Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Need to get rid of gzj.jsopen!!!!!!!!!  (Read 10170 times)

0 Members and 1 Guest are viewing this topic.

Old Bear

    Topic Starter


    Rookie

    Need to get rid of gzj.jsopen!!!!!!!!!
    « on: August 27, 2013, 02:26:35 PM »
    This - I think - hijacker is driving me nuts and slowing things to a craw. Sometimes I have to try 5 or more time to get to the page I want wading through all the crap this thing brings up including surveys for what look like legitimate sites.
    Here's the Logs I'm supposed to send: Sure hope someone can help me with this!

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.27.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Ron :: BONES [administrator]

    Protection: Enabled

    8/27/2013 11:22:42 AM
    mbam-log-2013-08-27 (11-22-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 297950
    Time elapsed: 8 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
    Results of screen317's Security Check version 0.99.73 
     Windows XP Service Pack 3 x86   
     Internet Explorer 8 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    Microsoft Security Essentials   
     Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Spyder3Express     
     Malwarebytes Anti-Malware version 1.75.0.1300 
     CCleaner     
     Eusing Free Registry Cleaner 
     Adobe Flash Player    11.8.800.94 
     Adobe Reader 10.1.6 Adobe Reader out of Date! 
     Mozilla Firefox 22.0 Firefox out of Date! 
     Mozilla Thunderbird 14.0. Thunderbird out of Date! 
     Google Chrome 26.0.1410.64 
     Google Chrome 27.0.1453.110 
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Microsoft Security Essentials MSMpEng.exe
     Microsoft Security Essentials msseces.exe
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbamgui.exe 
     Malwarebytes' Anti-Malware mbamscheduler.exe   
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C:: 3%
    ````````````````````End of Log``````````````````````[/u]
     Results of screen317's Security Check version 0.99.73 
     Windows XP Service Pack 3 x86   
     Internet Explorer 8 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    Microsoft Security Essentials   
     Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Spyder3Express     
     Malwarebytes Anti-Malware version 1.75.0.1300 
     CCleaner     
     Eusing Free Registry Cleaner 
     Adobe Flash Player    11.8.800.94 
     Adobe Reader 10.1.6 Adobe Reader out of Date! 
     Mozilla Firefox 22.0 Firefox out of Date! 
     Mozilla Thunderbird 14.0. Thunderbird out of Date! 
     Google Chrome 26.0.1410.64 
     Google Chrome 27.0.1453.110 
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     Microsoft Security Essentials MSMpEng.exe
     Microsoft Security Essentials msseces.exe
     Malwarebytes Anti-Malware mbamservice.exe 
     Malwarebytes Anti-Malware mbamgui.exe 
     Malwarebytes' Anti-Malware mbamscheduler.exe   
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C:: 3%
    ````````````````````End of Log``````````````````````[/u]

    # AdwCleaner v3.001 - Report created 27/08/2013 at 11:12:58
    # Updated 24/08/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Ron - BONES
    # Running from : C:\Documents and Settings\Ron\My Documents\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\DriverCure
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
    Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Speedbit Video Downloader
    Folder Deleted : C:\Program Files\Freeze.com
    Folder Deleted : C:\Program Files\Speedbit Video Downloader
    Folder Deleted : C:\Program Files\TotalRecipeSearch_14EI
    Folder Deleted : C:\Documents and Settings\Ron\IECompatCache
    Folder Deleted : C:\Documents and Settings\Ron\Local Settings\Application Data\PackageAware
    Folder Deleted : C:\Documents and Settings\Ron\Local Settings\Application Data\visi_coupon
    Folder Deleted : C:\Documents and Settings\Ron\Application Data\DriverCure
    Folder Deleted : C:\Documents and Settings\Ron\Application Data\ParetoLogic
    Folder Deleted : C:\Documents and Settings\Ron\Application Data\Toolbar4
    Folder Deleted : C:\Documents and Settings\Jean\IECompatCache
    Folder Deleted : C:\Documents and Settings\Jean\Application Data\Toolbar4
    File Deleted : C:\Documents and Settings\Ron\Desktop\My Video Downloads.lnk
    File Deleted : C:\Documents and Settings\Ron\Desktop\SPEEDbit Video Downloader.lnk
    File Deleted : C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\searchplugins\mywebsearch.xml
    File Deleted : C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\searchplugins\search.xml
    File Deleted : C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
    Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
    Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-

    0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]

    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
    Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe]
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\lyrixeeker
    Key Deleted : HKCU\Software\SBConvert
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SPEEDbit Video Downloader

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702

    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

    -\\ Mozilla Firefox v22.0 (en-US)

    [ File : C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\prefs.js ]

    Line Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
    Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
    Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
    Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
    Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
    Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
    Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
    Line Deleted : user_pref("extensions.funmoods.hmpg", true);
    Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutBzztCtDyB0B0ByBtB0FzytBtA0AtCyBtN0D0Tzu0CtBtCtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=723889288[...]
    Line Deleted : user_pref("extensions.funmoods.id", "28107BB72F923A17");
    Line Deleted : user_pref("extensions.funmoods.instlDay", "15550");
    Line Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
    Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutBzztCtDyB0B0ByBtB0FzytBtA0AtCyBtN0D0Tzu0CtBtCtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=7238892[...]
    Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
    Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
    Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
    Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutBzztCtDyB0B0ByBtB0FzytBtA0AtCyBtN0D0Tzu0CtBtCtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=72388[...]
    Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
    Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

    Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:42:4");
    Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{400F0BDB-6C49-43A4-BE1F-76D7327A604D}\":{\"descriptor\":\"C:\\\\Program Files\\\\Common Files\\\\fluxDVD\\\\Downlo[...]

    [ File : C:\Documents and Settings\Jean\Application Data\Mozilla\Firefox\Profiles\qggjwy82.default\prefs.js ]


    -\\ Google Chrome v27.0.1453.110

    [ File : C:\Documents and Settings\Ron\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

    Deleted : homepage
    Deleted : search_url

    *************************

    AdwCleaner[R0].txt - [17946 octets] - [27/08/2013 11:11:08]
    AdwCleaner[S0].txt - [18102 octets] - [27/08/2013 11:12:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18163 octets] ##########



    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Need to get rid of gzj.jsopen!!!!!!!!!
    « Reply #1 on: August 27, 2013, 04:37:17 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Please download Junkware Removal Tool to your desktop.

    Warning! Once the scan is complete JRT will shut down your browser with NO warning.

    Shut down your protection software now to avoid potential conflicts.

    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

    •The tool will open and start scanning your system.

    •Please be patient as this can take a while to complete depending on your system's specifications.

    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

    •Copy and Paste the JRT.txt log into your next message.
    *****************************************
    Download Combofix from any of the links below, and save it to your DESKTOP
    If your version of Windows defaults to you download folder you will need to copy it to your desktop.

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    Old Bear

      Topic Starter


      Rookie

      Re: Need to get rid of gzj.jsopen!!!!!!!!!
      « Reply #2 on: August 27, 2013, 07:36:49 PM »
      OK,
      Here's the logs you asked for; I don't know how you can keep your sanity and pour over all these logs!
      Thanks!!!!!!!!!!!!!!
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Thisisu
      Version: 5.5.4 (08.22.2013:1)
      OS: Microsoft Windows XP x86
      Ran by Ron on Tue 08/27/2013 at 16:58:45.64
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




      ~~~ Services



      ~~~ Registry Values



      ~~~ Registry Keys

      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\uniblue
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\uniblue
      Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EE565D9B-7379-4E6A-8E72-08338C88709D}
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{142503EE-1C67-A6AE-C1D1-246D0D94038B}



      ~~~ Files



      ~~~ Folders

      Successfully deleted: [Folder] "C:\Documents and Settings\Ron\Application Data\pc cleaners"
      Successfully deleted: [Folder] "C:\Documents and Settings\Ron\Application Data\pcpro"
      Successfully deleted: [Folder] "C:\Documents and Settings\Ron\Local Settings\Application Data\wiseconvert"
      Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
      Successfully deleted: [Folder] "C:\Program Files\wiseconvert"
      Successfully deleted: [Folder] "C:\Documents and Settings\Ron\start menu\programs\free registry cleaner"



      ~~~ FireFox

      Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\[email protected]"
      Successfully deleted: [Folder] C:\Documents and Settings\Ron\Application Data\mozilla\firefox\profiles\hoeo65rx.default\extensions\[email protected]



      ~~~ Chrome
      Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\epojlgbehpaeekopencdagbdamnkppci





      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on Tue 08/27/2013 at 17:02:29.48
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      ComboFix 13-08-27.02 - Ron 08/27/2013  17:10:38.1.2 - x86
      Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.980 [GMT -8:00]
      Running from: c:\documents and settings\Ron\My Documents\Downloads\ComboFix.exe
      AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
      AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\documents and settings\All Users\Application Data\TEMP
      c:\documents and settings\Guest\Application Data\Toolbar4
      c:\documents and settings\Guest\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\6f52dca438370b63146a128c3829cc7e
      c:\documents and settings\Guest\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\bbb9c886cf2ba534f4be36c9ba863f2f
      c:\documents and settings\Guest\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\include_files\ac140ff056abe0c585708505fd1ede17
      c:\documents and settings\Guest\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.png
      c:\documents and settings\Ron\WINDOWS
      c:\windows\system32\service
      c:\windows\system32\service\02012010_TIS17_SfFniAU.log
      c:\windows\system32\service\02092009_TIS17_SfFniAU.log
      c:\windows\system32\service\26032009_TIS17_SfFniAU.log
      c:\windows\system32\SET248.tmp
      c:\windows\system32\SET24C.tmp
      c:\windows\system32\SET24D.tmp
      c:\windows\system32\SET254.tmp
      c:\windows\system32\SET29C.tmp
      .
      .
      (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Legacy_MYWEBSEARCHSERVICE
      .
      .
      (((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-28  )))))))))))))))))))))))))))))))
      .
      .
      2013-08-28 00:58 . 2013-08-28 00:58   --------   d-----w-   c:\windows\ERUNT
      2013-08-28 00:49 . 2013-08-28 00:49   --------   d-sh--w-   c:\documents and settings\Ron\IECompatCache
      2013-08-27 19:10 . 2013-08-27 19:13   --------   dc----w-   C:\AdwCleaner
      2013-08-27 18:51 . 2013-08-27 18:51   --------   d-----w-   c:\program files\CCleaner
      2013-08-27 16:50 . 2013-08-27 16:50   --------   d-----w-   c:\documents and settings\Ron\Application Data\Malwarebytes
      2013-08-27 16:50 . 2013-08-27 16:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
      2013-08-27 16:50 . 2013-08-27 16:50   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
      2013-08-27 16:50 . 2013-04-04 22:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2013-08-27 10:14 . 2013-08-06 07:28   7166848   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B6C8E5B8-5F89-427A-BB04-7F8066360B80}\mpengine.dll
      2013-08-26 10:14 . 2013-08-06 07:28   7166848   ----a-w-   c:\documents and settings\All Users\Application
      Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
      2013-08-24 01:56 . 2013-08-24 01:57   --------   d-----w-   c:\program files\Lightspark 0.5.3-git
      2013-08-23 04:39 . 2013-08-23 04:39   --------   d-----w-   c:\program files\iPod
      2013-08-23 04:39 . 2013-08-23 04:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
      2013-08-14 19:11 . 2013-08-14 19:11   4774272   ----a-w-   c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
      2013-08-14 19:11 . 2013-08-14 19:11   4774272   ----a-w-   c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
      .
      .
      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-08-25 02:39 . 2012-03-31 19:16   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
      2013-08-25 02:39 . 2011-06-11 16:55   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-07-26 02:47 . 2004-08-04 12:00   920064   ----a-w-   c:\windows\system32\wininet.dll
      2013-07-26 02:47 . 2004-08-04 12:00   43520   ------w-   c:\windows\system32\licmgr10.dll
      2013-07-26 02:47 . 2004-08-04 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
      2013-07-25 22:47 . 2013-07-25 22:47   1535608   ----a-w-   c:\windows\system32\Codejock.ReportControl.Unicode.v16.2.2.ocx
      2013-07-25 22:47 . 2013-07-25 22:47   1138296   ----a-w-   c:\windows\system32\Codejock.DockingPane.Unicode.v16.2.2.ocx
      2013-07-25 22:47 . 2013-07-25 22:47   1977976   ----a-w-   c:\windows\system32\Codejock.Controls.Unicode.v16.2.2.ocx
      2013-07-25 15:52 . 2004-08-04 12:00   385024   ------w-   c:\windows\system32\html.iec
      2013-07-19 13:00 . 2013-07-19 13:00   207872   ----a-w-   c:\windows\system32\tx19_ic.dll
      2013-07-19 03:01 . 2013-07-19 03:01   1273344   ----a-w-   c:\windows\system32\tx19.dll
      2013-07-18 09:42 . 2013-07-18 09:42   1223168   ----a-w-   c:\windows\system32\tx19_dox.dll
      2013-07-16 13:42 . 2013-07-16 13:42   731136   ----a-w-   c:\windows\system32\tx19_doc.dll
      2013-07-16 13:42 . 2013-07-16 13:42   612352   ----a-w-   c:\windows\system32\tx19_rtf.dll
      2013-07-16 12:04 . 2013-07-16 12:04   893440   ----a-w-   c:\windows\system32\tx19_htm.dll
      2013-07-15 12:05 . 2013-07-15 12:05   291840   ----a-w-   c:\windows\system32\tx19_tls.dll
      2013-07-15 09:42 . 2013-07-15 09:42   680960   ----a-w-   c:\windows\system32\tx19_pdf.dll
      2013-07-10 10:37 . 2004-08-04 12:00   406016   ----a-w-   c:\windows\system32\usp10.dll
      2013-07-04 03:03 . 2004-08-04 12:00   2149888   ----a-w-   c:\windows\system32\ntoskrnl.exe
      2013-07-04 02:08 . 2004-08-03 22:59   2028544   ----a-w-   c:\windows\system32\ntkrnlpa.exe
      2013-06-19 05:50 . 2009-12-02 23:23   211560   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
      2013-06-04 07:23 . 2004-08-04 12:00   562688   ------w-   c:\windows\system32\qedit.dll
      2013-06-04 01:40 . 2004-08-04 12:00   1876736   ----a-w-   c:\windows\system32\win32k.sys
      .
      .
      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Nero PhotoShow Media Manager"="c:\progra~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe" [2007-04-27 312848]
      "EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19876456]
      .

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
      "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 995176]
      "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
      "EPSON Stylus C88 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
      "EPSON Stylus C88 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE" [2005-01-27 98304]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
      .
      c:\documents and settings\Ron\Start Menu\Programs\Startup\
      OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
      .
      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      PowerAlert Status.lnk - c:\program files\TrippLite\PowerAlert\console\pastatus.exe [2009-3-26 364032]
      Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]
      Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-556 revA\wirelesscm.exe [2012-6-30 505152]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute   REG_MULTI_SZ      autocheck autochk *\0\0sdnclean.exe
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, EjdernOfzeyc.dll
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
      @="Service"
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
      "c:\\WINDOWS\\system32\\ftp.exe"=
      "c:\\Program Files\\Acronis\\TrueImageHome\\TrueImage.exe"=
      "c:\\WINDOWS\\system32\\mmc.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "10803:UDP"= 10803:UDP:UDP 10803
      "23034:UDP"= 23034:UDP:UDP 23034
      "22868:TCP"= 22868:TCP:TCP 22868
      "10400:TCP"= 10400:TCP:TCP 10400
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

      AllowInboundEchoRequest"= 1 (0x1)
      .
      R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [8/27/2013 8:50 AM 418376]
      R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/14/2013 11:10 AM 3291008]
      R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [6/30/2012 2:44 PM 20480]
      R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [6/30/2012 2:44 PM 57440]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/27/2013 8:50 AM 22856]
      S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
      S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;

      S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/27/2013 8:50 AM 701512]
      S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 10:57 AM 162408]
      S3 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [9/22/2008 10:49 PM 138616]
      S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\D-Link\DWA-556 revA\jswpsapi.exe [6/30/2012 2:44 PM 356433]
      S3 KAMG54LDR;BUFFALO WLI-U2-KAMG54 Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [6/8/2005 7:18 PM 43392]
      S3 PctrlsInjectService;PctrlsInjectService;

      S3 PowerAlert Agent;PowerAlert Agent;c:\program files\TrippLite\PowerAlert\engine\pal.exe [3/26/2009 10:52 AM 1575936]
      S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [11/9/2007 7:48 PM 11520]
      S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [9/8/2008 5:26 PM 12288]
      S3 U2KAMG54;BUFFALO WLI-U2-KAMG54 Wireless LAN Adapter Service;c:\windows\system32\drivers\ar5523.sys [6/8/2005 7:15 PM 288448]
      S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
      S3 WLSVC;WLSVC;c:\program files\D-Link\DWA-556 revA\WLSVC.exe [6/30/2012 2:44 PM 167936]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      p2psvc   REG_MULTI_SZ      p2psvc p2pimsvc p2pgasvc PNRPSvc
      HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
      2013-06-06 22:49   1165776   ----a-w-   c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
      2009-03-08 12:32   128512   ------w-   c:\windows\system32\advpack.dll
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:39]
      .
      2013-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
      .
      2013-08-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
      2010-08-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
      - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]
      .
      2013-08-28 c:\windows\Tasks\OGALogon.job
      - c:\windows\system32\OGAEXEC.exe [2009-08-04 00:07]
      .
      2013-08-25 c:\windows\Tasks\Roxio PhotoShow Updater.job
      - c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2010-06-11 04:25]
      .
      2013-08-27 c:\windows\Tasks\User_Feed_Synchronization-{AE75DECB-C98F-407D-830B-CFCED4BC66B0}.job
      - c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://privatelee.com/
      uDefault_Search_URL = hxxp://www.google.com/ie
      mStart Page = hxxp://www.google.com
      uInternet Settings,ProxyOverride = *.local
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
      IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
      IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
      Trusted Zone: intuit.com\ttlc
      Trusted Zone: turbotax.com
      TCP: DhcpNameServer = 192.168.0.1
      FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\
      FF - ExtSQL: 2013-08-22 20:00; [email protected]; c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\extensions\[email protected]
      FF - ExtSQL: 2013-08-25 17:29; {b6e6de87-0e24-48af-b68c-c1a6a067e45f}; c:\program files\LyriXeeker\130.xpi
      FF - ExtSQL: 2013-08-25 23:54; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\hoeo65rx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
      .
      - - - - ORPHANS REMOVED - - - -
      .
      AddRemove-Eusing Free Registry Cleaner - c:\progra~1\EUSING~1\UNWISE.EXE
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2013-08-27 17:17
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ... 
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ... 
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
      @Denied: (2) (LocalSystem)
      "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
         d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,fa,13,7d,26,35,eb,43,80,47,08,\
      "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
         d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,fa,13,7d,26,35,eb,43,80,47,08,\
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'lsass.exe'(1516)
      c:\windows\system32\relog_ap.dll
      .
      - - - - - - - > 'explorer.exe'(392)
      c:\windows\system32\WININET.dll
      c:\program files\Unlocker\UnlockerHook.dll
      c:\program files\Windows Desktop Search\deskbar.dll
      c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
      c:\program files\Windows Desktop Search\dbres.dll
      c:\program files\Windows Desktop Search\wordwheel.dll
      c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
      c:\program files\Windows Desktop Search\msnlExtRes.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\Microsoft Security Client\MsMpEng.exe
      c:\program files\Ahead\InCD\InCDsrv.exe
      c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\windows\system32\tcpsvcs.exe
      c:\windows\system32\SearchIndexer.exe
      c:\windows\system32\wscntfy.exe
      c:\program files\OpenOffice.org 3\program\soffice.exe
      c:\program files\OpenOffice.org 3\program\soffice.bin
      c:\program files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Completion time: 2013-08-27  17:24:14 - machine was rebooted
      ComboFix-quarantined-files.txt  2013-08-28 01:24
      .
      Pre-Run: 15,463,792,640 bytes free
      Post-Run: 15,487,082,496 bytes free
      .
      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
      .
      - - End Of File - - 34BC3E5D0C76ACC8E29A1ED36EEE9191
      8F558EB6672622401DA993E1E865C861






      Logged

      SuperDave

      • Malware Removal Specialist
      • Moderator


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Need to get rid of gzj.jsopen!!!!!!!!!
      « Reply #3 on: August 28, 2013, 01:25:39 PM »
      SysProt Antirootkit

      Download
      SysProt Antirootkit from the link below (you will find it at the bottom
      of the page under attachments, or you can get it from one of the
      mirrors).

      http://sites.google.com/site/sysprotantirootkit/

      Unzip it into a folder on your desktop.
      • Double click Sysprot.exe to start the program.
      • Click on the Log tab.
      • In the Write to log box select the following items.
        • Process << Selected
        • Kernel Modules << Selected
        • SSDT << Selected
        • Kernel Hooks << Selected
        • IRP Hooks << NOT Selected
        • Ports << NOT Selected
        • Hidden Files << Selected
      • At the bottom of the page
        • Hidden Objects Only << Selected
      • Click on the Create Log button on the bottom right.
      • After a few seconds a new window should appear.
      • Select Scan Root Drive. Click on the Start button.
      • When it is complete a new window will appear to indicate that the scan is finished.
      • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
      *****************************************
      • Download RogueKiller on the desktop
      • Close all the running programs
      • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
      • Otherwise just double-click on RogueKiller.exe
      • Pre-scan will start. Let it finish.
      • Click on SCAN button.
      • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
      • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      Old Bear

        Topic Starter


        Rookie

        Re: Need to get rid of gzj.jsopen!!!!!!!!!
        « Reply #4 on: August 28, 2013, 06:51:19 PM »
        Here's the new logs:
        SysProt AntiRootkit v1.0.1.0
        by swatkat

        ******************************************************************************************
        ******************************************************************************************

        No Hidden Processes found

        ******************************************************************************************
        ******************************************************************************************
        Kernel Modules:
        Module Name: Combo-Fix.sys
        Service Name: ---
        Module Base: B8138000
        Module End: B8147000
        Hidden: Yes

        Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
        Service Name: ---
        Module Base: B4385000
        Module End: B4389000
        Hidden: Yes

        Module Name: \SystemRoot\System32\Drivers\dump_nvgts.sys
        Service Name: ---
        Module Base: B4034000
        Module End: B4059000
        Hidden: Yes

        Module Name: \??\C:\ComboFix\catchme.sys
        Service Name: catchme
        Module Base: B3481000
        Module End: B3489000
        Hidden: Yes

        Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
        Service Name: ---
        Module Base: B85C2000
        Module End: B85C4000
        Hidden: Yes

        ******************************************************************************************
        ******************************************************************************************
        No SSDT Hooks found

        ******************************************************************************************
        ******************************************************************************************
        No Kernel Hooks found

        ******************************************************************************************
        ******************************************************************************************
        Hidden files/folders:
        Object: C:\Qoobox\BackEnv\AppData.folder.dat
        Status: Access denied
        Object: C:\Qoobox\BackEnv\Cache.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Cookies.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Desktop.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Favorites.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\History.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Music.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\NetHood.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Personal.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Pictures.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Programs.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\Recent.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SendTo.folder.dat
        Status: Access denied

        Object: C:\Qoobox\BackEnv\SetPath.bat
        Status: Access denied
        Status: Access denied

        Object: C:\Qoobox\BackEnv\StartUp.folder.dat

        »¿RogueKiller V8.6.7 [Aug 28 2013] by Tigzy
        mail : tigzyRK<at>gmail<dot>com
        Feedback : http://www.adlice.com/forum/
        Website : http://www.adlice.com/softwares/roguekiller/
        Blog : http://tigzyrk.blogspot.com/

        Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
        Started in : Normal mode
        User : Ron [Admin rights]
        Mode : Scan -- Date : 08/28/2013 16:43:25
        | ARK || FAK || MBR |

        ¤¤¤ Bad processes : 0 ¤¤¤

        ¤¤¤ Registry Entries : 2 ¤¤¤
        [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
        [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

        ¤¤¤ Scheduled tasks : 0 ¤¤¤

        ¤¤¤ Startup Entries : 0 ¤¤¤

        ¤¤¤ Web browsers : 0 ¤¤¤

        ¤¤¤ Particular Files / Folders: ¤¤¤

        ¤¤¤ Driver : [LOADED] ¤¤¤

        ¤¤¤ External Hives: ¤¤¤
        -> E:\windows\system32\config\SYSTEM | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
        -> E:\windows\system32\config\SOFTWARE | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
        -> E:\windows\system32\config\DEFAULT | DRVINFO [Drv - E:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]

        ¤¤¤ Infection :  ¤¤¤

        ¤¤¤ HOSTS File: ¤¤¤
        --> %SystemRoot%\System32\drivers\etc\hosts


        127.0.0.1       localhost


        ¤¤¤ MBR Check: ¤¤¤

        +++++ PhysicalDrive0: WDC WD1600AAJB-00J3A0 +++++
        --- User ---
        [MBR] 73d77d877c083e0a19bf53c67e870485
        [BSP] 55db1525e45e9c15581a04711676d502 : Windows XP MBR Code
        Partition table:
        0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
        User = LL1 ... OK!
        Error reading LL2 MBR!
        +++++ PhysicalDrive1: WDC WD1600AAJB-00J3A0 +++++
        --- User ---
        [MBR] 73c3337732ed0646783bae50fe7128cc
        [BSP] 49860ef4b6f5210ef618471f247b741e : Windows XP MBR Code
        Partition table:
        0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 Mo
        User = LL1 ... OK!
        Error reading LL2 MBR!

        Finished : << RKreport[0]_S_08282013_164324.txt >>
        RKreport[0]_S_08282013_162545.txt

        I have NOT removed the two registry items RogueKiller found - waiting for your instructions.
        Thanks
        Ron

        Logged

        Old Bear

          Topic Starter


          Rookie

          Re: Need to get rid of gzj.jsopen!!!!!!!!!
          « Reply #5 on: August 29, 2013, 03:00:48 PM »
          Just for your information: Things are getting worse. Browsing is getting very frustrating with more and more pages being re directed to surveys, warnings that pages have been blocked, adds etc.  This morning it took 5 - 6 tries to get my mail (Yahoo.com) without getting a 'bad request' notice or redirected to a "Yahoo survey" - - -

          Hope this helps you on my case.
          Thanks for your work
          Ron
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Need to get rid of gzj.jsopen!!!!!!!!!
          « Reply #6 on: August 29, 2013, 04:20:46 PM »
          Quote
          I have NOT removed the two registry items RogueKiller found - waiting for your instructions.
          Please run it again and delete those items.
          What browser are you using?

          I'd like to scan your machine with ESET OnlineScan

          •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
          ESET OnlineScan

          •Click the button.
          •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
          • Click on to download the ESET Smart Installer. Save it to your desktop.
          • Double click on the icon on your desktop.
          •Check
          •Click the button.
          •Accept any security warnings from your browser.
          • Leave the check mark next to Remove found threats.
          •Check
          •Push the Start button.
          •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
          •When the scan completes, push
          •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
          •Push the button.
          •Push
          A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          Old Bear

            Topic Starter


            Rookie

            Re: Need to get rid of gzj.jsopen!!!!!!!!!
            « Reply #7 on: August 29, 2013, 06:54:27 PM »
            Here you are:

            ESETSmartInstaller@High as downloader log:
            all ok
            # version=8
            # OnlineScannerApp.exe=1.0.0.1
            # OnlineScanner.ocx=1.0.0.6920
            # api_version=3.0.2
            # EOSSerial=0660ad9325b83841a7b608258b95af24
            # engine=14947
            # end=finished
            # remove_checked=true
            # archives_checked=false
            # unwanted_checked=false
            # unsafe_checked=false
            # antistealth_checked=true
            # utc_time=2013-08-30 12:43:42
            # local_time=2013-08-29 04:43:42 (-0900, Alaskan Daylight Time)
            # country="United States"
            # lang=1033
            # osver=5.1.2600 NT Service Pack 3
            # compatibility_mode=5892 16777213 88 94 4170319 27932521 0 0
            # scanned=113289
            # found=1
            # cleaned=1
            # scan_time=2349
            sh=108662467A7895B95111F4143589CC45BBA730C0 ft=1 fh=42cefe33cc21d700 vn="a variant of Win32/Adware.AddLyrics.N application (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\_restore{862D744F-D1F0-4DE2-9419-D8CE5640EB81}\RP2748\A0181409.exe"
            ESETSmartInstaller@High as downloader log:
            all ok
            Logged

            Old Bear

              Topic Starter


              Rookie

              Re: Need to get rid of gzj.jsopen!!!!!!!!!
              « Reply #8 on: August 29, 2013, 07:37:33 PM »
              Sorry forgot to mention the browser I have been using: Google Chrome. I also have IE, Firefox, and Safari.
              Today I just started getting a "pop in" comes in from the side and says: "The Webpage was blocked by an extension" It has the Google Chrome Logo on it. It advises to disable your extensions and then reload the webpage. I have not done than and try to keep hitting the XHIDE AD button which just shoves it a little ways to the side. It's terribly annoying and gets in the way of some text and sometimes button. It hid some of the bottons on one of the scanning pages you had me load and made getting it done difficult.
              Again
              Hope this helps -
              Logged

              Old Bear

                Topic Starter


                Rookie

                Re: Need to get rid of gzj.jsopen!!!!!!!!!
                « Reply #9 on: August 29, 2013, 08:47:28 PM »
                A little more information that might help.
                I just resurrected Safari after not using it for a long while and other than being somewhat slower than Chrome - but faster than IE it is working quite well so far. I'm going to give IE and Firefox a try as well.
                I'll let you know how that worked out.
                Ron
                Logged

                Old Bear

                  Topic Starter


                  Rookie

                  Re: Need to get rid of gzj.jsopen!!!!!!!!!
                  « Reply #10 on: August 29, 2013, 09:12:38 PM »
                  "SEEMS" to be limited to Chrome. I disable all the extensions that were active in my Chrome browser and that seems to have even stopped the pop up and other problems. But this has not been a 'stable' problem as it seems to ebb and flow.
                  Anyway - Won't change anything else until I hear from you -
                  Ron
                  Logged

                  SuperDave

                  • Malware Removal Specialist
                  • Moderator


                    • Genius
                    • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: Need to get rid of gzj.jsopen!!!!!!!!!
                  « Reply #11 on: August 30, 2013, 01:30:29 PM »
                  Please try uninstalling and re-installing Chrome.
                  Logged
                  Windows 8 and Windows 10 dual boot with two SSD's

                  Old Bear

                    Topic Starter


                    Rookie

                    Re: Need to get rid of gzj.jsopen!!!!!!!!!
                    « Reply #12 on: August 30, 2013, 07:10:31 PM »
                    OK,
                    Removed Chrome and reinstalled. So far so good. The other browsers are behaving also.
                    Ron
                    Logged

                    SuperDave

                    • Malware Removal Specialist
                    • Moderator


                      • Genius
                      • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    Re: Need to get rid of gzj.jsopen!!!!!!!!!
                    « Reply #13 on: August 31, 2013, 01:20:03 PM »
                    Quote from: Old Bear on August 30, 2013, 07:10:31 PM
                    OK,
                    Removed Chrome and reinstalled. So far so good. The other browsers are behaving also.
                    Ron
                    Good. Let me know how it goes in a few days and then we can do some cleanup.
                    Logged
                    Windows 8 and Windows 10 dual boot with two SSD's
                    Pages: [1]   Go Up
                    « previous next »