Jump to content

Help with "Successfully blocked acess to a potentially malicious website"


Recommended Posts

  • Staff

Hello gslight

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

Thanks for the help... The trogen that keeps showing up on my AVG resident Scanner is "Trogen Horse Generic35.BJKQ". Don't know if that helps...

 

Below is the results:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-01-2014 02
Ran by Kathy Light (administrator) on KATHY on 23-01-2014 17:59:35
Running from E:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SingleClick Systems) C:\Program Files\Dell Network Assistant\hnm_svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Gadwin Systems, Inc) C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16132608 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [69632 2007-06-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AVG_TRAY] - C:\Program Files\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-15] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [Carbonite Backup] - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKLM\...\Run: [userFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [Gadwin PrintScreen Pro] - C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [516096 2009-02-28] (Gadwin Systems, Inc)
HKCU\...\Run: [tjjbcfvb] - "C:\Documents and Settings\Kathy Light\Local Settings\Application Data\eaadpwis.exe"
HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Administrator\...\RunOnce: [avg_spchecker] - "C:\Program Files\AVG\AVG9\Notification\SPChecker1.exe" /start
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk
ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {9AF53B8E-999F-4CD1-ACCB-2AD65958F374} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C272534C-74F1-424D-84DC-B545540838DC} https://lle5.ll2go.com/x-res/LapLinkRdp.dll
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.0.cab
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5049352 2013-10-10] (Carbonite, Inc. (www.carbonite.com))
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] ()
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
R2 hnmsvc; C:\Program Files\Dell Network Assistant\hnm_svc.exe [112176 2007-05-25] (SingleClick Systems)
S3 lmab_device; C:\WINDOWS\system32\LMabcoms.exe [491520 2005-06-14] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-22] (Intuit Inc.)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [35824 2006-06-05] (www.winchiphead.com)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2014-01-22] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems)
S3 FilterService; system32\DRIVERS\lvuvcflt.sys [x]
S3 LVRS; system32\DRIVERS\lvrs.sys [x]
S3 LVUSBSta; system32\drivers\LVUSBSta.sys [x]
S3 LVUVC; system32\DRIVERS\lvuvc.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)
S3 Ser2pl; system32\DRIVERS\ser2pl.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-23 17:57 - 2014-01-23 17:57 - 00000000 ____D C:\FRST
2014-01-22 07:51 - 2014-01-22 07:54 - 00000000 ____D C:\AdwCleaner
2014-01-21 19:07 - 2014-01-23 16:28 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-21 11:59 - 2013-09-04 13:57 - 00024040 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2014-01-21 11:59 - 2013-05-23 07:39 - 00043368 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiark.sys
2014-01-21 11:56 - 2014-01-21 16:09 - 00000000 ____D C:\VIPRERESCUE
2014-01-21 10:40 - 2014-01-21 16:36 - 00005070 _____ C:\Documents and Settings\Kathy Light\Desktop\attach.txt
2014-01-21 09:12 - 2014-01-21 08:45 - 00688992 ____R (Swearware) C:\Documents and Settings\Kathy Light\Desktop\dds.com
2014-01-21 07:52 - 2014-01-22 03:17 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-01-20 17:30 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Bobeykec
2014-01-20 17:29 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Igymobys
2014-01-20 17:28 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Zufeyz
2014-01-20 17:28 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Rifazi
2014-01-20 17:27 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Fyziidt
2014-01-20 17:26 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Yhzuekko
2014-01-20 17:26 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Anuneqc
2014-01-20 17:25 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Inonno
2014-01-20 17:25 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Arkeyn
2014-01-20 17:24 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Mebiegym
2014-01-20 17:23 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Ixwaogle
2014-01-20 17:22 - 2014-01-21 07:05 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Aqugqako
2014-01-20 17:22 - 2014-01-21 07:04 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Bywalax
2014-01-20 15:30 - 2014-01-20 15:30 - 00012326 _____ C:\Documents and Settings\Kathy Light\Local Settings\Application Data\orrseknh
2014-01-20 15:29 - 2014-01-20 15:29 - 00067992 _____ C:\Documents and Settings\Kathy Light\Local Settings\Application Data\fjjqabws
2014-01-20 15:28 - 2014-01-20 15:28 - 00000000 _____ C:\Documents and Settings\Kathy Light\Application Data\SharedSettings.ccs
2014-01-15 03:02 - 2014-01-15 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:00 - 2014-01-15 03:02 - 00005158 _____ C:\WINDOWS\KB2914368.log

==================== One Month Modified Files and Folders =======

2014-01-23 17:57 - 2014-01-23 17:57 - 00000000 ____D C:\FRST
2014-01-23 17:46 - 2012-11-15 09:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-23 16:28 - 2014-01-21 19:07 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-23 14:39 - 2004-08-11 17:13 - 01983293 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 14:32 - 2012-02-22 14:30 - 00000000 ____D C:\WINDOWS\system32\Drivers\AVG
2014-01-23 14:09 - 2004-08-11 17:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-23 14:05 - 2004-08-11 17:09 - 00000157 _____ C:\WINDOWS\wiadebug.log
2014-01-23 14:05 - 2004-08-11 17:09 - 00000049 _____ C:\WINDOWS\wiaservc.log
2014-01-23 14:03 - 2004-08-11 17:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-22 16:04 - 2012-01-22 03:37 - 00410630 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-01-22 16:04 - 2004-08-11 17:20 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-22 16:03 - 2007-12-11 10:53 - 00000178 ___SH C:\Documents and Settings\Kathy Light\ntuser.ini
2014-01-22 16:03 - 2007-12-11 10:53 - 00000000 ____D C:\Documents and Settings\Kathy Light
2014-01-22 07:54 - 2014-01-22 07:51 - 00000000 ____D C:\AdwCleaner
2014-01-22 03:17 - 2014-01-21 07:52 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2014-01-21 19:17 - 2004-08-11 17:11 - 00000000 ____D C:\WINDOWS\Registration
2014-01-21 16:36 - 2014-01-21 10:40 - 00005070 _____ C:\Documents and Settings\Kathy Light\Desktop\attach.txt
2014-01-21 16:09 - 2014-01-21 11:56 - 00000000 ____D C:\VIPRERESCUE
2014-01-21 11:53 - 2010-12-01 09:02 - 00178319 _____ C:\WINDOWS\setupapi.log
2014-01-21 09:34 - 2009-12-18 09:44 - 00000000 ____D C:\Quickbooks Backup
2014-01-21 08:45 - 2014-01-21 09:12 - 00688992 ____R (Swearware) C:\Documents and Settings\Kathy Light\Desktop\dds.com
2014-01-21 07:09 - 2012-02-22 14:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2012
2014-01-21 07:06 - 2012-01-22 14:14 - 01406004 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3652195740-2678126656-2378105903-1005-0.dat
2014-01-21 07:05 - 2014-01-20 17:30 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Bobeykec
2014-01-21 07:05 - 2014-01-20 17:29 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Igymobys
2014-01-21 07:05 - 2014-01-20 17:28 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Zufeyz
2014-01-21 07:05 - 2014-01-20 17:28 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Rifazi
2014-01-21 07:05 - 2014-01-20 17:27 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Fyziidt
2014-01-21 07:05 - 2014-01-20 17:26 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Yhzuekko
2014-01-21 07:05 - 2014-01-20 17:26 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Anuneqc
2014-01-21 07:05 - 2014-01-20 17:25 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Inonno
2014-01-21 07:05 - 2014-01-20 17:25 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Arkeyn
2014-01-21 07:05 - 2014-01-20 17:24 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Mebiegym
2014-01-21 07:05 - 2014-01-20 17:23 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Ixwaogle
2014-01-21 07:05 - 2014-01-20 17:22 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Aqugqako
2014-01-21 07:04 - 2014-01-20 17:22 - 00000000 ____D C:\Documents and Settings\Kathy Light\Application Data\Bywalax
2014-01-20 15:30 - 2014-01-20 15:30 - 00012326 _____ C:\Documents and Settings\Kathy Light\Local Settings\Application Data\orrseknh
2014-01-20 15:29 - 2014-01-20 15:29 - 00067992 _____ C:\Documents and Settings\Kathy Light\Local Settings\Application Data\fjjqabws
2014-01-20 15:29 - 2012-09-07 19:42 - 00000823 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-20 15:29 - 2011-03-04 08:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-20 15:29 - 2008-12-18 15:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-20 15:28 - 2014-01-20 15:28 - 00000000 _____ C:\Documents and Settings\Kathy Light\Application Data\SharedSettings.ccs
2014-01-20 04:02 - 2013-02-08 17:01 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-16 13:08 - 2011-01-21 07:40 - 00000000 ____D C:\Program Files\QXpress
2014-01-15 09:16 - 2007-12-17 12:19 - 00002429 _____ C:\Documents and Settings\Kathy Light\Desktop\WordPerfect.lnk
2014-01-15 03:07 - 2013-08-15 02:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 03:02 - 2014-01-15 03:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:02 - 2014-01-15 03:00 - 00005158 _____ C:\WINDOWS\KB2914368.log
2014-01-15 03:02 - 2007-12-11 13:46 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 03:02 - 2004-08-11 17:07 - 02250965 _____ C:\WINDOWS\FaxSetup.log
2014-01-15 03:02 - 2004-08-11 17:07 - 01071182 _____ C:\WINDOWS\ocgen.log
2014-01-15 03:02 - 2004-08-11 17:07 - 01025683 _____ C:\WINDOWS\tsoc.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00727326 _____ C:\WINDOWS\comsetup.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00691106 _____ C:\WINDOWS\msmqinst.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00455751 _____ C:\WINDOWS\iis6.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00440494 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00392848 _____ C:\WINDOWS\netfxocm.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00154866 _____ C:\WINDOWS\MedCtrOC.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00120390 _____ C:\WINDOWS\ocmsn.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00112710 _____ C:\WINDOWS\tabletoc.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00112346 _____ C:\WINDOWS\msgsocm.log
2014-01-15 03:02 - 2004-08-11 17:07 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-13 09:14 - 2009-12-18 09:41 - 00000000 ____D C:\Qxpress Backup
2014-01-10 12:52 - 2009-12-21 15:56 - 00085199 _____ C:\WINDOWS\system32\ErrorTD2.log
2014-01-09 13:31 - 2010-01-19 07:22 - 00001689 _____ C:\WINDOWS\system32\LexFiles.usr
2013-12-24 11:15 - 2009-03-10 14:39 - 00002419 _____ C:\Documents and Settings\Kathy Light\Desktop\Microsoft Publisher.lnk

Some content of TEMP:
====================
C:\Documents and Settings\Kathy Light\Local Settings\Temp\tmp31D.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-01-2014 02
Ran by Kathy Light at 2014-01-23 18:05:04
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Business Edition 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

ACT! (Version:  - )
Adobe Acrobat 5.0 (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (Version: 8.3.1 - Adobe Systems Incorporated)
Alocet PDF Writer (Version:  - )
AVG 2012 (Version: 12.0.3681 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
AVG 2012 (Version: 2012.1.2247 - AVG Technologies)
Browser Address Error Redirector (Version: 1.00.0000 - Dell)
Carbonite (Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)
Dell Driver Download Manager (HKCU Version: 2.0.0.0 - Dell Inc.)
Dell Driver Reset Tool (Version: 1.02.0000 - Dell Inc.)
Dell Network Assistant (Version: 3.0.0.0 - Dell Inc.)
Dell Support Center (Support Software) (Version: 2.2.08298 - Dell)
DellSupport (Version: 6.0.3075 - Dell)
DesignPro 5.4 Limited Edition (Version: 5.2.1201 - Avery Dennison)
DesignPro 5.4 Limited Edition (Version: 5.2.1201 - Avery Dennison) Hidden
Epson Connect (Version:  - )
Epson Connect Printer Setup (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson Customer Participation (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (Version: 1.0.1 - SEIKO EPSON CORPORATION)
EPSON WP-4020 Series Printer Uninstall (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (Version: 2.4j - SEIKO EPSON CORPORATION)
Free Internet Window Washer (Version:  - )
Gadwin PrintScreen Professional (Version: 4.5 - Gadwin Systems, Inc.)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000 - Microsoft Corporation)
HP Install Network Printer Wizard (Version: 7.1.04 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (Version:  - )
Intel® PRO Network Connections 12.1.8.0 (Version:  - Intel)
J2SE Runtime Environment 5.0 Update 6 (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Java 6 Update 3 (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java 6 Update 5 (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java 6 Update 7 (Version: 1.6.0.70 - Sun Microsystems, Inc.)
join.me (HKCU Version: 1.12.3.173 - LogMeIn, Inc.)
Lexmark Software Uninstall (Version:  - Lexmark International, Inc.)
Logitech Updater (Version: 1.70 - Logitech, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0 - Microsoft Corporation)
PowerDVD (Version: 7.0 - Dell)
QualxServ Service Agreement (Version: 1.11.0000 - Dell Inc.)
QuickBooks (Version: 23.0.4011.2305 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions 13.0 (Version: 23.0.4009.2305 - Intuit Inc.)
QXpress Scheduling Software for QuickBooks (Version: 10.01.13 - Marathon Data Systems)
QXpress Scheduling Software for QuickBooks (Version: 10.01.13 - Marathon Data Systems) Hidden
QXpress Version 10.0 (Version:  - )
Realtek High Definition Audio Driver (Version:  - )
Registry Repair 1.51 (Version:  - GlarySoft.com)
Roxio Creator Audio (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (Version: 3.3.0 - Roxio)
Roxio Creator Copy (Version: 3.3.0 - Roxio)
Roxio Creator Data (Version: 3.3.0 - Roxio)
Roxio Creator DE (Version: 3.3.0 - Roxio)
Roxio Creator Tools (Version: 3.3.0 - Roxio)
Roxio Drag-to-Disc (Version: 9.0 - Roxio)
Roxio Express Labeler (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (Version: 3.0.0 - Roxio)
SearchAssist (Version:  - )
SHARP AR-M230/M270 Series PCL/PS Printer Driver (Version:  - )
SHARP PCL6 T1 Printer Driver (Version: 1.00.000 - SHARP)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (Version:  - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (Version:  - )
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Office 12 (Version: 12.0.1 - Corel Corporation)

==================== Restore Points  =========================

26-10-2013 23:10:44 System Checkpoint
28-10-2013 00:10:46 System Checkpoint
29-10-2013 01:10:45 System Checkpoint
30-10-2013 02:10:45 System Checkpoint
31-10-2013 02:11:09 System Checkpoint
01-11-2013 03:11:07 System Checkpoint
04-11-2013 21:05:03 System Checkpoint
05-11-2013 23:18:51 System Checkpoint
06-11-2013 23:22:43 System Checkpoint
11-11-2013 13:45:46 System Checkpoint
12-11-2013 14:23:36 System Checkpoint
13-11-2013 09:00:26 Software Distribution Service 3.0
14-11-2013 09:30:41 System Checkpoint
15-11-2013 10:30:37 System Checkpoint
16-11-2013 11:30:37 System Checkpoint
17-11-2013 12:30:37 System Checkpoint
18-11-2013 13:32:33 System Checkpoint
19-11-2013 14:01:02 System Checkpoint
20-11-2013 18:22:03 System Checkpoint
21-11-2013 18:34:07 System Checkpoint
22-11-2013 20:24:08 System Checkpoint
23-11-2013 21:01:02 System Checkpoint
24-11-2013 22:01:00 System Checkpoint
25-11-2013 15:09:17 Configured QXpress Scheduling Software for QuickBooks
26-11-2013 18:22:50 System Checkpoint
27-11-2013 18:25:54 System Checkpoint
27-11-2013 20:23:03 Printer Driver CUSTPDF Writer Installed
28-11-2013 20:31:34 System Checkpoint
29-11-2013 21:31:33 System Checkpoint
30-11-2013 22:31:32 System Checkpoint
01-12-2013 23:31:32 System Checkpoint
03-12-2013 00:31:36 System Checkpoint
04-12-2013 00:32:43 System Checkpoint
05-12-2013 00:32:58 System Checkpoint
06-12-2013 01:33:00 System Checkpoint
07-12-2013 02:15:17 System Checkpoint
08-12-2013 03:15:21 System Checkpoint
09-12-2013 04:15:19 System Checkpoint
10-12-2013 05:15:16 System Checkpoint
11-12-2013 06:15:17 System Checkpoint
11-12-2013 09:00:16 Software Distribution Service 3.0
12-12-2013 09:31:15 System Checkpoint
13-12-2013 09:00:17 Software Distribution Service 3.0
14-12-2013 09:31:17 System Checkpoint
15-12-2013 10:31:15 System Checkpoint
16-12-2013 11:31:15 System Checkpoint
17-12-2013 12:31:17 System Checkpoint
18-12-2013 12:35:52 System Checkpoint
19-12-2013 12:36:23 System Checkpoint
20-12-2013 13:36:23 System Checkpoint
21-12-2013 14:36:22 System Checkpoint
22-12-2013 15:36:23 System Checkpoint
23-12-2013 15:50:09 System Checkpoint
24-12-2013 16:13:36 System Checkpoint
25-12-2013 17:13:33 System Checkpoint
26-12-2013 17:14:42 System Checkpoint
27-12-2013 18:13:35 System Checkpoint
28-12-2013 19:13:37 System Checkpoint
29-12-2013 20:13:37 System Checkpoint
30-12-2013 21:47:34 System Checkpoint
02-01-2014 16:29:37 System Checkpoint
03-01-2014 16:51:17 System Checkpoint
04-01-2014 17:51:17 System Checkpoint
05-01-2014 18:51:14 System Checkpoint
06-01-2014 19:51:13 System Checkpoint
07-01-2014 20:51:13 System Checkpoint
08-01-2014 22:24:07 System Checkpoint
09-01-2014 22:51:43 System Checkpoint
10-01-2014 23:51:46 System Checkpoint
12-01-2014 00:51:45 System Checkpoint
13-01-2014 14:39:39 System Checkpoint
14-01-2014 16:14:14 System Checkpoint
15-01-2014 09:00:20 Software Distribution Service 3.0
16-01-2014 09:28:16 System Checkpoint
17-01-2014 09:28:37 System Checkpoint
18-01-2014 10:28:37 System Checkpoint
19-01-2014 11:28:36 System Checkpoint
20-01-2014 12:28:40 System Checkpoint
21-01-2014 12:41:36 System Checkpoint
22-01-2014 13:12:20 System Checkpoint
23-01-2014 20:39:41 System Checkpoint

==================== Hosts content: ==========================

2004-08-11 17:00 - 2011-03-04 07:36 - 00430616 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2007-11-26 17:21 - 2006-08-18 13:17 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL
2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2013-11-15 17:45 - 2013-11-15 17:45 - 00269128 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\boost_regex-vc90-mt-p-1_33.dll
2013-11-15 17:45 - 2013-11-15 17:45 - 00021832 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBCompressor.dll
2012-12-22 22:53 - 2012-12-22 22:53 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\zlib1.dll
2013-11-15 17:45 - 2013-11-15 17:45 - 00141640 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBMAPILibrary.dll
2013-11-15 17:45 - 2013-11-15 17:45 - 00176968 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\boost_serialization-vc90-mt-p-1_33.dll
2013-11-15 17:45 - 2013-11-15 17:45 - 00415560 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\FtuEngine.dll
2013-11-15 17:45 - 2013-11-15 17:45 - 00529224 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\BackupLib.dll
2013-11-15 15:45 - 2013-11-15 15:45 - 00128840 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\QBProActiveCore.dll
2013-11-15 17:45 - 2013-11-15 17:45 - 00570696 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\FeaturesBridge.dll
2013-11-15 17:45 - 2013-11-15 17:45 - 00042824 _____ () C:\Program Files\Intuit\QuickBooks Enterprise Solutions 13.0\mbpopup.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2014 03:45:07 PM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x025dad9b.
Processing media-specific event for [spoolsv.exe!ws!]

Error: (01/23/2014 02:55:59 PM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x02612d2e.
Processing media-specific event for [spoolsv.exe!ws!]

Error: (01/23/2014 02:11:18 PM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x02662d2e.
Error in creating result PEAP-TLV in response to received PEAP-TLV (spoolsv.exe!ld!)

Error: (01/22/2014 08:32:20 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions 13.0":
Got unexpected error 5 in call to NetShareGetInfo for path \\Office\documents\Quickbooks\Berry's\Berry's Garden Center.QBW

Error: (01/22/2014 08:31:10 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions 13.0":
Got unexpected error 5 in call to NetShareGetInfo for path \\Office\documents\Quickbooks\Berry's\Berry's Garden Center.QBW

Error: (01/22/2014 08:17:30 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Got unexpected error 5 in call to NetShareGetInfo for path \\Office\documents\Quickbooks\Berry's\Berry's Garden Center.QBW

Error: (01/22/2014 07:56:31 AM) (Source: Application Hang) (User: )
Description: Hanging application AdwCleaner.exe, version 3.0.1.7, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/22/2014 00:10:32 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005].

Error: (01/22/2014 00:07:44 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80080005.

Error: (01/21/2014 08:57:49 PM) (Source: Application Error) (User: )
Description: Faulting application spoolsv.exe, version 5.1.2600.6024, faulting module unknown, version 0.0.0.0, fault address 0x02662d2e.
Processing media-specific event for [spoolsv.exe!ws!]


System errors:
=============
Error: (01/23/2014 05:56:05 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/23/2014 05:32:46 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/23/2014 05:24:04 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/23/2014 05:14:08 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/23/2014 05:11:40 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/23/2014 04:56:08 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/23/2014 04:55:06 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/23/2014 04:41:14 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).

Error: (01/23/2014 04:31:07 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/23/2014 04:18:25 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (01/23/2014 03:45:07 PM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024unknown0.0.0.0025dad9b

Error: (01/23/2014 02:55:59 PM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024unknown0.0.0.002612d2e

Error: (01/23/2014 02:11:18 PM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024unknown0.0.0.002662d2e

Error: (01/22/2014 08:32:20 AM) (Source: QuickBooks)(User: )
Description: Intuit QuickBooks Enterprise Solutions 13.0Got unexpected error 5 in call to NetShareGetInfo for path \\Office\documents\Quickbooks\Berry's\Berry's Garden Center.QBW

Error: (01/22/2014 08:31:10 AM) (Source: QuickBooks)(User: )
Description: Intuit QuickBooks Enterprise Solutions 13.0Got unexpected error 5 in call to NetShareGetInfo for path \\Office\documents\Quickbooks\Berry's\Berry's Garden Center.QBW

Error: (01/22/2014 08:17:30 AM) (Source: QuickBooks)(User: )
Description: QuickBooksGot unexpected error 5 in call to NetShareGetInfo for path \\Office\documents\Quickbooks\Berry's\Berry's Garden Center.QBW

Error: (01/22/2014 07:56:31 AM) (Source: Application Hang)(User: )
Description: AdwCleaner.exe3.0.1.7hungapp0.0.0.000000000

Error: (01/22/2014 00:10:32 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80080005

Error: (01/22/2014 00:07:44 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80080005

Error: (01/21/2014 08:57:49 PM) (Source: Application Error)(User: )
Description: spoolsv.exe5.1.2600.6024unknown0.0.0.002662d2e


==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 1013 MB
Available physical RAM: 427.45 MB
Total Pagefile: 2438.8 MB
Available Pagefile: 1503.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.45 GB) (Free:18.98 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: () (Removable) (Total:7.45 GB) (Free:6.74 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello gslight

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

I run the AdwCleaner and here is the file. I could not get the Junkware Removal Tool to run. It just flashed and went away.

 

I am still getting the popup.

 

 

# AdwCleaner v3.017 - Report created 24/01/2014 at 12:09:35
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Kathy Light - KATHY
# Running from : C:\Documents and Settings\Kathy Light\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


*************************

AdwCleaner[R0].txt - [2120 octets] - [22/01/2014 07:52:02]
AdwCleaner[R1].txt - [779 octets] - [24/01/2014 10:49:50]
AdwCleaner[s0].txt - [2255 octets] - [22/01/2014 07:54:50]
AdwCleaner[s1].txt - [701 octets] - [24/01/2014 12:09:35]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [760 octets] ##########
 

Link to post
Share on other sites

  • Staff

Hello gslight

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Sorry,

 I have been out of the office. I ran the ComboFix program and have included the results:

 

ComboFix 14-01-29.01 - Kathy Light 01/29/2014  13:02:33.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1013.242 [GMT -6:00]
Running from: E:\ComboFix.exe
AV: AVG Anti-Virus Business Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Kathy Light\WINDOWS
c:\windows\system32\regobj.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-29  )))))))))))))))))))))))))))))))
.
.
2014-01-29 09:15 . 2014-01-29 09:15    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-01-23 23:57 . 2014-01-23 23:57    --------    d-----w-    C:\FRST
2014-01-22 13:51 . 2014-01-24 18:09    --------    d-----w-    C:\AdwCleaner
2014-01-21 17:59 . 2013-09-04 19:57    24040    ----a-w-    c:\windows\system32\drivers\gfiutil.sys
2014-01-21 17:59 . 2013-05-23 13:39    43368    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2014-01-21 17:56 . 2014-01-21 22:09    --------    d-----w-    C:\VIPRERESCUE
2014-01-20 23:30 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Bobeykec
2014-01-20 23:29 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Igymobys
2014-01-20 23:28 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Zufeyz
2014-01-20 23:28 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Rifazi
2014-01-20 23:27 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Fyziidt
2014-01-20 23:26 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Anuneqc
2014-01-20 23:26 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Yhzuekko
2014-01-20 23:25 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Arkeyn
2014-01-20 23:25 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Inonno
2014-01-20 23:24 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Mebiegym
2014-01-20 23:23 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Ixwaogle
2014-01-20 23:22 . 2014-01-21 13:05    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Aqugqako
2014-01-20 23:22 . 2014-01-21 13:04    --------    d-----w-    c:\documents and settings\Kathy Light\Application Data\Bywalax
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 16:46 . 2012-11-15 15:37    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 16:46 . 2012-01-14 21:56    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 16:46 . 2013-10-09 03:46    8699272    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-11-27 20:21 . 2004-08-11 23:00    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59 . 2004-08-11 23:00    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2004-08-11 23:00    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2011-02-10 16:31    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 21:26    1021448    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 21:26    1021448    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 21:26    1021448    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen Pro"="c:\program files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-11-15 2829624]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-11-15 6282040]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-11-15 1182536]
QuickBooks Web Connector.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe -keephidden [2012-3-28 2938736]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks Enterprise Solutions 13.0\QBW32.EXE -silent [2013-11-15 1185096]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"c:\\Program Files\\QXpress\\QXpress.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\CustRptDesigner.exe"=
"c:\\Program Files\\Intuit\\QuickBooks Enterprise Solutions 13.0\\QBDBMgrN.exe"=
"c:\\Program Files\\EPSON Software\\ECPrinterSetup\\ENPApp.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 302368]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 3:53 AM 193288]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [6/9/2011 12:01 PM 521600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 12:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/4/2011 8:16 AM 22856]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [10/16/2013 12:30 AM 5175856]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [12/17/2007 9:28 AM 35824]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [1/21/2014 11:59 AM 43368]
S3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [1/21/2014 11:59 AM 24040]
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-15 16:46]
.
.
------- Supplementary Scan -------
.

TCP: DhcpNameServer = 192.168.1.254
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll

.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-tjjbcfvb - c:\documents and settings\Kathy Light\Local Settings\Application Data\eaadpwis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-29 13:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-01-29  13:41:05
ComboFix-quarantined-files.txt  2014-01-29 19:41
.
Pre-Run: 23,282,540,544 bytes free
Post-Run: 24,363,683,840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EFC6A1F04D83391A6449516EDB396354
8F558EB6672622401DA993E1E865C861
 

 

Thanks...

Link to post
Share on other sites

  • Staff

Hello gslight

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::Folder::c:\documents and settings\Kathy Light\Application Data\Bobeykecc:\documents and settings\Kathy Light\Application Data\Igymobysc:\documents and settings\Kathy Light\Application Data\Zufeyzc:\documents and settings\Kathy Light\Application Data\Rifazic:\documents and settings\Kathy Light\Application Data\Fyziidtc:\documents and settings\Kathy Light\Application Data\Anuneqcc:\documents and settings\Kathy Light\Application Data\Yhzuekkoc:\documents and settings\Kathy Light\Application Data\Arkeync:\documents and settings\Kathy Light\Application Data\Inonnoc:\documents and settings\Kathy Light\Application Data\Mebiegymc:\documents and settings\Kathy Light\Application Data\Ixwaoglec:\documents and settings\Kathy Light\Application Data\Aqugqakoc:\documents and settings\Kathy Light\Application Data\Bywalax 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.