.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x745f3861

[EAT:Addr] (explorer.exe) WTSAPI32.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x745fb710

[EAT:Addr] (explorer.exe) WTSAPI32.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x745fb75e

[EAT:Addr] (explorer.exe) WTSAPI32.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x745fc8b0

[EAT:Addr] (explorer.exe) WTSAPI32.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x745fca1c

[EAT:Addr] (explorer.exe) WTSAPI32.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x745e7ba3

[EAT:Addr] (explorer.exe) WTSAPI32.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x745fc149

[EAT:Addr] (explorer.exe) WTSAPI32.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x745e7d5d

[EAT:Addr] (explorer.exe) WTSAPI32.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x745fc21a

[EAT:Addr] (explorer.exe) WTSAPI32.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x745f0dee

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x745fcb82

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x745f2c09

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x745fbf0a

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x745fbb47

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x745f2149

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x745ecebb

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x745f3188

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x745e5a70

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x745fc45d

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x745e55f8

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x745f1284

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x745e5305

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x745ee857

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x745fbdc9

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x745fbc84

[EAT:Addr] (explorer.exe) WTSAPI32.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x745e4c48

[EAT:Addr] (explorer.exe) WTSAPI32.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x745fb93f

[EAT:Addr] (explorer.exe) WTSAPI32.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x745fc171

[EAT:Addr] (explorer.exe) WTSAPI32.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x745fc149

[EAT:Addr] (explorer.exe) WTSAPI32.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x745fc2e3

[EAT:Addr] (explorer.exe) WTSAPI32.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x745fb83a

[EAT:Addr] (explorer.exe) WTSAPI32.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x745fb84a

[EAT:Addr] (explorer.exe) WTSAPI32.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x745fb85a

[EAT:Addr] (explorer.exe) WTSAPI32.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x745fb86a

[EAT:Addr] (explorer.exe) WTSAPI32.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x745fcd78

[EAT:Addr] (explorer.exe) WTSAPI32.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x745fb7ac

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3255GSX ATA Device +++++

--- User ---

[MBR] d8f9927ead951a1db2616f5bb42895b2

[bSP] 596a2adc0bf8dd7255a717d61788ca39 : Unknown MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB

1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 294788 MB

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606799872 | Size: 8956 MB

User = LL1 ... OK

User = LL2 ... OK

Link to post
Share on other sites

Run RogueKiller on more time, when the scan completes open the Registry tab, leave checkmark against the following entries and no others and select delete:

 

[suspicious.Path] HKEY_USERS\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run | ountcase : "C:\Users\McBride\AppData\Local\kfbsuseh.exe"  -> FOUND

[suspicious.Path] HKEY_USERS\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run | Peryoxoku : C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe  -> FOUND
 
When complete let me see that log....
 
Next,
 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop) If an executable just save direct to the desktop and run from there....

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites

My computer seems to be clear of the virus, however my computer is very slow, and some programs will say that they "are not responding" they do respond about 5 to 10 seconds later. I also keep getting a "windows explorer has stopped working" message

 

I also ran the "Fixdamage" tool.

 

I have attached the requested logs. Thanks so much for all of your help.

 

RogueKiller V9.0.2.0 [Jun  3 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : McBride [Admin rights]
Mode : Remove -- Date : 06/09/2014  14:14:04
 
¤¤¤ Bad processes : 3 ¤¤¤
[suspicious.Path] koixgu.exe -- C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe[-] -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe[7] -> KILLED [TermProc]
[suspicious.Path] nugpphwf.exe -- C:\Users\McBride\AppData\Local\nugpphwf.exe[-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 5 ¤¤¤
[suspicious.Path] HKEY_USERS\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run | ountcase : "C:\Users\McBride\AppData\Local\kfbsuseh.exe" [x] -> DELETED
[suspicious.Path] HKEY_USERS\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run | Peryoxoku : C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe [x] -> DELETED
[suspicious.Path] HKEY_USERS\S-1-5-21-3871051671-912311258-1205727755-1000\Software\Microsoft\Windows\CurrentVersion\Run | Cepoyfutfabes : C:\Users\McBride\AppData\Roaming\Gyhaxyp\epcib.exe  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[suspicious.Path] Security Center Update - 3503849355.job -- C:\Users\McBride\AppData\Roaming\Gyhaxyp\epcib.exe -> DELETED
[suspicious.Path] \\Security Center Update - 3503849355 -- C:\Users\McBride\AppData\Roaming\Gyhaxyp\epcib.exe -> DELETED
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3255GSX ATA Device +++++
--- User ---
[MBR] d8f9927ead951a1db2616f5bb42895b2
[bSP] 596a2adc0bf8dd7255a717d61788ca39 : Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 294788 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606799872 | Size: 8956 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_06092014_013721.log - RKreport_SCN_06092014_141047.log
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
Java version: 1.6.0_29
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.199000 GHz
Memory total: 2949722112, free: 655663104
 
Downloaded database version: v2014.06.09.06
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
     06/09/2014 14:20:22
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\rtl819xp.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\rtlprot.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\System32\drivers\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8530d780
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85245030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8530d780, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8530d468, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8530d780, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85247898, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85245030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4C1F7021
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 603725824
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 606799872  Numsec = 18341888
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Infected: C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe --> [spyware.Zbot]
Infected: HKU\S-1-5-21-3871051671-912311258-1205727755-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Peryoxoku --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Roaming\Ydmyuv\koixgu.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Roaming\Daeqnibi\mokee.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Roaming\Deidudix\ulowahn.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Roaming\Oxduwy\ebsue.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Roaming\Siowisg\puecu.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Roaming\Ziisriot\owlyica.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_2277eb8f.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_4a3f4914.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_7ad76260.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_86d1db65.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_be4c7766.exe --> [spyware.Zbot]
Infected: C:\Users\McBride\AppData\Local\nugpphwf.exe --> [spyware.Zbot.ED]
Infected: C:\Users\McBride\AppData\Local\tlhntxfh.exe --> [Trojan.Inject]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
Java version: 1.6.0_29
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.199000 GHz
Memory total: 2949722112, free: 1434910720
 
Downloaded database version: v2014.06.09.08
Downloaded database version: v2014.06.02.01
=======================================
Initializing...
------------ Kernel report ------------
     06/09/2014 17:15:44
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\system32\DRIVERS\tos_sps32.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\FwLnk.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\rtl819xp.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\rtlprot.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff854b5030
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8544d390
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff854b5030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff854b55c8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff854b5030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff854b58d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8544d390, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4C1F7021
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 603725824
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 606799872  Numsec = 18341888
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-3074048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-606799872-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
Java version: 1.6.0_29
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.199000 GHz
Memory total: 2949722112, free: 1595760640
 
Downloaded database version: v2014.06.09.10
Downloaded database version: v2014.06.02.01
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
 
Account is Administrative
 
Internet Explorer version: 9.0.8112.16421
 
Java version: 1.6.0_29
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.199000 GHz
Memory total: 2949722112, free: 870744064
 
Downloaded database version: v2014.06.09.10
Downloaded database version: v2014.06.02.01
=======================================
 
 
Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.07.0.1012

www.malwarebytes.org

 

Database version: v2014.06.09.08

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

McBride :: MCBRIDE-PC [administrator]

 

6/9/2014 5:16:03 PM

mbar-log-2014-06-09 (17-16-03).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 298671

Time elapsed: 2 hour(s), 14 minute(s), 

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Thanks for the logs, run the following:

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

 

We now need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste those logs in next reply. Also let me know if any remaining issues or concerns...

 

Kevin...

Link to post
Share on other sites

I think I'm running the Junkware removal tool, however it appears as though nothing is happening. There was an initial window that popped up, and now nothing. The log did not appear, so I am guessing that it is still scanning. How do I know if it is running?

Link to post
Share on other sites

Hello, my computer seems to be running better.

 

when running the ESET scanner, I am not sure if I clicked on all three of the options that you said to click. also, there was not an option to UNtick "Remove found threats" button.

 

also during the scan, there were a couple of windows that popped up and asked me to install software, It was during step 4 of scan. I did not install, and I cant remember what it was.

 

should I run again?

 

 

 

I have attached the requested documents. Thank you for your help!

 


# AdwCleaner v3.212 - Report created 10/06/2014 at 08:13:15

# Updated 05/06/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : McBride - MCBRIDE-PC

# Running from : C:\Users\McBride\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : HKCU\Software\YahooPartnerToolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16545

 

 

-\\ Mozilla Firefox v29.0.1 (en-US)

 

[ File : C:\Users\McBride\AppData\Roaming\Mozilla\Firefox\Profiles\yg0n17j0.default\prefs.js ]

 

 

-\\ Google Chrome v

 

[ File : C:\Users\McBride\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [search Provider] : hxxp://wwwz.websearch.verizon.net/search?rg=&sz=c&dm_qs=qs%3D06oENya4ZG1YS6vOLJwpLiFdjG91ICNYaksiZNUMPLp7OmeaEnOHXf9fWgye38jelY87ChbFj_ZZd0k_6lpQgRnnxDRYFvDgMZW-419h8AIwEM1MxbC7L-LwsIfJ3PxnD8gp6cYHzHYPc0eSb6On63Bo8xxCAxVwRlY22A1XYpK8U4WOBp9yWcF3F2WldZSPFhL4ba9w_kunaos01gW47X6Rwk0i1ZQbEKcRgOgv971EhflDR6l0OiR2TijFsJr2J8vE_MwDTL2buJ9_JURUmpxm60Vb0EhPgCSYylaFs8dVfFUy3FyDMG4J7v6-8hjQ..%2CYT0z&of=3DjW&rn=ggh2LwUEbyJwYQh&om=u&zz=2&qf={searchTerms}&x=0&y=0

Deleted [search Provider] : hxxp://www.results-page.net/index?ClientLocation=us&ParticipantID=euekiz39ksg8nwp7iqj2fp5wzfwi5q76&LinkID=Dg0-pn8AAAEAAAL6OosAAADU&FailureMode=5&SearchQuery={searchTerms}&search=Search

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [search Provider] : hxxp://www.disneystore.com/disney/store/DSISearch?Searchstr={searchTerms}&storeId=10051&catalogId=10002&langId=-1&pageCmdName=homeLandingPage&Ntx=mode+matchallpartial&N=0Ν=pProductID&Nr=pPublished%3A1&Ntk=All_Shopping&Ntt=elsa+doll&D=elsa+doll&Dr=pPublished%3A1

 

*************************

 

AdwCleaner[R0].txt - [3389 octets] - [10/06/2014 08:11:47]

AdwCleaner[s0].txt - [3348 octets] - [10/06/2014 08:13:15]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3408 octets] ##########

 

 

 


C:\FRST\Quarantine\C\Users\McBride\AppData\Local\xduxouwe.exe.xBAD a variant of Win32/Kryptik.BVKP trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_0b016637.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_107e0907.exe.xBAD a variant of Win32/Kryptik.CDJP trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_155b33a1.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_323a6703.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_42e2cb7c.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_5c1b9619.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_75c1d804.exe.xBAD a variant of Win32/Kryptik.CDJP trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_77e15a5d.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_8712aa06.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_9108dc9a.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_9a05423e.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_a5a622c5.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_a8ba374b.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_afe41422.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_b438161b.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_bd5a3892.exe.xBAD a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_d6efe619.exe.xBAD a variant of Win32/Kryptik.CDJP trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Apxoazot\viteq.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Eqhiqui\ahepyq.exe a variant of Win32/Kryptik.CDJP trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Gelyizoh\muetfym.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Horeep\yzubo.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Howomoos\ocgukai.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Ivytcuib\goipe.exe a variant of Win32/Kryptik.CDJP trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Iwgisi\ybygfe.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Mexemye\exdaoni.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Nogoew\yhzea.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Nuylub\pymogei.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Ocbopae\ybukd.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Orymom\wyqou.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Pyripux\yclyav.exe a variant of Win32/Kryptik.CDJP trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Qapuqa\ficiur.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Tyiscuha\tocois.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Ubulycoc\deagudy.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\FRST\Quarantine\C\Users\McBride\AppData\Roaming\Viduapta\eliflu.exe a variant of Win32/Kryptik.CDKE trojan cleaned by deleting - quarantined

C:\Users\McBride\AppData\Local\Temp\nps957C.tmp PDF/Exploit.Pidief.PBK.Gen trojan cleaned by deleting - quarantined

Operating memory multiple threats

 

 


Link to post
Share on other sites

Logs are good, no need to re-run ESET, run one more Quick scan with Malwarebytes:

 

Run Malwarebytes,  Open: Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

 

Please Update and run a Quick scan

 

Make sure that everything is checked, and click Remove Selected on any found items. let me see that log.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

 

Post the two produced logs, let me know if there are any remaining issues or concerns...

 

Thanks,

 

Kevin

Link to post
Share on other sites

hello,

 

my computer is running slow again.

 

I had to run malwarebytes two times, the first time my computer just shut down. I have attached the log for the second attempt.

 

also, I ran security check twice, and there is not a log to be found. after downloading, i restarted my system to run the security. The black box has the following message. 

 

"Performing system health check"

the system cannot find the file specified

the system cannot find the file specified

 

prior to this, I believe security check scanned my computer, but I am not sure since I cannot find a log, and it appears to be hung up on the above mentioned screen.

 

also, I keep getting a message upon startup, that windows has detected a virus, which I have been ignoring.

I also get a message the microsoft visual has stopped working.

I also get a message every now and then that windows explorer has stopped working.

 

there were also, other messages popping up to instal software, which I think is a virus, however since I ran malwarebytes a=the second time, this message has not popped up. I did a print screen of these messages, but for some reason, they are not on the clipboard.

 

again, thanks for all of your help.Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.06.13.05
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
McBride :: MCBRIDE-PC [administrator]
 
6/13/2014 9:20:13 AM
MBAM-log-2014-06-13 (11-16-03).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 301999
Time elapsed: 1 hour(s), 15 minute(s), 41 second(s)
 
Memory Processes Detected: 1
C:\Users\McBride\AppData\Roaming\Gyhaxyp\epcib.exe (Spyware.Zbot.ED) -> 3468 -> No action taken.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Cepoyfutfabes (Spyware.Zbot.ED) -> Data: C:\Users\McBride\AppData\Roaming\Gyhaxyp\epcib.exe -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\McBride\AppData\Roaming\Gyhaxyp\epcib.exe (Spyware.Zbot.ED) -> No action taken.
C:\Users\McBride\AppData\Local\Temp\UpdateFlashPlayer_42854cb8.exe (Spyware.Zbot.ED) -> No action taken.
 
(end)
Link to post
Share on other sites

Read the following link before we continue and run Combofix:

 

ComboFix usage, Questions, Help? - Look here

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

http://www.infospyware.net/antimalware/combofix/

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites

ok, so after running combofix my computer is running well. I have attached the log. Again thank you for your help!

 

 

ComboFix 14-06-16.01 - McBride 06/16/2014  15:21:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2813.1622 [GMT -4:00]
Running from: c:\users\McBride\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\McBride\AppData\Local\kfbsuseh.exe
c:\users\McBride\AppData\Roaming\inst.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-16 to 2014-06-16  )))))))))))))))))))))))))))))))
.
.
2014-06-16 19:37 . 2014-06-16 19:44 -------- d-----w- c:\users\McBride\AppData\Local\temp
2014-06-16 19:37 . 2014-06-16 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-13 11:38 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D639378B-6142-45F0-BDD8-AB4C0C37C9C0}\mpengine.dll
2014-06-11 11:43 . 2014-06-11 11:43 -------- d-----w- c:\program files\ESET
2014-06-10 12:41 . 2014-06-10 12:41 -------- d-----w- c:\windows\ERUNT
2014-06-10 12:12 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-10 12:11 . 2014-06-10 12:13 -------- d-----w- C:\AdwCleaner
2014-06-09 18:20 . 2014-06-10 00:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-06-09 18:18 . 2014-06-09 23:50 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-09 17:59 . 2014-06-13 15:19 -------- d-----w- c:\users\McBride\AppData\Roaming\Gyhaxyp
2014-06-09 05:36 . 2014-06-16 18:11 -------- d-----w- c:\users\McBride\AppData\Local\CrashDumps
2014-06-09 05:05 . 2014-06-09 17:57 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-09 05:05 . 2014-06-09 05:05 -------- d-----w- c:\programdata\RogueKiller
2014-06-09 01:48 . 2014-06-09 20:55 -------- d-----w- c:\users\McBride\AppData\Roaming\Siowisg
2014-06-09 00:24 . 2014-06-09 20:55 -------- d-----w- c:\users\McBride\AppData\Roaming\Oxduwy
2014-06-08 23:41 . 2014-06-09 21:01 -------- d-----w- c:\users\McBride\AppData\Roaming\Ydmyuv
2014-06-08 23:41 . 2014-06-09 04:54 -------- d-----w- c:\users\McBride\AppData\Roaming\Ivytcuib
2014-06-08 22:22 . 2014-06-09 20:55 -------- d-----w- c:\users\McBride\AppData\Roaming\Daeqnibi
2014-06-08 21:44 . 2014-06-09 20:55 -------- d-----w- c:\users\McBride\AppData\Roaming\Ziisriot
2014-06-08 17:41 . 2014-06-09 20:55 -------- d-----w- c:\users\McBride\AppData\Roaming\Deidudix
2014-06-08 17:20 . 2014-06-08 23:41 -------- d-----w- C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-03 04:10 . 2010-08-05 21:02 47360 ----a-w- c:\users\McBride\AppData\Roaming\pcouffin.sys
2014-03-31 13:35 . 2009-10-05 01:14 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\McBride\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\McBride\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\McBride\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-16 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-22 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-04-17 2513472]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-13 299008]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2009-04-09 570736]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-13 1833504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
c:\users\McBride\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\McBride\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-17 1153824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871051671-912311258-1205727755-1000Core.job
- c:\users\McBride\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 17:59]
.
2014-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3871051671-912311258-1205727755-1000UA.job
- c:\users\McBride\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 17:59]
.
2010-01-06 c:\windows\Tasks\WebReg HP Photosmart C6300 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2008-10-16 23:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
FF - ProfilePath - c:\users\McBride\AppData\Roaming\Mozilla\Firefox\Profiles\yg0n17j0.default\
FF - prefs.js: browser.startup.homepage - Google.com
FF - ExtSQL: !HIDDEN! 2009-10-07 08:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-10-09 15:56; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Cepoyfutfabes - c:\users\McBride\AppData\Roaming\Gyhaxyp\epcib.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-ctrlcenter_stk_sop_stk - c:\program files\ctrlcenter_stk_sop\stk\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-16 15:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-06-16  15:48:08
ComboFix-quarantined-files.txt  2014-06-16 19:47
.
Pre-Run: 11,529,613,312 bytes free
Post-Run: 13,852,319,744 bytes free
.
- - End Of File - - B257988EB1B848C411948B431C99A4FD
5B5E648D12FCADC244C1EC30318E1EB9
Link to post
Share on other sites

Thanks for the log, continue as follows:

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::Folder::c:\users\McBride\AppData\Roaming\Gyhaxypc:\users\McBride\AppData\Roaming\Siowisgc:\users\McBride\AppData\Roaming\Oxduwyc:\users\McBride\AppData\Roaming\Ydmyuvc:\users\McBride\AppData\Roaming\Ivytcuibc:\users\McBride\AppData\Roaming\Daeqnibic:\users\McBride\AppData\Roaming\Ziisriotc:\users\McBride\AppData\Roaming\Deidudix

 

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is ticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those two logs in your next reply, also give an update on any remaining issues or concerns...

 

Kevin....

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.