Jump to content


Photo
- - - - -

lyrixeeker (and maybe others) infection


  • This topic is locked This topic is locked
19 replies to this topic

#1 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 27 August 2013 - 07:56 AM

I think my computer is infected with lyrixeeker. We started getting popups and anytime we used a web browser, clicking on various spots on the webpages would send us to undesired locations and open extra windows. I ran Malwarebytes, removed what it found, rescanned, re-removed, etc. Sometimes the scans would come up clean, sometimes not. I tried F-Secure and Kaspersky online scans. When trying to do a Comodo online scan, I wound up downloading the software, so both AVG's and Comodo's free security suites are currently running. I generally use CCleaner to clear out unwanted cookies, temp files, etc.

Various mbam scan logs show: lyrixeeker, cryptvs, uhVspMo+.exe.part, installcore, babylon, and various PUP.Optional.DefaultTab files.

I was able to delete the LyriXeeker add-on in Chrome, but could only disable it (not remove) in Firefox.

Looking through my Program Files directory, I see that there is a LyriXeeker directory that should not be there, but I haven't erased yet in case you need to know what is in it.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 3/17/2011 10:53:54 PM
System Uptime: 8/27/2013 7:46:17 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M4A785-M
Processor: AMD Phenom™ 9850 Quad-Core Processor | AM2 | 1300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 759.746 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP231: 8/11/2013 8:31:26 AM - Scheduled Checkpoint
RP232: 8/15/2013 12:18:30 AM - Windows Update
RP233: 8/16/2013 12:41:31 AM - Windows Update
RP234: 8/17/2013 9:28:50 AM - Device Driver Package Install: Synology Universal Serial Bus controllers
RP235: 8/24/2013 10:26:36 PM - Scheduled Checkpoint
RP236: 8/25/2013 7:04:17 PM - Device Driver Package Install: COMODO Network Service
.
==== Installed Programs ======================
.
2009 Lacerte Tax
2010 Lacerte Tax
2011 Lacerte Tax
2012 Lacerte Tax
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
ATI AVIVO Codecs
AVG 2013
AVG Security Toolbar
Bonjour
Business Contact Manager for Microsoft Outlook 2010
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Comodo Dragon
COMODO Internet Security Premium
Core Temp 1.0 RC3
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
Epson CreativeZone
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Printer Software
EPSON Scan
EPSON WorkForce 520 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
EPU-4 Engine
Free eXPert PDF Reader
GeekBuddy
GFI Backup 2011
GFI Backup 2011 Agent
GIMP 2.6.11
Google Calendar Sync
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript
HydraVision
Inkscape 0.48.1 
Intuit Runtime Components 6.0.16
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 25
Java Auto Updater
Java™ 6 Update 37
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft WSE 3.0 Runtime
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.9.0
Movie Maker
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
My Net View
Nikon Message Center 2
Nikon Movie Editor
Photo Common
Photo Gallery
Picture Control Utility
Platform
PowerChute Personal Edition 3.0.2
Punch! Professional Home Design - Platinum
QuickBooks
QuickBooks Pro 2013
Quicken 2011
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951)
Skype Toolbars
Skype™ 5.10
Sonic Foundry CD Architect XP 4.0e
Sql Server Customer Experience Improvement Program
Synology Assistant (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VIA Platform Device Manager
ViewNX 2
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WD Print Share
WD Quick View
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
8/27/2013 8:36:18 AM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
8/27/2013 8:36:18 AM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
8/27/2013 8:36:17 AM, Error: Microsoft-Windows-PNRPSvc [102]  - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
8/27/2013 7:48:53 AM, Error: Virtual Disk Service [1]  - Unexpected failure. Error code: 15@02000018
8/27/2013 7:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/27/2013 7:47:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000d1 (0x00000004, 0x00000002, 0x00000000, 0x91884936). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082713-40326-01.
8/27/2013 6:55:24 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/27/2013 6:55:24 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
8/26/2013 8:53:17 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
8/26/2013 8:52:39 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
8/26/2013 8:50:08 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer JOSH-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2A78B891-B557-4798-8531-1333D4C98E. The master browser is stopping or an election is being forced.
8/26/2013 10:40:06 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AsIO AsUpIO AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix CFRMD cmdGuard cmdHlp CSC DfsC discache inspect NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant Wanarpv6 WfpLwf
8/26/2013 10:40:06 PM, Error: Service Control Manager [7001]  - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/26/2013 10:40:06 PM, Error: Service Control Manager [7001]  - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/26/2013 10:40:06 PM, Error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/25/2013 9:50:38 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/25/2013 9:49:16 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
8/25/2013 9:20:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/25/2013 9:20:46 PM, Error: Service Control Manager [7000]  - The Volume Shadow Copy service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/25/2013 8:54:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/25/2013 8:53:00 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the GFI Backup Scheduler Service service, but this action failed with the following error:  An instance of the service is already running.
8/25/2013 8:51:48 PM, Error: Service Control Manager [7031]  - The GFI Backup Scheduler Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/25/2013 8:50:22 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by Jeff at 8:36:50 on 2013-08-27
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3327.1121 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\GFI\GFI Backup Administration Console\apache\bin\httpd.exe
C:\PROGRA~1\GFI\GFIBAC~2\GFIBInst.exe
C:\PROGRA~1\GFI\GFIBAC~2\GFIBSC~1.EXE
C:\Program Files\GFI\GFI Backup Administration Console\backupmcs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Synology\Assistant\UsbClientService.exe
C:\Windows\System32\vds.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\PROGRA~1\GFI\GFIBAC~2\DiskImage\Win32\oodiag.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vdsldr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\GFI\GFI Backup Administration Console\apache\bin\httpd.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\Western Digital\WD Print Share\WDPrintShare.exe
C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\GFI\GFI Backup\GFIAgent.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Jeff\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\Jeff\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uProxyOverride = 192.168.*.*;*.local;<local>
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WorkForce 520(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_SB76C.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\hydravision\HydraDM.exe"
uRun: [EPSON420F7F (WorkForce 520)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_S1783.tmp" /EF "HKCU"
uRun: [Akamai NetSession Interface] "c:\users\jeff\appdata\local\akamai\netsession_win.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [WD UDS Control Center] c:\program files\western digital\wd print share\WDPrintShare.exe -mini
mRun: [WD Quick View] c:\program files\western digital\wd quick view\WDDMStatus.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [GFI Backup] "c:\progra~1\gfi\gfibac~2\GFIAgent.exe"
mRun: [gbrspcontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [Display] c:\program files\apc\powerchute personal edition\DataCollectionLauncher.exe
mRun: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cistray.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [WorkForce 520(Network) (redirected 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_S4C56.tmp" /EF "HKCU"
dRun: [WorkForce 520(Network) (redirected 3)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigia.exe /fu "c:\windows\temp\E_S174B.tmp" /EF "HKCU"
dRun: [EPSON Stylus CX4200 Series on WIN7-PC (redirected 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /fu "c:\windows\temp\E_S64AE.tmp" /EF "HKCU"
dRun: [EPSON Stylus CX4200 Series (redirected 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaea.exe /fu "c:\windows\temp\E_S784E.tmp" /EF "HKCU"
StartupFolder: c:\users\jeff\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\powerchute personal edition\Display.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2013\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: blank
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2A78B891-B557-4798-8531-1333D4C98E67} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\intuit\quickbooks 2013\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\zroywdlu.default-1377571290953\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-25 09:43; lyrix@lyrixeeker.co; c:\program files\lyrixeeker\128.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-7-10 39224]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2012-10-2 11448]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 37664]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-7 35064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2013-6-18 20072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2013-6-18 582936]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2013-6-18 43728]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2012-3-5 45184]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-8-15 37944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656]
R3 busenum;Synology Virtual USB Hub;c:\windows\system32\drivers\busenum.sys [2012-8-3 45792]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
.
=============== Created Last 30 ================
.
2013-08-27 12:30:21 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-27 00:51:53 -------- d-----w- c:\windows\pss
2013-08-26 21:50:25 -------- d-----w- c:\program files\common files\COMODO
2013-08-25 23:26:36 -------- d--h--w- C:\VTRoot
2013-08-25 23:26:34 197596 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-08-25 23:05:34 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2013-08-25 23:03:18 -------- d-s---w- c:\programdata\Shared Space
2013-08-25 23:02:39 -------- d-----w- c:\programdata\COMODO
2013-08-25 23:01:54 -------- d-----w- c:\users\jeff\appdata\local\Comodo
2013-08-25 23:01:37 47368 ----a-w- c:\windows\system32\certsentry.dll
2013-08-25 23:01:24 -------- d-----w- c:\program files\Comodo
2013-08-25 23:01:10 -------- d-----w- c:\programdata\Comodo Downloader
2013-08-25 13:43:34 -------- d-----w- c:\program files\LyriXeeker
2013-08-25 13:43:25 -------- d-----w- c:\users\jeff\appdata\roaming\DefaultTab
2013-08-25 13:43:17 -------- d-----w- c:\users\jeff\appdata\local\Babylon
2013-08-25 13:43:13 -------- d-----w- c:\programdata\Babylon
2013-08-25 13:43:00 -------- d-----w- c:\users\jeff\appdata\roaming\DSite
2013-08-25 13:43:00 -------- d-----w- c:\program files\OpenIt
2013-08-17 13:49:32 49152 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
2013-08-17 13:49:32 442368 ----a-w- c:\windows\system32\ZSHP1020.EXE
2013-08-17 13:49:32 28672 ----a-w- c:\windows\system32\ZLM.DLL
2013-08-17 13:49:32 28672 ----a-w- c:\windows\system32\IMF32.DLL
2013-08-17 13:49:32 24576 ----a-w- c:\windows\system32\ZTAG32.DLL
2013-08-17 13:49:32 106496 ----a-w- c:\windows\system32\VSHP1020.DLL
2013-08-17 13:49:32 102400 ----a-w- c:\windows\system32\ZLhp1020.DLL
2013-08-17 13:49:31 86016 ----a-w- c:\windows\system32\ZSPOOL.DLL
2013-08-17 13:33:03 -------- d-----w- C:\88625521814
2013-08-17 13:28:46 -------- d-----w- c:\programdata\Synology
2013-08-17 13:28:04 -------- d-----w- c:\program files\Synology
2013-08-17 02:38:08 -------- d-----w- c:\program files\iPod
2013-08-17 02:38:07 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-17 02:38:07 -------- d-----w- c:\program files\iTunes
2013-08-14 20:10:33 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 20:10:25 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 20:10:25 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 20:10:25 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 20:10:25 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 20:10:19 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 20:10:19 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 20:10:19 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 20:10:18 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 20:10:15 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 20:09:57 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 20:09:54 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-03 23:07:16 -------- d-----w- c:\users\jeff\appdata\local\Intuit
2013-08-03 22:52:52 -------- d-----w- c:\program files\common files\Nuance
2013-08-03 22:52:36 -------- d-----w- c:\programdata\Nuance
2013-08-03 22:52:36 -------- d-----w- c:\program files\Intuit
2013-08-03 22:51:41 -------- d-----w- c:\programdata\SQL Anywhere 11
2013-08-03 22:43:57 -------- d-----w- c:\windows\Intuit
.
==================== Find3M  ====================
.
2013-08-22 05:21:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-22 05:21:13 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-14 23:50:48 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-07-20 05:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 05:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 05:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 05:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 05:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-08 20:59:50 582936 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-06-27 11:48:46 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-27 11:48:45 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-27 11:48:45 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-18 20:16:06 43728 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 20:16:04 20072 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 20:15:50 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 20:15:48 348584 ----a-w- c:\windows\system32\guard32.dll
2013-06-18 20:15:36 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-06-18 20:15:36 278232 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-06-18 12:25:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-06-18 12:25:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-06-05 03:05:09 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53:07 509440 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH:  8:37:50.28 ===============
 
 
 


#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 August 2013 - 09:02 AM

Hello jdc246 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Your situation is very complicated.

Step 1

You have two antivirus programs: AVG and Comodo . Meanwhile, you have two firewalls: Comodo and ZoneAlarm . Both of them should be only one protection software. Uninstall the other one. Then, uninstall the following applications:

AVG Security Toolbar
Skype Toolbars
ZoneAlarm LTD Toolbar


When you are ready, reboot your system.


Step 2

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 27 August 2013 - 10:39 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Professional x86
Ran by Jeff on Tue 08/27/2013 at 22:45:10.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrixeeker
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_dvd-decrypter_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Public\Desktop\open it!.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Jeff\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Jeff\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Jeff\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Jeff\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\lyrixeeker"
Successfully deleted: [Folder] "C:\Program Files\openit"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
Successfully deleted: [Folder] "C:\ProgramData\ask"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
# AdwCleaner v3.001 - Report created 27/08/2013 at 22:59:20
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Jeff - WIN7-PC
# Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\Jeff\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Users\Jeff\AppData\Local\PackageAware
Folder Found C:\Users\Jeff\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Jeff\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found C:\Users\Josh\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Josh\AppData\LocalLow\Conduit
Folder Found C:\Users\Josh\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found C:\Users\Lauren\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Lauren\AppData\LocalLow\Conduit
Folder Found C:\Users\Lauren\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found C:\Users\Lily\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Lily\AppData\LocalLow\AVG Security Toolbar
Folder Found C:\Users\Lily\AppData\LocalLow\Conduit
Folder Found C:\Users\Lily\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\zroywdlu.default-1377571290953\prefs.js ]
 
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\9.0.0.18\",\"mtime\":1323655194123,\"rdfT[...]
 
[ File : C:\Users\Lily\AppData\Roaming\Mozilla\Firefox\Profiles\ntqcnxxb.default\prefs.js ]
 
 
[ File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\bqi5xek0.default\prefs.js ]
 
Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\9.0.0.18");
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\9.0.0.18\",\"mtime\":1323655194123},\"{DA[...]
 
[ File : C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\gskdg1e4.default\prefs.js ]
 
Line Found : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\",\"mt[...]
 
-\\ Google Chrome v29.0.1547.57
 
[ File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

 

# AdwCleaner v3.001 - Report created 27/08/2013 at 23:01:29
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Jeff - WIN7-PC
# Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Jeff\AppData\Local\PackageAware
Folder Deleted : C:\Users\Jeff\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Jeff\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Lily\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Lily\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Lily\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lily\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Josh\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Josh\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Josh\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Lauren\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Lauren\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lauren\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
[!] Folder Deleted : C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Jeff\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\zroywdlu.default-1377571290953\prefs.js ]
 
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\9.0.0.18\",\"mtime\":1323655194123,\"rdfT[...]
 
[ File : C:\Users\Lily\AppData\Roaming\Mozilla\Firefox\Profiles\ntqcnxxb.default\prefs.js ]
 
 
[ File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\bqi5xek0.default\prefs.js ]
 
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\9.0.0.18");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"avg@toolbar\":{\"descriptor\":\"C:\\\\ProgramData\\\\AVG Secure Search\\\\9.0.0.18\",\"mtime\":1323655194123},\"{DA[...]
 
[ File : C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\gskdg1e4.default\prefs.js ]
 
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\":{\"descriptor\":\"C:\\\\Program Files\\\\AVG\\\\AVG2012\\\\Firefox4\",\"mt[...]
 
-\\ Google Chrome v29.0.1547.57
 
[ File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Lily\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Lauren\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4337 octets] - [27/08/2013 22:59:20]
AdwCleaner[S0].txt - [4346 octets] - [27/08/2013 23:01:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4406 octets] ##########
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.28.01
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Jeff :: WIN7-PC [administrator]
 
8/27/2013 11:11:41 PM
mbam-log-2013-08-27 (23-11-41).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 306955
Time elapsed: 22 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 


#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 28 August 2013 - 09:08 AM

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 28 August 2013 - 09:40 PM

How did the logs look that I posted yesterday?

 

I ran a full scan with Malwarebytes and it detected 3 files:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.28.03
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Jeff :: WIN7-PC [administrator]
 
8/28/2013 7:40:10 AM
mbam-log-2013-08-28 (07-40-10).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 543110
Time elapsed: 3 hour(s), 30 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\System Volume Information\_restore{68DB79FD-D802-494C-B6BC-89CD3B9426D3}\RP7\A0001531.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{68DB79FD-D802-494C-B6BC-89CD3B9426D3}\RP7\A0002821.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows.old\Windows\$NtServicePackUninstall$\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
 
(end)


#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 29 August 2013 - 07:57 AM

They cleaned up a lot of remnants.

Please follow the instructions here:
http://windows.micro...dows-old-folder

Reboot and let me know.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 30 August 2013 - 07:42 AM

I ran disk cleanup, cleaned system files, and rebooted. What next? Another full Malwarebytes scan? Something else?



#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 30 August 2013 - 09:15 AM

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 31 August 2013 - 08:07 AM

Maniac,

 

Here is the Eset scan results:

 

C:\Users\All Users\COMODO\Cis\Quarantine\data\{27DFA80C-FF3D-45F6-93ED-730915638AE3}    a variant of Win32/Toolbar.DefaultTab.B application    
C:\Users\All Users\COMODO\Cis\Quarantine\data\{AFC50C70-50D5-4BDC-9AE7-B1E6DFB8E08B}    a variant of Win32/Adware.AddLyrics.N application    
C:\ProgramData\COMODO\Cis\Quarantine\data\{27DFA80C-FF3D-45F6-93ED-730915638AE3}    a variant of Win32/Toolbar.DefaultTab.B application    cleaned by deleting - quarantined
C:\ProgramData\COMODO\Cis\Quarantine\data\{AFC50C70-50D5-4BDC-9AE7-B1E6DFB8E08B}    a variant of Win32/Adware.AddLyrics.N application    cleaned by deleting - quarantined
C:\Users\Jeff\Documents\Lisa\couponprinter.exe    probably a variant of Win32/Adware.Softomate.AD application    cleaned by deleting - quarantined
C:\Users\Jeff\Downloads\cbsidlm-tr1_7-eXPert_PDF_Reader-ORG2-10354226.exe    Win32/DownloadAdmin.D application    cleaned by deleting - quarantined
C:\Users\Jeff\Downloads\cnet_Inkscape-0_48_1-2_exe.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
C:\Users\Jeff\Downloads\coretemp_1236.exe    a variant of Win32/InstallIQ.A application    cleaned by deleting - quarantined
C:\Users\Jeff\Downloads\OffercastInstaller_AVR_U-0214-01-L_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Users\Jeff\Downloads\PIP267_AVR10_.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
 



#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 31 August 2013 - 10:12 AM

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 31 August 2013 - 10:18 AM

I haven't noticed any problems, but we have not been using the computer much while trying to get rid of all of the unwanted items.

What is my next step?



#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 31 August 2013 - 10:25 AM

To monitor your system and to come back here again after a day or two to tell me how is the situation.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 31 August 2013 - 10:31 AM

OK.



#14 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 06 September 2013 - 06:54 AM

Maniac,

We have been using the computer for a few days now. I have not found any viruses but the computer is running a bit slowly, with Outlook being very, very slow.  I ran a quick scan a few days ago and Malwarebytes found a couple of items (log below). Full scans from Malwarebytes and Comodo did not detect any further problems, but Outlook is still slow.

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.03.08
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Jeff :: WIN7-PC [administrator]
 
9/3/2013 11:15:15 PM
mbam-log-2013-09-03 (23-15-15).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 309513
Time elapsed: 23 minute(s), 10 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 September 2013 - 05:45 AM

Your database version is old:

Database version: v2013.09.03.08


Before you run a scan, everytime you should first updating your program and to proceed further with scanning.

Please update your Malwarebytes' Anti-Malware and run a new Quick scan .

About your system perfomance, follow the instructions here:
http://forums.malwar...showtopic=81990
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 09 September 2013 - 07:12 AM

Scan was done on Sept 3.

New scan done last night:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.08.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Jeff :: WIN7-PC [administrator]
 
9/9/2013 12:18:28 AM
mbam-log-2013-09-09 (00-18-28).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 526203
Time elapsed: 2 hour(s), 36 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#17 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 September 2013 - 10:40 AM

Once again, please follow my instructions:

Please update your Malwarebytes' Anti-Malware and run a new Quick scan.


My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#18 jdc246

jdc246

    New Member

  • Members
  • Pip
  • 10 posts

Posted 10 September 2013 - 09:13 PM

Sorry, I missed that you had said to run a Quick Scan.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.11.01
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Jeff :: WIN7-PC [administrator]
 
9/10/2013 9:49:11 PM
mbam-log-2013-09-10 (21-49-11).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312425
Time elapsed: 24 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#19 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 11 September 2013 - 09:48 AM

Do you still have a problem?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#20 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 16 September 2013 - 07:19 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users