Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot+Antivirus stalling on Zlob.ZipCodec file


  • This topic is locked This topic is locked
5 replies to this topic

#1 frkalenga

frkalenga

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 09 March 2016 - 05:50 PM

Hello,  here is a bit of background.

 

The machine: I use a laptop Dell Latitude E6510 that was recently upgraded from Windows 8.1 to Windows 10.  For online secutiry, I have been using Spybot - Search & Destroy + AV 2.5. 

 

The symptoms: Lately, this machine has been slowing down quite a bit.  I was able to run a full scan about 25 days ago.  However, I found that the DVD has been disabled for no reason at all.  Everytime I re-enabled it, it would run fine until I shut down the laptop.  When I start it again, the DVD would be disabled. Also, the launch of IE 11 browser would take longer.  It would not let me download pdf documents for strange reasons.  but when I use Safari, I can download PDF docs.

 

What I've tried so far: So I decided to run a full scan. Using Spybot, the full scan would start fine and then it would get stuck on the scanning of this file: Zlob.ZipCodec.  In Spybot start Center, I'm unable to access settings in Advanced Tools.  Even to run the update of the Spybot antivirus logs, its takes a very long time.

 

Thinking that I could solve my problem quickly, I ran the Eset online scan but I failed to keep the logs from that scan.  I recall that there were 8 files that were corrupted.  6 were fixed completely and removed and 2 files were quarantined.  Yet, when I tried to run Spybot (even in Safemode), it still gets stuck on that same file.  Stumped, I returned to my searches on the topic of Zlob.ZipCodec on bleepingcomputer.com, I downloaded FRST and ran it.  I've attached the logs below.  I'm at a loss on what to do next.  I don't know what else to try at this point.

 

I need help figuring out how to solve this issue.

 

Thanks for your help.Attached File  Addition.txt   84.84KB   7 downloadsAttached File  FRST.txt   59.11KB   8 downloads

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 AM

Posted 10 March 2016 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
GroupPolicyUsers\S-1-5-21-1002470303-1567213914-2834339063-1005\User: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1002470303-1567213914-2834339063-1002] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [S-1-5-21-1002470303-1567213914-2834339063-1002] => http=127.0.0.1:8877;https=127.0.0.1:8877
URLSearchHook: HKU\S-1-5-21-1002470303-1567213914-2834339063-1005 - (No Name) - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} -  No File
SearchScopes: HKLM -> DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b212dbd1f-a9e4-4d8a-bc0e-dc2aca803cfc%7d&q={searchTerms}
SearchScopes: HKLM -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b212dbd1f-a9e4-4d8a-bc0e-dc2aca803cfc%7d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002 -> {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7b212dbd1f-a9e4-4d8a-bc0e-dc2aca803cfc%7d&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={A39A6B72-E72E-4511-8ED1-6D0327775E21}&mid=306be194651347d6aa658d6f4ccfc09b-c6ef9bc38617e4b0a41603150ba2fcca98d05354&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-07-22 17:35:13&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll => No File
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1002470303-1567213914-2834339063-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.8\\npsitesafety.dll [No File]
R2 vToolbarUpdater40.2.4; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-16] (AVG Secure Search)
R2 vToolbarUpdater40.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [1949768 2016-02-22] (AVG Secure Search)
S3 eapihdrv; C:\Users\FRKALE~1.FRK\AppData\Local\Temp\ehdrv.sys [135760 2016-03-08] (ESET)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe => No File
CustomCLSID: HKU\S-1-5-21-1002470303-1567213914-2834339063-1002_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll => No File
Task: {1ADE048F-F63C-4E05-9EF4-415D48F4A224} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {62DB735B-16F1-430D-B5F9-B80B8DEF8217} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {80CF3912-D977-4C3D-AC98-C2E906FAFE2E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8CA55121-10E9-4BBB-9A09-C7E9D65D42ED} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {91AFFF50-5EE0-4AEA-AEE7-49E665BCE58D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {95C0603C-8EFE-4E1A-8331-A5AFA5D3A439} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {996CEFC1-86D3-4C2D-A341-B031D93B54F7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AD00EC36-A6A1-4A2D-9E03-40A186207E06} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AF8DBD68-B2B8-4886-BB20-94B1722DEA92} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D426BD8C-81DC-46B1-9F7A-82572892EC02} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D65BA239-D70D-4CD2-8B13-C920421736BF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D7A93E39-F720-4212-8ACF-5F5C007CC95D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please let me know if the problem persists.

#3 frkalenga

frkalenga
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 10 March 2016 - 10:43 AM

Hi Nasdaq,

 

I followed the directions.  Here is the log from FRST.

 

Additionally, I downloaded the AdwCleaner program.  I ran it and cleaned all the files I did not want to keep.  I've attached the log of the deleted files.

 

The computer is running much better.  I wait to hear from you on the next steps.

 

Attached File  Fixlog.txt   40.59KB   2 downloadsAttached File  AdwCleanerC1.txt   4.9KB   2 downloads



#4 frkalenga

frkalenga
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 10 March 2016 - 12:42 PM

Hi Nasdaq,

 

I just finished running a full scan with Spybot.  It completed the entire scan without a problem.  I think my problem is solved.  The Laptop is running without a problem.  It's no longer sluggishness.

 

Thanks for your help.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 AM

Posted 10 March 2016 - 01:59 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:22 AM

Posted 16 March 2016 - 09:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users