orena0

please check second combofix log ComboFix.txt

this should be complete one, sorry ComboFix.txt

combofix log attached ComboFix.txt

combo.txt atached ComboFix.txt

report attached TDSSKiller.2.8.13.0_16.10.2012_19.01.45_log.txt

report attached TDSSKiller.2.8.13.0_16.10.2012_18.48.00_log.txt

Hi I have hijack on my second pc, very similar to the first one. All comes from Vshare plugin I attached log from Malwarebytes, DDS and aswMBR Please advise what to do next aswMBR.txt attach.txt dds.txt mbam-log-2012-10-15 (22-11-50).txt

hi pls check attached reports aswMBR.txt attach.txt dds.txt

Hi Team Please help how to remove Hijack from my pc Please see log from malwarebytes below: Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.14.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [administrator] Protection: Enabled 14/10/2012 19:04:30 mbam-log-2012-10-14 (19-19-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 196410 Time elapsed: 13 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> No action taken. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> No action taken. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> No action taken. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> No action taken. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> No action taken. Registry Values Detected: 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»áµ -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: StartSearchTB -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> No action taken. Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=2&cf=ce09d400-db1d-11e0-ac68-001b24b8795a) Good: (http://www.google.com) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Program Files\StartSearch plugin\ssBarLcher.dll (PUP.VShareRedir) -> No action taken. C:\$Recycle.Bin\S-1-5-21-216454193-2199948706-2891478122-1000\$RWS8EIN.exe (HackTool.SnadBoy) -> No action taken. (end)

Last log from Malwarebytes Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.01.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kamil :: KAMIL-PC [administrator] 01/10/2012 15:37:46 mbam-log-2012-10-01 (15-37-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 215202 Time elapsed: 1 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) All looks good, nothing found now. Great thanks !!!!

Last log attached AdwCleanerS1.txt

AdeCleaner report attached AdwCleanerR1.txt

Hi, Please find out attached reports Attach.txt DDS.txt RKreport1.txt

Hi I can not delete Hijack.StartPage from my PC. Installed from vshare video plugin LOg from Malwarebytes below: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.29.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kamil :: KAMIL-PC [administrator] 01/10/2012 11:48:56 mbam-log-2012-10-01 (13-00-03).txt Scan type: Full scan (C:\|D:\|E:\|Z:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 326320 Time elapsed: 29 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/...0a-00e04db1dbb4) Good: (http://www.google.com) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) My startup page is www.error.com can change it back to google but when restart browser changes did not apply. Please advise what to do to remove this from my computer. THX

Hi I can not delete Hijack.StartPage from my PC. Installed from vshare video plugin LOg from Malwarebytes below: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.29.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kamil :: KAMIL-PC [administrator] 01/10/2012 11:48:56 mbam-log-2012-10-01 (13-00-03).txt Scan type: Full scan (C:\|D:\|E:\|Z:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 326320 Time elapsed: 29 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=ef911f3c-0a30-11e2-bd0a-00e04db1dbb4) Good: (http://www.google.com) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Please advise what to do to remove this from my computer. THX