Check my HJT Log?

[Quintus]

------------
Hi,

Please be patient as I analyze your log for any infections present on your system. If found, I will present you the proper removal instructions for disinfecting your system.

Please do not create any new threads on this while we are working on your system, as it wastes another volunteer's time. Also, while we are working on this system, I'd appreciate it if you do not install any new software, as it may hinder our process.

Thanks for your patience.
------------

• Pre-Step
  
  Click here to download ATF-Cleaner by Atribune. Save it to your desktop.
  
  • Double-click ATF-Cleaner.exe to run it.
    
  • Under 'Main' check the 'Select All' box.
    
  • Press the 'Empty Selected' button.
    • If you use Firefox browser:
      • Click Firefox at the top and then check the 'Select All' box.
        
      • Press the 'Empty Selected' button.
        
      • Note: If you wish to keep your saved passwords, click No at the prompt.
  • • If you use Opera browser:
      • Click Opera at the top and then check the 'Select All' box.
        
      • Press the 'Empty Selected' button.
        
      • Note: If you wish to keep your saved passwords, click No at the prompt.
  • Click 'Exit' on the Main menu to close the program.

------------

• Step 1
  
  Please run HijackThis, click Do a system scan only, and place a check next to the following line(s) if present:
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  F2 - REGystem.ini: Shell=NoriHF.exe
  O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O15 - Trusted IP range: http://89.185.204.1
  O15 - ESC Trusted IP range: http://89.185.204.1
  
  Then, close all other open windows and click Fix Checked. Reboot.

------------

• Step 2
  
  Please download Malwarebytes' AntiMalware.
  
  Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    
  • If an update is found, it will download and install the latest version.
    
  • Once the program has loaded, select Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
    
  • When the scan is complete, click OK, then Show Results to view the results.
    
  • Make sure that everything is checked, and click Remove Selected.
    
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
    
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    
  • Copy and paste the entire report in your next reply.

------------

• Step 3
  
  Download DDS.scr by sUBs from one of the following links & save it to your desktop.
  Link 1
  Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
    
  • Shortly after two logs will appear, DDS.txt & Attach.txt
    
  • A window will open instructing you save & post the logs
    
  • Save the logs to a convenient place such as your desktop
    
  • Copy the contents of both logs & post in your next reply

------------

• Step 4
  
  Do you recognize this file? If not, navigate to the below location and delete it.
  
  

  C:\WINDOWS\NoriHF.exe

------------

• In your next post, please provide the following:
  • A Fresh HJT Log
    
  • DDS Log (with Attach.txt)
    
  • MBAM Log

------------

• Queries:
  • Any issues?

------------