Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with Malware.. Cannot Get Rid of Conduit Search

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 26th, 2014, 1:56 am

Hello, I will try to get this done tomorrow. Please do not close thread :)
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm
Advertisement
Register to Remove

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » January 28th, 2014, 10:05 am

Hi reddog1992000,
Please try not to take too long. This is a training site and we do have time constraints.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 28th, 2014, 5:19 pm

okay thank you!
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » January 29th, 2014, 10:32 am

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ec0e3206635bf740a726dbc79ef62619
# engine=16334
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-19 10:02:17
# local_time=2013-12-19 02:02:17 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 84 396948 163282409 0 0
# compatibility_mode=1036 16777214 0 1 54224975 57248214 0 0
# compatibility_mode=5893 16776573 100 94 0 139035328 0 0
# scanned=231962
# found=51
# cleaned=0
# scan_time=3841
sh=2AE2B85B9F258314B7DC62FE09EF380450ABA1A7 ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BetterSurf\ff\chrome\content\inject.js.vir"
sh=7C8C0BABDA580CD12C5EECEFAABAF6F69FDFB1D0 ft=1 fh=3be645d3f046ebc1 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=E41CB77F05AC09FD043C87713F021A23F4D3E711 ft=1 fh=9738875192f0e4ed vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\SPMSmartScan.exe.vir"
sh=CB7B727EE3EAAC6218A9045424B70546A0B57713 ft=1 fh=9ff3f1941cc61e31 vn="a variant of Win32/Toolbar.CrossRider.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vid-Saver\Uninstall.exe.vir"
sh=4C88FA6E461B934AB103D957721F5E4577F78072 ft=1 fh=0858c484bea418b6 vn="Win32/Toolbar.CrossRider application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vid-Saver\Vid-Saver.dll.vir"
sh=5AB708C6E0B88A55C47ACE113C6A37FF7BD49D03 ft=1 fh=b26905bde1ad7b4d vn="a variant of Win32/Toolbar.CrossRider.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vid-Saver\Vid-Saver.exe.vir"
sh=04598C8A47CCB4CD9BDA789A584415950E8AF44A ft=1 fh=44d610bcd5022f05 vn="a variant of Win32/Toolbar.CrossRider.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vid-Saver\Vid-SaverGui.exe.vir"
sh=5576FAF2DB1B0B1D7F395BBC7DC61BF70430E2F8 ft=1 fh=5ee69de9dd0b2c20 vn="Win32/AdWare.Yontoo.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebCake\WebCakeDesktop.Updater.exe.vir"
sh=9EE13DEA095B7F17B269AA5A6A34134620E44280 ft=1 fh=5e9789f62011af9f vn="probably a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebCake\WebCakeIEClient.dll.vir"
sh=529F1CB730B133C2264E3451DCCC7DEEB179C135 ft=1 fh=2c963b952ca2f278 vn="probably a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir"
sh=D2E949C82DD40ECB2C63F6114E449B103608B36B ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\inject.js.vir"
sh=04FF0E5E9BE75296E4AE6A7F62CECE6B5101E9D6 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\back.js.vir"
sh=AF3552E4C79378CD1937F607A759BA478BB30A42 ft=1 fh=3df6c3955d9df7af vn="a variant of Win32/Amonetize.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\SwvUpdater\Updater.exe.vir"
sh=52FF6A497D3A36C0826EB41E231CB5CB01D865FD ft=1 fh=261b3b6707f1baae vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Desktop.OS.dll.vir"
sh=F2E800B358F190D46A9EB6E97CBB8A668C725325 ft=1 fh=1c6ef137a00e9d3b vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Dora.dat.vir"
sh=8812EB38B5309986AD72944D63E43BC4E66AB742 ft=1 fh=56778b77f2114d57 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Maintain.dat.vir"
sh=B6E6DC1299626FD44E248266659E3D4FF235B415 ft=1 fh=aa3f7b066006d5dc vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Paladin.dat.vir"
sh=143A8D06E36495B062714306C96818D0DD17559E ft=1 fh=2cec664552f410f7 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Phoenix.dat.vir"
sh=C7759E1F0D3AD2530280372D806703390469B07C ft=1 fh=930db3a9eb64adf6 vn="MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\WebCakeDesktop.exe.vir"
sh=083578D20F8CC3E69880AFE4FB7DA7A914749F7F ft=1 fh=c4e2fe7cd871b525 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=769727FD17408B4FB051A5062DAE6C45EFDE7288 ft=1 fh=f7eaf69907b5b1c6 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=2AF8150928CCC31899713D599A861EC501733BDB ft=1 fh=0d8733f049583d0f vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Maintain.dat.vir"
sh=1CD330953E443B78B91ED9F5FD3E5A4A2016ACEF ft=1 fh=a77d7df660e618ca vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=143A8D06E36495B062714306C96818D0DD17559E ft=1 fh=2cec664552f410f7 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir"
sh=3974AF6435D0019AA8C84BE925611F9287976CC4 ft=1 fh=8821c6c28bcd590e vn="MSIL/WebCake.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\WebCake\WebCakeDesktop.exe.vir"
sh=42E379BFED20E064EBBC9E6531D66AEC786A5EAF ft=1 fh=a202d4e343e2b6bc vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\WebCake\dat\Desktop.OS.dll.vir"
sh=40BF3E2590407AAA3C6F64D95897AFDAC0714415 ft=1 fh=9f2ca99ed7c42045 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\WebCake\dat\Maintain.dat.vir"
sh=73CA8D583BE312B86714AB1C0062F8C6310552D0 ft=1 fh=7c8304ecb2bb93d2 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\WebCake\dat\Phoenix.dat.vir"
sh=60DA5B855DC56B0C2B57195B2DEB648DF1390BE0 ft=1 fh=0a9e27141d79a4fd vn="a variant of Win32/Toolbar.MyWebSearch.O application" ac=I fn="C:\Users\Bertha\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\0014C042.exe"
sh=427EBFD216B66AE77FF460F0BA36267C1D46DE71 ft=1 fh=b84e9e26347b9408 vn="a variant of Win32/Bundled.Toolbar.Ask.E application" ac=I fn="C:\Users\Bertha\Documents\APNSetup.exe"
sh=B4E9BD08DE819E5E008435E66C46BDBE186899FE ft=1 fh=ff821d4b2b857a91 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\Bertha\Downloads\Pandora's_Box_Setup (1).exe"
sh=CEBF9192B1B7F730BF6A5A1B282E2A656F98FCA9 ft=1 fh=e80b8b5289f0e6f8 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\Bertha\Downloads\Pandora's_Box_Setup.exe"
sh=92BA52E75CE59AE54608AD03BEC9B61E452E9624 ft=1 fh=ffaabf3f2a932c95 vn="a variant of Win32/InstallCore.FJ application" ac=I fn="C:\Users\Bertha\Downloads\Setup.exe"
sh=C3D63A902600D579730855515A8A0F4222B853B8 ft=1 fh=1c70e4fc6ba9104a vn="Win32/Toolbar.CrossRider.C application" ac=I fn="C:\Users\Bertha\Downloads\update (1).exe"
sh=C3D63A902600D579730855515A8A0F4222B853B8 ft=1 fh=1c70e4fc6ba9104a vn="Win32/Toolbar.CrossRider.C application" ac=I fn="C:\Users\Bertha\Downloads\update (2).exe"
sh=C3D63A902600D579730855515A8A0F4222B853B8 ft=1 fh=1c70e4fc6ba9104a vn="Win32/Toolbar.CrossRider.C application" ac=I fn="C:\Users\Bertha\Downloads\update.exe"
sh=8C0A42D9334A9132FAD270CAA9C51791012B7A2D ft=0 fh=0000000000000000 vn="JS/Iframe.CV trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AA0NYOL\index[1].htm"
sh=8C0A42D9334A9132FAD270CAA9C51791012B7A2D ft=0 fh=0000000000000000 vn="JS/Iframe.CV trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3SDWNGZF\index[1].htm"
sh=42933A17D871A9542FE61D9F3D75A34FCD0EFE3A ft=0 fh=0000000000000000 vn="JS/Iframe.CV trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6URLTW6N\foodoscope[1].txt"
sh=06B401B5AF96F0BA6E35355C1AFF6F23F886BC22 ft=0 fh=0000000000000000 vn="JS/Kryptik.KP.Gen trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD3JEY17\opentraff[1].htm"
sh=E8755BE376AA4D36502757A95AF7B59ED1BE0CF6 ft=1 fh=0e02aadedf81cef7 vn="a variant of Win32/Kryptik.AAJL trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5badeab2-640a58c0"
sh=773EBDB90C368D5D5A9233D95EA964AA14B29912 ft=1 fh=c69340a333f8f527 vn="a variant of Win32/Kryptik.AAJL trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5249dcf6-414695ef"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jdatact.dll"
sh=91434EB0C345139654B34C6D76531FA3B5F0DC00 ft=1 fh=7c9caf43afc84ef8 vn="probably a variant of Win32/Toolbar.MyWebSearch.F application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jhtml.dll"
sh=53F3044159FFCF82C746898941DBE3DC2AC9A24C ft=1 fh=09fa8c8598e549f8 vn="probably a variant of Win32/Toolbar.MyWebSearch.B application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jhtmlmu.dll"
sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jimpipe.exe"
sh=58B593186C002382ADB9B3DDB26B1BF82334D6F5 ft=1 fh=f239900cf795b2ca vn="a variant of Win32/Toolbar.MyWebSearch application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jPlugin.dll"
sh=D3675555EF2FD6E5D4D9646D3261FEA127B53BE8 ft=1 fh=3b9115a04da07c31 vn="a variant of Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jreghk.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jskin.dll"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jskplay.exe"
sh=C64E6BD482AB969CDE31A2320317AC02D774BF27 ft=1 fh=d35a95edb5861546 vn="Win32/Toolbar.MyWebSearch.T application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ec0e3206635bf740a726dbc79ef62619
# engine=16841
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-29 10:38:22
# local_time=2014-01-29 02:38:22 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 84 3898313 166783774 0 0
# compatibility_mode=1036 16777214 0 1 57726340 60749579 0 0
# compatibility_mode=5893 16776573 100 94 0 142536693 0 0
# scanned=244730
# found=58
# cleaned=0
# scan_time=4044
sh=CFFC845571D923BB4B9E2255E1EC2EC12F2D4BAC ft=1 fh=82db119a02af1adb vn="a variant of Win32/24x7Help.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\24x7Help\App24x7Help.exe.vir"
sh=B8AD6F480A1C595A89E2ACDB5B69C2BF34CE673D ft=1 fh=d583dfe6c6f791be vn="Win32/24x7Help.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\24x7Help\App24x7Hook.dll.vir"
sh=96069DE965CB6A05994C43F5D7FD90C0127F91CD ft=1 fh=493b4c13216377ab vn="Win32/24x7Help.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\24x7Help\App24x7Hook.exe.vir"
sh=F879FD659F39F4B6B0851797A9ED51794AD12162 ft=1 fh=8ac1a0586742c8d5 vn="Win32/24x7Help.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\24x7Help\App24x7Svc.exe.vir"
sh=2AE2B85B9F258314B7DC62FE09EF380450ABA1A7 ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\BetterSurf\ff\chrome\content\inject.js.vir"
sh=7C8C0BABDA580CD12C5EECEFAABAF6F69FDFB1D0 ft=1 fh=3be645d3f046ebc1 vn="a variant of Win32/SpeedingUpMyPC application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=E41CB77F05AC09FD043C87713F021A23F4D3E711 ft=1 fh=9738875192f0e4ed vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\SPMSmartScan.exe.vir"
sh=CB7B727EE3EAAC6218A9045424B70546A0B57713 ft=1 fh=9ff3f1941cc61e31 vn="a variant of Win32/Toolbar.CrossRider.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vid-Saver\Uninstall.exe.vir"
sh=4C88FA6E461B934AB103D957721F5E4577F78072 ft=1 fh=0858c484bea418b6 vn="Win32/Toolbar.CrossRider application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vid-Saver\Vid-Saver.dll.vir"
sh=5AB708C6E0B88A55C47ACE113C6A37FF7BD49D03 ft=1 fh=b26905bde1ad7b4d vn="a variant of Win32/Toolbar.CrossRider.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vid-Saver\Vid-Saver.exe.vir"
sh=04598C8A47CCB4CD9BDA789A584415950E8AF44A ft=1 fh=44d610bcd5022f05 vn="a variant of Win32/Toolbar.CrossRider.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vid-Saver\Vid-SaverGui.exe.vir"
sh=5576FAF2DB1B0B1D7F395BBC7DC61BF70430E2F8 ft=1 fh=5ee69de9dd0b2c20 vn="Win32/AdWare.Yontoo.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebCake\WebCakeDesktop.Updater.exe.vir"
sh=9EE13DEA095B7F17B269AA5A6A34134620E44280 ft=1 fh=5e9789f62011af9f vn="probably a variant of Win32/Adware.Yontoo.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\WebCake\WebCakeIEClient.dll.vir"
sh=529F1CB730B133C2264E3451DCCC7DEEB179C135 ft=1 fh=2c963b952ca2f278 vn="probably a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir"
sh=D2E949C82DD40ECB2C63F6114E449B103608B36B ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap\1.0_0\inject.js.vir"
sh=04FF0E5E9BE75296E4AE6A7F62CECE6B5101E9D6 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\back.js.vir"
sh=AF3552E4C79378CD1937F607A759BA478BB30A42 ft=1 fh=3df6c3955d9df7af vn="a variant of Win32/Amonetize.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Local\SwvUpdater\Updater.exe.vir"
sh=52FF6A497D3A36C0826EB41E231CB5CB01D865FD ft=1 fh=261b3b6707f1baae vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Desktop.OS.dll.vir"
sh=F2E800B358F190D46A9EB6E97CBB8A668C725325 ft=1 fh=1c6ef137a00e9d3b vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Dora.dat.vir"
sh=8812EB38B5309986AD72944D63E43BC4E66AB742 ft=1 fh=56778b77f2114d57 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Maintain.dat.vir"
sh=B6E6DC1299626FD44E248266659E3D4FF235B415 ft=1 fh=aa3f7b066006d5dc vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Paladin.dat.vir"
sh=143A8D06E36495B062714306C96818D0DD17559E ft=1 fh=2cec664552f410f7 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Betcat\dat\Phoenix.dat.vir"
sh=C7759E1F0D3AD2530280372D806703390469B07C ft=1 fh=930db3a9eb64adf6 vn="MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\WebCakeDesktop.exe.vir"
sh=083578D20F8CC3E69880AFE4FB7DA7A914749F7F ft=1 fh=c4e2fe7cd871b525 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir"
sh=769727FD17408B4FB051A5062DAE6C45EFDE7288 ft=1 fh=f7eaf69907b5b1c6 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Dora.dat.vir"
sh=2AF8150928CCC31899713D599A861EC501733BDB ft=1 fh=0d8733f049583d0f vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Maintain.dat.vir"
sh=1CD330953E443B78B91ED9F5FD3E5A4A2016ACEF ft=1 fh=a77d7df660e618ca vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Paladin.dat.vir"
sh=143A8D06E36495B062714306C96818D0DD17559E ft=1 fh=2cec664552f410f7 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir"
sh=3974AF6435D0019AA8C84BE925611F9287976CC4 ft=1 fh=8821c6c28bcd590e vn="MSIL/WebCake.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\WebCake\WebCakeDesktop.exe.vir"
sh=42E379BFED20E064EBBC9E6531D66AEC786A5EAF ft=1 fh=a202d4e343e2b6bc vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\WebCake\dat\Desktop.OS.dll.vir"
sh=40BF3E2590407AAA3C6F64D95897AFDAC0714415 ft=1 fh=9f2ca99ed7c42045 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\WebCake\dat\Maintain.dat.vir"
sh=73CA8D583BE312B86714AB1C0062F8C6310552D0 ft=1 fh=7c8304ecb2bb93d2 vn="a variant of MSIL/WebCake.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Bertha\AppData\Roaming\WebCake\dat\Phoenix.dat.vir"
sh=427EBFD216B66AE77FF460F0BA36267C1D46DE71 ft=1 fh=b84e9e26347b9408 vn="a variant of Win32/Bundled.Toolbar.Ask.E application" ac=I fn="C:\Users\Bertha\Documents\APNSetup.exe"
sh=B4E9BD08DE819E5E008435E66C46BDBE186899FE ft=1 fh=ff821d4b2b857a91 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\Bertha\Downloads\Pandora's_Box_Setup (1).exe"
sh=CEBF9192B1B7F730BF6A5A1B282E2A656F98FCA9 ft=1 fh=e80b8b5289f0e6f8 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\Bertha\Downloads\Pandora's_Box_Setup.exe"
sh=92BA52E75CE59AE54608AD03BEC9B61E452E9624 ft=1 fh=ffaabf3f2a932c95 vn="a variant of Win32/InstallCore.FJ application" ac=I fn="C:\Users\Bertha\Downloads\Setup.exe"
sh=C3D63A902600D579730855515A8A0F4222B853B8 ft=1 fh=1c70e4fc6ba9104a vn="Win32/Toolbar.CrossRider.C application" ac=I fn="C:\Users\Bertha\Downloads\update (1).exe"
sh=C3D63A902600D579730855515A8A0F4222B853B8 ft=1 fh=1c70e4fc6ba9104a vn="Win32/Toolbar.CrossRider.C application" ac=I fn="C:\Users\Bertha\Downloads\update (2).exe"
sh=C3D63A902600D579730855515A8A0F4222B853B8 ft=1 fh=1c70e4fc6ba9104a vn="Win32/Toolbar.CrossRider.C application" ac=I fn="C:\Users\Bertha\Downloads\update.exe"
sh=8EA22DD50E7A4A6CD87BDD987BDCA82D1DA7F764 ft=1 fh=c71c00118981eb73 vn="a variant of Win32/InstallCore.GZ application" ac=I fn="C:\Users\Bertha\Downloads\ZipOpenerSetup.exe"
sh=373AD1485924193C6AAEC83293DC4D41FBBB5B03 ft=1 fh=efca26f8c77d3d10 vn="a variant of Win32/Bundled.Toolbar.Ask.F application" ac=I fn="C:\Windows\Installer\MSI5E0F.tmp"
sh=373AD1485924193C6AAEC83293DC4D41FBBB5B03 ft=1 fh=efca26f8c77d3d10 vn="a variant of Win32/Bundled.Toolbar.Ask.F application" ac=I fn="C:\Windows\Installer\MSI8B30.tmp"
sh=373AD1485924193C6AAEC83293DC4D41FBBB5B03 ft=1 fh=efca26f8c77d3d10 vn="a variant of Win32/Bundled.Toolbar.Ask.F application" ac=I fn="C:\Windows\Installer\MSIFAD6.tmp"
sh=8C0A42D9334A9132FAD270CAA9C51791012B7A2D ft=0 fh=0000000000000000 vn="JS/Iframe.CV trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AA0NYOL\index[1].htm"
sh=8C0A42D9334A9132FAD270CAA9C51791012B7A2D ft=0 fh=0000000000000000 vn="JS/Iframe.CV trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3SDWNGZF\index[1].htm"
sh=42933A17D871A9542FE61D9F3D75A34FCD0EFE3A ft=0 fh=0000000000000000 vn="JS/Iframe.CV trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6URLTW6N\foodoscope[1].txt"
sh=06B401B5AF96F0BA6E35355C1AFF6F23F886BC22 ft=0 fh=0000000000000000 vn="JS/Kryptik.KP.Gen trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD3JEY17\opentraff[1].htm"
sh=E8755BE376AA4D36502757A95AF7B59ED1BE0CF6 ft=1 fh=0e02aadedf81cef7 vn="a variant of Win32/Kryptik.AAJL trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5badeab2-640a58c0"
sh=773EBDB90C368D5D5A9233D95EA964AA14B29912 ft=1 fh=c69340a333f8f527 vn="a variant of Win32/Kryptik.AAJL trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5249dcf6-414695ef"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jdatact.dll"
sh=91434EB0C345139654B34C6D76531FA3B5F0DC00 ft=1 fh=7c9caf43afc84ef8 vn="probably a variant of Win32/Toolbar.MyWebSearch.F application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jhtml.dll"
sh=53F3044159FFCF82C746898941DBE3DC2AC9A24C ft=1 fh=09fa8c8598e549f8 vn="probably a variant of Win32/Toolbar.MyWebSearch.B application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jhtmlmu.dll"
sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jimpipe.exe"
sh=58B593186C002382ADB9B3DDB26B1BF82334D6F5 ft=1 fh=f239900cf795b2ca vn="a variant of Win32/Toolbar.MyWebSearch application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jPlugin.dll"
sh=D3675555EF2FD6E5D4D9646D3261FEA127B53BE8 ft=1 fh=3b9115a04da07c31 vn="a variant of Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jreghk.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jskin.dll"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\2jskplay.exe"
sh=C64E6BD482AB969CDE31A2320317AC02D774BF27 ft=1 fh=d35a95edb5861546 vn="Win32/Toolbar.MyWebSearch.T application" ac=I fn="C:\_OTL\MovedFiles\12182013_103803\C_Program Files\RecipeHub_2j\bar\1.bin\NP2jStub.dll"
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » February 1st, 2014, 12:42 am

Hi reddog1992000,


Step 1.
Run OTL Fix
We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Click on the "Select ALL" link. Rt mouse click - Copy then Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Files
    C:\Users\Bertha\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\0014C042.exe
    C:\Users\Bertha\Documents\APNSetup.exe
    C:\Users\Bertha\Downloads\Pandora's_Box_Setup (1).exe
    C:\Users\Bertha\Downloads\Pandora's_Box_Setup.exe
    C:\Users\Bertha\Downloads\Setup.exe
    C:\Users\Bertha\Downloads\update (1).exe
    C:\Users\Bertha\Downloads\update (2).exe
    C:\Users\Bertha\Downloads\update.exe
    C:\Users\Bertha\Downloads\ZipOpenerSetup.exe
    C:\Windows\Installer\MSI5E0F.tmp
    C:\Windows\Installer\MSI8B30.tmp
    C:\Windows\Installer\MSIFAD6.tmp
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AA0NYOL\index[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3SDWNGZF\index[1].htm
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6URLTW6N\foodoscope[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD3JEY17\opentraff[1].htm
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5badeab2-640a58c0
    C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5249dcf6-414695ef
    
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.




Step 2.
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe and select " Run as administrator " to run it. If prompted by the UAC, allow it to run.
  • Follow the prompts and at the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Uncheck Enable free trial of Malwarebytes Anti-malware PRO (You can activate this when we've finished, if you wish)
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » February 3rd, 2014, 3:24 am

I will get the OTL log posted in the morning.
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » February 3rd, 2014, 12:21 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\Bertha\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\0014C042.exe not found.
C:\Users\Bertha\Documents\APNSetup.exe moved successfully.
C:\Users\Bertha\Downloads\Pandora's_Box_Setup (1).exe moved successfully.
C:\Users\Bertha\Downloads\Pandora's_Box_Setup.exe moved successfully.
C:\Users\Bertha\Downloads\Setup.exe moved successfully.
C:\Users\Bertha\Downloads\update (1).exe moved successfully.
C:\Users\Bertha\Downloads\update (2).exe moved successfully.
C:\Users\Bertha\Downloads\update.exe moved successfully.
C:\Users\Bertha\Downloads\ZipOpenerSetup.exe moved successfully.
C:\Windows\Installer\MSI5E0F.tmp moved successfully.
C:\Windows\Installer\MSI8B30.tmp moved successfully.
C:\Windows\Installer\MSIFAD6.tmp moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AA0NYOL\index[1].htm moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3SDWNGZF\index[1].htm moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6URLTW6N\foodoscope[1].txt moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD3JEY17\opentraff[1].htm moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5badeab2-640a58c0 moved successfully.
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5249dcf6-414695ef moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Bertha
->Temp folder emptied: 2329944 bytes
->Temporary Internet Files folder emptied: 243675530 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 139608397 bytes
->Flash cache emptied: 5124 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37742 bytes
RecycleBin emptied: 1869662 bytes

Total Files Cleaned = 370.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02022014_124242

Files\Folders moved on Reboot...
C:\Users\Bertha\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » February 4th, 2014, 11:18 am

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.03.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
Bertha :: BERTHA-PC [administrator]

02/03/2014 3:25:21 PM
mbam-log-2014-02-03 (15-25-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242900
Time elapsed: 10 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 17
HKCR\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.Optional.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.Optional.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D9E1ADC-7DB1-4EAF-B6C7-7E062074E6BE} (PUP.Optional.BlekkoSearchBar) -> Quarantined and deleted successfully.
HKCR\CLSID\{AF808758-C780-404C-A4EE-4526323FD9B6} (PUP.Optional.RebateInformer.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039} (PUP.Optional.RebateInformer.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039} (PUP.Optional.RebateInformer.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039} (PUP.Optional.RebateInformer.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} (PUP.Optional.RebateInformer.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} (PUP.Optional.InboxToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\PCPOWERSPEED (PUP.Optional.PCPowerSpeed.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\REBATE INFORMER (PUP.Optional.RebateInformer.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\PCPOWERSPEED (PUP.Optional.PCPowerSpeed.A) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\Software\PCPowerSpeed|LAST_CMS_UPDATE (PUP.Optional.PCPowerSpeed.A) -> Data: €i´Vä@ -> Quarantined and deleted successfully.
HKCU\Software\Rebate Informer|CookieFF (PUP.Optional.RebateInformer.A) -> Data: X4NhmpJ_b33wPG8a0I8NlWe9sZSu3f7grjs8fMftMV6mqprd00tLpON4FBnptd15DFeX8wCJlTxv-bJDoLSlcN9PKdK82bZjkZZZrec8bHHeMHE2j6yNVJXNG359nVeBOnS9AgxsFcxVx4Fc_Svak9jiOwTbWxTjRRj-O1ze4N7Sc0O7sZ-8hwyiLsKpGTHBp-PEBdb9HcHgpK4HCYIbCU2n23_6JHLabg@@ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\PCPowerSpeed|PHONE_NUMBER (PUP.Optional.PCPowerSpeed.A) -> Data: 1-866-802-9697 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » February 5th, 2014, 12:20 am

Hi reddog1992000,

How is the computer running?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby reddog1992000 » February 5th, 2014, 10:35 am

Really good I am having no obvious issues at this time.
reddog1992000
Regular Member
 
Posts: 37
Joined: December 13th, 2013, 3:57 pm

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby wannabeageek » February 9th, 2014, 12:28 am

Hi reddog1992000,

Your latest set of logs appear to be clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL
  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Remove all used tools not removed by OTL if they remain on your desktop.
OTL
AdwCleaner
DDS
JRT
SystemLook


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Need help with Malware.. Cannot Get Rid of Conduit Searc

Unread postby Cypher » February 12th, 2014, 11:22 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware