TechSpot

Unwanted home page and new tab in mozilla after installing a free program

Inactive
By miladbrain
Nov 23, 2013
  1. When I open Firefox it reverts to the following linked search engine:
    file:///C:/Users/MILAD/AppData/Local/TNT2/Common/pinnedSearch.htm
    When I open a new tab the same thing happens.

    and all of these just started after I installed Hotspot Shield (a free internet proxy) and it even uninstalling the program didn't solve it.

    I have reset the home page to default but this does nothing. I can still browse websites and apparently there is no problem but I don't want this, y'know.

    I scanned my com with RogueKiller and these are the reports:
    -----------------------------------------------------------------------------------------------------
    RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : MILAD [Admin rights]
    Mode : Remove -- Date : 11/23/2013 12:52:39
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost
    Internet Download Manager v6.08 Build 9
    ---------------------------------------
    1- Register in the hosts * c: \ Windows \ System32 \ drivers \ etc \ hosts * open for example using notepad.
    127.0.0.1 tonec.com
    127.0.0.1 www.tonec.com
    127.0.0.1 registeridm.com
    127.0.0.1 www.registeridm.com
    127.0.0.1 secure.registeridm.com
    127.0.0.1 internetdownloadmanager.com
    127.0.0.1 www.internetdownloadmanager.com
    127.0.0.1 secure.internetdownloadmanager.com
    127.0.0.1 mirror.internetdownloadmanager.com
    127.0.0.1 mirror2.internetdownloadmanager.com
    127.0.0.1 mirror3.internetdownloadmanager.com
    2- Install IDM
    3- Apply Patch
    -----------------------
    www.p30download.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS543232L9SA00 +++++
    --- User ---
    [MBR] 379ad1adbbb28e76865ad5c74945bef1
    [BSP] 86cdb7ee59ac0239545df43f9c7c7c48 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10823 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22167552 | Size: 46764 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 117942272 | Size: 82551 Mo
    3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 287006720 | Size: 165104 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_11232013_125239.txt >>
    RKreport[0]_S_11232013_125147.txt
    -------------------------------------------------------------------------------------------------
    RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : MILAD [Admin rights]
    Mode : Remove -- Date : 11/23/2013 12:52:39
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost
    Internet Download Manager v6.08 Build 9
    ---------------------------------------
    1- Register in the hosts * c: \ Windows \ System32 \ drivers \ etc \ hosts * open for example using notepad.
    127.0.0.1 tonec.com
    127.0.0.1 www.tonec.com
    127.0.0.1 registeridm.com
    127.0.0.1 www.registeridm.com
    127.0.0.1 secure.registeridm.com
    127.0.0.1 internetdownloadmanager.com
    127.0.0.1 www.internetdownloadmanager.com
    127.0.0.1 secure.internetdownloadmanager.com
    127.0.0.1 mirror.internetdownloadmanager.com
    127.0.0.1 mirror2.internetdownloadmanager.com
    127.0.0.1 mirror3.internetdownloadmanager.com
    2- Install IDM
    3- Apply Patch
    -----------------------
    www.p30download.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS543232L9SA00 +++++
    --- User ---
    [MBR] 379ad1adbbb28e76865ad5c74945bef1
    [BSP] 86cdb7ee59ac0239545df43f9c7c7c48 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10823 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22167552 | Size: 46764 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 117942272 | Size: 82551 Mo
    3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 287006720 | Size: 165104 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_11232013_125239.txt >>
    RKreport[0]_S_11232013_125147.txt
    ------------------------------------------------------------------------------------------------------------

    Then I created a new restore point and performed a scan with Malwarebytes Anti-Rootkit. Here are the logs:

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1007

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.0.6002 Windows Vista Service Pack 2 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 4259438592, free: 2361790464

    Downloaded database version: v2013.11.23.05
    Downloaded database version: v2013.10.11.02
    =======================================
    Initializing...
    ------------ Kernel report ------------
    11/23/2013 13:00:31
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\FSPFltd.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\yk60x64.sys
    \SystemRoot\system32\DRIVERS\NETw5v64.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\DRIVERS\risdsn64.sys
    \SystemRoot\system32\DRIVERS\rimssn64.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\SFEP.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\tapSF0901.sys
    \SystemRoot\system32\DRIVERS\taphss6.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RtHDMIVX.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\hssdrv6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\Sentinel64.sys
    \SystemRoot\system32\DRIVERS\idmwfp.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\WUDFPf.sys
    \SystemRoot\system32\DRIVERS\xaudio64.sys
    \??\d:\Program Files\CyberLink\PowerDVD8\PowerDVD8\000.fcl
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa8007e43300
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000071\
    Lower Device Object: 0xfffffa8007e9e050
    Lower Device Driver Name: \Driver\rimsptsk\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007e3b790
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000070\
    Lower Device Object: 0xfffffa8007e799e0
    Lower Device Driver Name: \Driver\risdptsk\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006b60790
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004bed050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006b60790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006b602c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006b60790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8004ba4cf0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004bed050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 8EBF15C6

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 22165504

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22167552 Numsec = 95773352
    Partition is not bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 117942272 Numsec = 169064448

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 287006720 Numsec = 338132992

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xfffffa8007e3b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007e3b2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007e3b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8007e799e0, DeviceName: \Device\00000070\, DriverName: \Driver\risdptsk\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xfffffa8007e43300, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007eb4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007e43300, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8007e9e050, DeviceName: \Device\00000071\, DriverName: \Driver\rimsptsk\
    ------------ End ----------
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_22167552_i.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
    Removal finished
    -------------------------------------------------------------------------------------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.07.0.1007
    www.malwarebytes.org

    Database version: v2013.11.23.05

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    MILAD :: MOHAMMADREZA-PC [administrator]

    11/23/2013 01:00:39 ب.ظ
    mbar-log-2013-11-23 (13-00-39).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 236922
    Time elapsed: 22 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    ------------------------------------------------------------------------------------------------------------


    Then I did a scan with ComboFix and here is the result:

    ComboFix 13-11-22.01 - MILAD 11/23/2013 13:33:17.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.981.1033.18.4062.2175 [GMT 3.5:30]
    Running from: c:\users\MILAD\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\test.txt
    c:\windows\SysWow64\FlashPlayerApp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-10-23 to 2013-11-23 )))))))))))))))))))))))))))))))
    .
    .
    2013-11-23 10:15 . 2013-11-23 10:15 -------- d-----w- c:\users\MILAD\AppData\Local\temp
    2013-11-23 09:30 . 2013-11-23 09:30 -------- d-----w- c:\programdata\Malwarebytes
    2013-11-23 09:30 . 2013-11-23 09:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-11-23 09:30 . 2013-11-23 09:30 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2013-11-23 09:28 . 2013-11-23 09:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2013-11-22 15:49 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FE83E8C-C4F8-4295-912E-496D4AEEFC3B}\mpengine.dll
    2013-11-22 15:39 . 2013-11-01 23:31 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
    2013-11-22 09:55 . 2013-11-22 09:55 -------- d-----w- c:\programdata\Hotspot Shield
    2013-11-22 09:54 . 2013-11-22 15:39 -------- d-----w- c:\program files (x86)\Hotspot Shield
    2013-11-22 09:54 . 2013-11-22 09:54 -------- d-----w- c:\users\MILAD\AppData\Roaming\Hotspot Shield
    2013-11-21 16:27 . 2013-11-21 16:27 -------- d-----w- c:\program files (x86)\RadioRage_4j
    2013-11-21 15:31 . 2013-11-21 15:31 -------- d-----w- c:\users\MILAD\AppData\Local\TNT2
    2013-11-21 09:18 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-11-06 08:28 . 2013-10-18 08:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B913AC87-5BAB-44FE-AE0E-0E1AB0DD99E7}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-11-19 10:21 . 2009-11-04 19:14 267936 ------w- c:\windows\system32\MpSigStub.exe
    2013-10-18 08:58 . 2013-03-12 21:54 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-10-16 01:44 . 2013-10-16 01:44 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Messenger (Yahoo!)"="d:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-03 6497592]
    "IDMan"="d:\program files\InternetDownloadManager\Internet Download Manager\IDMan.exe" [2012-01-26 3462552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-11 61440]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
    "RegistrationReminder"="c:\program files\Sony\First Experience\OOBEFcdRegistration.exe" [2009-04-14 2054448]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
    "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
    "RemoteControl8"="d:\program files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
    "PDVD8LanguageShortcut"="d:\program files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
    "Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2008-05-20 891904]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    "RadioRage Search Scope Monitor"="c:\progra~2\RADIOR~1\bar\1.bin\4jsrchmn.exe" [2013-11-21 44784]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-7-18 113664]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 1076264]
    Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2013-1-18 60384]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="userinit.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-11-17 14:07 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-12 02:12]
    .
    2013-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-12 02:12]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-12-19 19:46 22408 ----a-w- d:\program files\InternetDownloadManager\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
    "mylbx"="d:\program files\My Lockbox\mylbx.exe" [2013-02-02 2584352]
    "RadioRage Home Page Guard 64 bit"="c:\progra~2\RADIOR~1\bar\1.bin\AppIntegrator64.exe" [2013-11-21 548936]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Download all links with IDM - d:\program files\InternetDownloadManager\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - d:\program files\InternetDownloadManager\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Translate with &Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    LSP: %SystemRoot%\system32\PrxerDrv.dll
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    FF - ProfilePath - c:\users\MILAD\AppData\Roaming\Mozilla\Firefox\Profiles\lebcghtu.default\
    FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 8580
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 8080
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2013-10-19 18:51; jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack; c:\users\MILAD\AppData\Roaming\Mozilla\Firefox\Profiles\lebcghtu.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
    FF - ExtSQL: 2013-11-21 19:57; 4jffxtbr@RadioRage_4j.com; c:\users\MILAD\AppData\Roaming\Mozilla\Firefox\Profiles\lebcghtu.default\extensions\4jffxtbr@RadioRage_4j.com
    FF - ExtSQL: 2013-11-22 13:24; afext@anchorfree.com; d:\program files\Mozilla Firefox\browser\extensions\afext@anchorfree.com
    FF - user.js: browser.startup.homepage - hxxp://search.us.com/?guid={C47DEED3-8067-4F9C-8ECF-C5DC3762216D}
    FF - user.js: browser.startup.page - 1
    FF - user.js: browser.newtab.url - file:///c:\users\MILAD\AppData\Local\TNT2\Common\pinnedSearch.htm
    .
    - - - - ORPHANS REMOVED - - - -
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk - (no file)
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
    "ImagePath"="\??\d:\program files\CyberLink\PowerDVD8\PowerDVD8\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2916493813-866678245-710253452-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):0c,d2,f0,e5,b6,8c,32,f5,18,e5,b5,78,f0,50,f9,fb,b2,26,88,16,c0,
    62,30,e0,eb,35,4c,56,02,1f,58,4e,fe,7a,2c,e6,7b,e1,7f,8a,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2916493813-866678245-710253452-1001_Classes\Wow6432Node\CLSID\{dbf578c8-3754-4221-a992-dc23556c2fdb}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000075
    "Therad"=dword:0000000f
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    Completion time: 2013-11-23 13:49:48
    ComboFix-quarantined-files.txt 2013-11-23 10:19
    .
    Pre-Run: 526,135,296 bytes free
    Post-Run: 905,998,336 bytes free
    .
    - - End Of File - - 8980E4E67A1695B9D488276516DB807F
    5C616939100B85E558DA92B899A0FC36

    Now I don't know what I should do. Thanks for trying to help me.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,037   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Never run Combofix on your own!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.