Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE & Mozilla browsers hijacked by hao123 and won't go away!


  • This topic is locked This topic is locked

#46
itsdave

itsdave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I appreciate your time and effort.

 

edit: looks like we might've find ourselves something interesting.. I'll leave it up to your judgement on what to do with it and how to proceed.

 

 

Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by David (2016-02-23 23:04:40)
Running from D:\Users\user\Desktop
Boot Mode: Normal

================== Search Files: "*hao*" =============

C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VTTVXRF\www.hao123.com\res\swf\LocalStorage.swf\$hao123$.sol
[2016-02-13 10:57][2016-02-13 10:57] 0000078 ____A () 4590DDB5D126A022E783F808C6945E8F [File not signed]

C:\Users\David\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GIZETFI5\359565-ie-mozilla-browsers-hijacked-by-hao123-and-wont-go-away[2].htm
[2016-02-14 22:55][2016-02-14 22:55] 0637021 ____A () 959EA2160F80E74FA6F1E69DDE7E23E1 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_game_client_en_au\managedfiles\0.0.0.75\DATA\Sounds\Wwise\VO\en_US\Characters\XinZhao\Skins\Skin05\XinZhao_Skin05_VO_audio.bnk
[2016-02-13 18:58][2016-02-13 18:58] 0000032 ____A () 4882CA872CCF8FFF7B0BFB8666068813 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_game_client_en_au\managedfiles\0.0.0.75\DATA\Sounds\Wwise\VO\en_US\Characters\XinZhao\Skins\Skin05\XinZhao_Skin05_VO_audio.wpk
[2016-02-13 18:58][2016-02-13 18:58] 0441613 ____A () F4D3752250576863E926985AAD600DF4 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_game_client_en_au\managedfiles\0.0.0.75\DATA\Sounds\Wwise\VO\en_US\Characters\XinZhao\Skins\Base\XinZhao_Base_VO_audio.bnk
[2016-02-13 18:58][2016-02-13 18:58] 0000032 ____A () 2E3D92C7A165838E0141356541E6E48A [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_game_client_en_au\managedfiles\0.0.0.75\DATA\Sounds\Wwise\VO\en_US\Characters\XinZhao\Skins\Base\XinZhao_Base_VO_audio.wpk
[2016-02-13 18:58][2016-02-13 18:58] 0470124 ____A () 2B3CF77096B8C7B9FBC93CB63B0AC6B4 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_game_client_en_au\managedfiles\0.0.0.148\DATA\Sounds\Wwise\VO\en_US\Characters\XinZhao\Skins\Skin05\XinZhao_Skin05_VO_events.bnk
[2016-02-13 18:58][2016-02-13 18:58] 0006765 ____A () 1EF833B42F269B9B16A550E107D028D0 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_game_client_en_au\managedfiles\0.0.0.148\DATA\Sounds\Wwise\VO\en_US\Characters\XinZhao\Skins\Base\XinZhao_Base_VO_events.bnk
[2016-02-13 18:58][2016-02-13 18:58] 0006768 ____A () D9B0C4B59368A05533B33A584AB9278C [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\mod\lsi\assets\championBanners\league_header_XINZHAO.jpg
[2016-02-13 18:50][2016-02-13 18:50] 0008532 ____A () 8A373E61A16DA7D0B7ED6589F7C6B7A4 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\tr_TR\champions\XinZhao.mp3
[2016-02-13 18:50][2016-02-13 18:50] 0011108 ____A () 2B8FD00D5B36031FC16C1FA110C5C2B6 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\ru_RU\Champions\XinZhao.mp3
[2016-02-13 18:50][2016-02-13 18:50] 0020352 ____A () F2CF9DDABE22B2C11FB253FB675B3ECD [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\ro_RO\Champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0025912 ____A () 6A9C3A4EC45FC9B05ED2901CAA415B14 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\pt_BR\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0018816 ____A () 80E3033FAB48B8810F99DBC8BC87BB7E [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\pl_PL\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0021732 ____A () 76938161E12965A0FC98273060192583 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\ko_KR\Champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0014209 ____A () 0725FE71997EE758DF20AA103EF7C3C8 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\ja_JP\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0046392 ____A () 112877190C9C281ACA3D5856D2D00920 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\it_IT\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0021943 ____A () C84E1F38512F7C6BFCCBD645E94C262C [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\hu_HU\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0020061 ____A () 31A6F36815094F78CDDDACDCE9CD6C8E [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\fr_FR\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0036361 ____A () 8699BFDE0EED03C30BC657A8033C1C8A [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\es_MX\Champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0035508 ____A () 5FD98E591CD60CB183EE8E69C256EAA0 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\es_ES\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0019643 ____A () E900ECA472DAD208D31451F9E3492627 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\es_AR\Champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0035508 ____A () 5FD98E591CD60CB183EE8E69C256EAA0 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\en_US\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0027812 ____A () E42E93614C564264334902BF17168697 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\el_GR\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0028022 ____A () E140180058363FE332370F5005FE0D38 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\de_DE\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0025076 ____A () BE67752D6DA0923D66426D24AAD9F468 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\sounds\cs_CZ\champions\XinZhao.mp3
[2016-02-13 18:49][2016-02-13 18:49] 0022465 ____A () 8225BF74491CB20039622DA518E9C867 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_0.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0063640 ____A () 935683124CD07AFDBDC4CB30E4FA0EE3 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_1.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0074389 ____A () 07D52640389DAC40B1863A2D274617EE [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_2.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0092911 ____A () DE2655455AEC9C1E64D1C1EB769F59AE [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_3.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0071237 ____A () E49EAF7B28A60E0C543F4669E1577747 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_4.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0066563 ____A () 9648DFE1E7C9E9CCBFC4493A79977430 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_5.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0106596 ____A () 5D4D05D1D7432D568F9F0D70AA5757F3 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_6.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0077486 ____A () 4CE61E500DB571A8F9C8EAD064C7F247 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_0.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0152507 ____A () 922229DD1C4EEDB2B55853A1904F607F [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_1.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0147845 ____A () 176D0498BDCBA79540721C2C7734F56A [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_2.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0287912 ____A () 121DABDB34270550BDF168A0EEEB6D03 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_3.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0210441 ____A () BE7A13A7BB495A4C753ADDC6F81252BD [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_4.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0179531 ____A () 20762DF4DDEDC4B1C89336C9E1E46A63 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_5.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0381875 ____A () C447F368B168B3E6323C6DB894D95AEA [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_6.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0311344 ____A () 3FEC633C0795898F6BEAA2E0F8A41899 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Centered_0.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0274516 ____A () C16EA1D6CD2D37F003E93741A28F6342 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Centered_1.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0272154 ____A () 8C91C16CB8781D5768F0E95382678E1A [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Centered_2.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0343813 ____A () 6DE0DD381F59DA142134503ABA1B088F [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Centered_3.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0245397 ____A () 1F032AFDF5739DBF8EBABC3B4F557EAD [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Centered_4.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0281064 ____A () 4FA980F2B64A149C23EFB863BE9656A1 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Centered_5.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0348731 ____A () 472F786756455B5D4A66C8C0176E9554 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Centered_6.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0316391 ____A () 09B9A6396DADAEC5507EC9BA961321BF [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Tile_0.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0135169 ____A () 919BB691B51483E64EED6C4A3F59D389 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Tile_1.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0129842 ____A () F330B74761B025FE10D1EEC789CFDD9E [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Tile_2.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0161008 ____A () 4DA8B5F36A92C35060E7F24DD4E6E05E [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Tile_3.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0125225 ____A () 73008E21DA4034ECA67ADBCB58606E0C [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Tile_4.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0126989 ____A () 97F9EB37BAD11E54A59D3182792F8933 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Tile_5.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0162712 ____A () BD246895A91DA5D390BC515FF237487E [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Splash_Tile_6.jpg
[2016-02-13 18:49][2016-02-13 18:49] 0144235 ____A () ABB1B7EEB4A5B05D0DFFEE65641F2B67 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\champions\XinZhao_Square_0.png
[2016-02-13 18:49][2016-02-13 18:49] 0020294 ____A () 75D75D3AD020A8C835E1E70AD4ADB354 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\ViktorChaosStorm.png
[2016-02-13 18:48][2016-02-13 18:48] 0008765 ____A () AD5B0DFBC08981E3E5147AED96378C7F [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XenZhao_BattleCry.png
[2016-02-13 18:48][2016-02-13 18:48] 0013275 ____A () E60766F3525DA98559A2C3E470017977 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XenZhao_Charge.png
[2016-02-13 18:48][2016-02-13 18:48] 0013086 ____A () 269C2AB703E0B395B015F15C477C0C8F [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XenZhao_CrescentSweepNew.png
[2016-02-13 18:48][2016-02-13 18:48] 0011618 ____A () AD76B78822392C9ADDC21260BAEFB4FA [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XenZhao_ThreeTalon.png
[2016-02-13 18:48][2016-02-13 18:48] 0011029 ____A () 2986A22DF6C642A8FB09BAF247A1CF42 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XenZhao_TirelessWarrior.png
[2016-02-13 18:48][2016-02-13 18:48] 0012142 ____A () E79B2AC964D40386BEB4F5BE8B74E85E [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XinZhao_BattleCry.png
[2016-02-13 18:48][2016-02-13 18:48] 0012731 ____A () 6507DB37018C9E34262FE05268C21D5D [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XinZhao_Charge.png
[2016-02-13 18:48][2016-02-13 18:48] 0010918 ____A () 9AFB4B77D5CDBC44C08FB2444C73B805 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XinZhao_CrescentSweep.png
[2016-02-13 18:48][2016-02-13 18:48] 0010738 ____A () 063DE1BE3F5E3041E37689696A1B061E [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XinZhao_ThreeTalon.png
[2016-02-13 18:48][2016-02-13 18:48] 0010794 ____A () 7E1469EAA4548A664138AB95CF4EFC58 [File not signed]

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.186\deploy\assets\images\abilities\XinZhao_TirelessWarrior.png
[2016-02-13 18:48][2016-02-13 18:48] 0010633 ____A () 2BFAE407BAE8C7BA573D3E7DDADEF22E [File not signed]

C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - age of shading chaos.milk
[2009-04-29 09:18][2009-04-29 09:18] 0017167 ____A () 979CEC1761B2A985887CA52B9D27FE73 [File not signed]

C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - gold plated maelstrom of chaos [mirrorized].milk
[2009-04-29 09:18][2009-04-29 09:18] 0013726 ____A () 61734B10FD74AF082F313E47FA1246FE [File not signed]

C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Flexi - gold plated maelstrom of chaos.milk
[2009-04-29 09:18][2009-04-29 09:18] 0012266 ____A () 04669133D4F0EA548EAE8D4F8EB92F4D [File not signed]

C:\Program Files (x86)\Winamp\Plugins\Milkdrop2\presets\Rovastar - Harlequin's & Jester's Dual Delight (Chaotic Nightmare Mix).milk
[2009-04-29 09:18][2009-04-29 09:18] 0004159 ____A () CF3D3B7A5DAC2C5FF9DE023848C7EF47 [File not signed]

====== End of Search ======


Edited by itsdave, 23 February 2016 - 04:07 AM.

  • 0

Advertisements


#47
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

The EmptyTemp: commands on the other Fixlists and the Zoek clean 'should' have removed this but it my be locked by permissions and not removed regularly.


Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
Unlock: C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VTTVXRF\www.hao123.com
C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VTTVXRF\www.hao123.com
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Let's see what this does for us ....
  • 0

#48
itsdave

itsdave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Well at least the folder's gone.. Not sure if the multiple firefox shortcuts might still exist (even though I don't see them)

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by David (2016-02-24 17:43:02) Run:3
Running from D:\Users\user\Desktop
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Unlock: C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VTTVXRF\www.hao123.com
C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VTTVXRF\www.hao123.com
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VTTVXRF\www.hao123.com" => was unlocked
C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5VTTVXRF\www.hao123.com => moved successfully
EmptyTemp: => 514.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:43:08 ====


  • 0

#49
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

This time we are going to try another approach with uninstalling and re-installing Firefox. We need to remove your Firefox profile data and settings. Before we do this we want to backup your bookmarks.

To back up your bookmarks:

In Firefox click the Bookmarks button Show All Bookmarks (likely down the bottom) > click Import and Backup(toolbar along the top) > Export HTML...  and save it to your desktop.

Later when you re-install FF you can reverse the process and Import HTML... when the Wizard comes up just import the HTML file you had saved earlier.

Now

Please go to Uninstall Firefox and follow the instructions for uninstalling Firefox. Make sure you check the box to Remove my Firefox personal data and
customizations
.

After that reinstall Firefox.

Note: If you do not have the Firefox Installer on your machine you will need to download it from here.
 


  • 0

#50
itsdave

itsdave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Booted up my PC and it seemed to have put the hao123 string back in again..

 

Uninstalled Firefox.

 

Reinstalled Firefox.

 

Will have to see what happens tomorrow.


  • 0

#51
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

How is this system connected to the network?  Wired (as in ethernet cable) or wireless?


  • 0

#52
itsdave

itsdave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Wired via ethernet cable

 

edit: Just booted PC up. Problem still persists..


Edited by itsdave, 25 February 2016 - 10:55 PM.

  • 0

#53
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

What brand and model of router / modem do you use?  The next step would be to reset the router and change the password in the router.


  • 0

#54
itsdave

itsdave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

HG659b.

 

What do you mean by reset the router?


  • 0

#55
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Sometimes, in cases like this, the router has been  compromised and allows unwanted data to pass to the user's system.  Resetting the router back to starting defaults clears all custom configurations out of the router and returns it to the OEM / ISP default settings.  I have found several manuals online for that particular model router (very nice router, by the way); if you tell me who your ISP is I can make sure we get the proper directions and steps for this routine.


  • 0

Advertisements


#56
itsdave

itsdave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

As much as I trust your knowledge on this topic, I would like to respectfully decline naming my ISP for privacy reasons and I do apologize. However, I can contact my ISP and ask for instructions on this matter.

 

Aside from that, are there any other methods?


  • 0

#57
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

As much as I trust your knowledge on this topic, I would like to respectfully decline naming my ISP for privacy reasons and I do apologize. However, I can contact my ISP and ask for instructions on this matter.

 

Aside from that, are there any other methods?

Asking your ISP would be fine and I do understand the privacy concern (I have no problem with that).  The reset is actually very easy; there is a small hole on the back of the router that you insert a pin or straightened paperclip into and depress the switch inside for about 10 seconds.  This pretty much the same on all routers and ISP situations; its what you have to do afterwards that changes based on the ISP.


  • 0

#58
itsdave

itsdave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I've just followed the modem's manual and did a factory reset via the modem interface and re-configured the admin password. As far as I'm concerned that's all I need to configure after the factory reset right?


  • 0

#59
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

You are correct (since you can connect to the web).  Let's see if the link gets added after this reset.


  • 0

#60
itsdave

itsdave

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Booted up PC. Still no luck..


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP