HKLM\.\Run: => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) (If an entry is included in the fixlist, the registry item will be restored to default or removed. (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe () C:\Program Files\ITSamples\NetworkIndicator\NetworkIndicator.exe
(Flux Software LLC) C:\Users\Jim\AppData\Local\FluxSoftware\Flux\flux.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (AVEO) C:\Program Files\DIGIOPTICS SOFTWARE R&D CENTER\DIGIOPTICS SOFTWARE R&D CENTER\AveoSTI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis International GmbH) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\Windows\System32\vmnat.exe (Greatis Software) C:\Program Files\UnHackMe\hackmon.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe () C:\Program Files\Core Temp\Core Temp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Bayer Healthcare LLC) C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (If an entry is included in the fixlist, the process will be closed. Internet Explorer Version 11 (Default browser: FF)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Loaded Profiles: Jim (Available Profiles: Jim) Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015 It seems that they system is clean, but I would like confirmation of this. Then ran CCleaner, and cleaned registry, and checked for startup programs.ĭid new sacns with MBAM, Unhackme, and Comodo. I also booted into linux, and removed the directory by hand. Malwarebytes got 68 items, couldn't get rid of nixsrv.ĭownloaded and ran Unhackme, which seems to have done the job. Comodo Internet Security stopped some installs but not all, and didn't find anything on scan. It redirected my search engines and home pages as well.
It installed a bunch of crapware, the most insidious was the nixsrv.exe adware.
I got hit with a media player update codec trojan.