Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP HAVE A VIRUS:DOS/ROVNIX.W


  • Please log in to reply
20 replies to this topic

#1 kodiak104

kodiak104

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 05 June 2014 - 06:06 PM

I have a virus and have tried all the usual products to remove it and nothing is working.  Used Malwarebytes, superantispyware and roguekiller.  Nothing seems to be working.  I have Microsoft Security Essentials which originally caught it said it was quarantined but computer is running very slow and I cant get into my Quickbooks, which is basically the only thing I use this computer for.

Edit: Moved topic from Windows XP to the more appropriate forum.~ Animal

BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:11:16 PM

Posted 05 June 2014 - 07:21 PM

 If you didn't run Malwarebytes and your antivirus in Safe Mode, I'd recommend doing that since some malware can hide itself in normal mode.  I gather you're running XP?  Since MS discontinued support for it 4/8, security exposures with it are just going to get worse over time.  I hope you've got any data you don't want to lose backed up.  If I were you, I'd make plans to move to Windows 7 or 8 ASAP.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 kodiak104

kodiak104
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 05 June 2014 - 07:58 PM

Yes still running XP.  I ran malwarebytes etc in safe mode and it didn't seem to help. Any other suggestions to get rid of this virus?



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:16 PM

Posted 05 June 2014 - 07:58 PM

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).

 

Now -

Malwarebytes Anti-Malware Free version 1.75.0.1300 has now been upgraded to Version 2.0.2

Please follow Free version removal methods. (link is to Malwarebytes site) if required -

 

* Download Malwarebytes Anti-Malware Free and save it to your desktop
* Double click the desktop icon, click Run, then OK
* Click Next
* Select Language and I accept the agreement then continue to click Next then finally click Install

* Follow any instructions given to install the fresh version.

** Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
* If you are notified the Database is out of date click Update Now
* Click Scan Now >>
----------
** Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
* Click Start (Start, Search, All files and folders for Windows XP) then type mbam
* Double click one of the four following files (if one does not work try the next one, and so on) -

* A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com
----------
** When completed click the down arrow on Export Log and select Text file (*.txt)
* Save the file to your desktop as MBAM
* Click Apply Actions then restart your computer if requested
* Copy and past the contents of MBAM.txt in your reply

 

EDIT for Typo only -


Edited by noknojon, 05 June 2014 - 08:01 PM.


#5 kodiak104

kodiak104
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 05 June 2014 - 08:18 PM

Results of screen317's Security Check version 0.99.83 
   x86  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 McAfee Security Scan Plus  
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 21 
 Java version out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Client Antimalware MsMpEng.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````

 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:16 PM

Posted 05 June 2014 - 08:36 PM

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
Click Go and copy / paste the result (Result.txt).
 

 

Next -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

 

NOTE. rKill.txt log will also be present on your desktop.



#7 kodiak104

kodiak104
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 05 June 2014 - 08:37 PM

an by Rick (administrator) on 05-06-2014 at 21:33:51
Running from "C:\Documents and Settings\Rick\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/05/2014 08:45:23 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23588, fault address 0x0014c493.
Processing media-specific event for [iexplore.exe!ws!]

Error: (06/05/2014 01:08:51 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/05/2014 01:08:51 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/05/2014 01:08:51 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/05/2014 07:13:46 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/05/2014 07:13:46 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/05/2014 07:13:46 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/04/2014 10:40:01 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/04/2014 09:46:12 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (06/04/2014 09:46:12 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

System errors:
=============
Error: (06/05/2014 09:32:33 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (06/05/2014 09:30:09 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (06/05/2014 09:09:52 PM) (Source: DCOM) (User: D76BGF91)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/05/2014 09:09:51 PM) (Source: DCOM) (User: D76BGF91)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/05/2014 08:49:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
MpFilter

Error: (06/05/2014 08:49:14 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/05/2014 08:46:53 PM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 10 time(s).

Error: (06/05/2014 08:46:35 PM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 9 time(s).

Error: (06/05/2014 08:46:23 PM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 8 time(s).

Error: (06/05/2014 08:46:11 PM) (Source: Service Control Manager) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 7 time(s).

Microsoft Office Sessions:
=========================
Error: (06/05/2014 08:45:23 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.235880014c493

Error: (06/05/2014 01:08:51 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (06/05/2014 01:08:51 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (06/05/2014 01:08:51 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (06/05/2014 07:13:46 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (06/05/2014 07:13:46 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (06/05/2014 07:13:46 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (06/04/2014 10:40:01 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry8007043cbeginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (06/04/2014 09:46:12 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (06/04/2014 09:46:12 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.4)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.214)
Adobe Reader 7.0.9 (Version: 7.0.9)
AOL Uninstaller (Choose which Products to Remove)
AOLIcon (Version: 1.00.0000)
Aventail Connect 5.31 (Version: 5.31.183)
CCC ONE (Version: 1.4.9.0907)
CCC ONE Converter (Version: 1.5.20729.0)
CCC ONE Converter Update (Version: 2.0.223)
CCC ONE Data Update (Version: 2.0.223)
CCC ONE Help Files Update (Version: 2.0.223)
CCC ONE Program Update (Version: 2.0.223)
CCC ONE Setup
CCC ONE Timecard Update (Version: 2.0.223)
CCC ONE Update Manager (Version: 2.0.225)
CCC Pathways 4.50.00 (Version: 4.50.00)
CCC Pathways Program (Version: 4.50.00)
Corel Paint Shop Pro X (Version: 10.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell System Restore (Version: 2.00.0000)
Digital Content Portal (Version: 1.00.0000)
ELIcon (Version: 1.00.0000)
Excel Billing Invoicing Software 1.1
Google AFE
HP FWUpdateEDO3 (Version: 1.0.0.0)
HP LaserJet Professional CM1410 Series
HP LJ CM1410 MFP Series HP Scan (Version: 1.0.302.0)
HP Update (Version: 5.003.001.001)
HPLaserJetHelp_LearnCenter (Version: 1.03.0000)
HPLJUT (Version: 1.00.0012)
hppCM1410LaserJetService (Version: 001.008.00477)
hppFaxDrvCM1410 (Version: 003.000.00001)
hppFaxUtilityCM1410 (Version: 000.002.00001)
hppLaserJetService (Version: 002.015.00599)
hppSendFaxCM1410 (Version: 003.000.00001)
hppTLBXFXCM1410 (Version: 001.012.00948)
hpzTLBXFX (Version: 006.015.01163)
I.R.I.S. OCR (Version: 12.3.4.0)
IHA_MessageCenter (Version: 1.8.8)
InstantInvoice 3
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
Invoice2go 4.0 (Version: 4.0)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Labtec WebCam (Version: 10.51.1130)
Labtec® Camera Driver
Logitech Audio Echo Cancellation Component (Version: 10.51.1130)
Logitech Video Enumerator (Version: 10.51.1130)
Mail List
Marketsplash Shortcuts (Version: 1.0.0.9)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Office XP Small Business (Version: 10.0.2627.01)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XML Parser (Version: 8.70.1104.04)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MVision (Version: 10.51.1130)
Nero 8 Essentials (Version: 8.10.380)
neroxml (Version: 1.0.0)
Newsflash (Version: 1.0.0.1)
Nikon View 6
Photo Click (Version: 1.0.0)
PowerDVD 5.5
ProVenture Invoices (Version: 3.0.0.0)
QuickBooks (Version: 22.0.4001.2206)
QuickBooks Pro 2012 (Version: 22.0.4001.2206)
QuickTime
SecurDisc Viewer (Version: 1.2.8)
SupportSoft Assisted Service (Version: 15)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB2934207) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VCRedistSetup (Version: 1.0.0)
Verizon High Speed Internet
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WordPerfect Office 12 (Version: 12.01)

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 1277.88 MB
Available physical RAM: 912.14 MB
Total Pagefile: 1900.93 MB
Available Pagefile: 1655.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.76 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:145.87 GB) (Free:108.8 GB) NTFS

========================= Users: ========================================

User accounts for \\D76BGF91

Administrator            ASPNET                   CCC1UM                  
Guest                    HelpAssistant            Jeff                    
Jen                      Rick                     SUPPORT_388945a0        

**** End of log ****



#8 kodiak104

kodiak104
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 05 June 2014 - 08:48 PM

The rkill log has finished but how do I copy and paste to post?  It won't seem to let me?



#9 kodiak104

kodiak104
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 05 June 2014 - 08:50 PM

Nevermind....duh


Rkill 2.6.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/05/2014 09:40:26 PM in x86 mode. (Safe Mode)
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!
  * HKCU\SOFTWARE\Classes\.bat "@" exists and is set to batfile!
  * HKCU\SOFTWARE\Classes\.bat has been deleted!
  * HKCU\SOFTWARE\Classes\.com "@" exists and is set to ComFile!
  * HKCU\SOFTWARE\Classes\.com has been deleted!

Performing miscellaneous checks:

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\assembly\GAC_MSIL\Intuit.QuickBooks.FCS\1.3.0.0__5b3f47ba29970ccb => C:\WINDOWS\WinSxS\MSIL_Intuit.QuickBooks.FCS_5b3f47ba29970ccb_1.3.0.0_x-ww_d936dcb9 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
     * C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35 => C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 [Dir]

Checking Windows Service Integrity:

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Manual

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic

 * Automatic Updates (wuauserv) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 06/05/2014 09:45:00 PM
Execution time: 0 hours(s), 4 minute(s), and 33 seconds(s)



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:16 PM

Posted 05 June 2014 - 08:52 PM

Now reboot and try anything that was causing you problems -



#11 kodiak104

kodiak104
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 05 June 2014 - 08:57 PM

Should I download the malwarebytes as per your original post?



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:16 PM

Posted 05 June 2014 - 09:02 PM

If you can do it, yes please -



#13 kodiak104

kodiak104
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 06 June 2014 - 10:29 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/6/2014
Scan Time: 8:10:50 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.06.11
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Rick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362807
Time Elapsed: 2 hr, 48 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#14 kodiak104

kodiak104
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 06 June 2014 - 10:30 PM

I was able to get into quickbooks to back it up.  However computer is still very slow?



#15 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:16 PM

Posted 06 June 2014 - 11:15 PM

I was able to get into quickbooks to back it up

Very good. If you need specific help with QuickBooks, go to QuickBooks Support and Help Forum
 

 

We will try and look for any other infections, but QuickBooks is showing a lot of problems still.

Malwarebytes Anti-Malware scan is nice and clean, so we will look for something else -

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Note : Close all programs as your computer will be rebooted.
* Double-click on AdwCleaner.exe to run the tool.
* Vista / Windows 7 / 8 users Right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* If you are happy with what it will remove, then move on.
NOW -
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users