Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit Annoyance


  • Please log in to reply
6 replies to this topic

#1 tmaik2000

tmaik2000

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 22 December 2013 - 10:19 PM

I was searching for a way to rid my computer of remnants of a Conduit toolbar that found its way onto my laptop, and I found someone else who was experiencing the same problem.  I am following instructions given to that person by noknojon, downloading recommended programs and running scans.

 

I will post the requested results here:

 

   Results of screen317's Security Check version 0.99.77 
   x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2014  
Windows Defender                 
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0   
 Spybot - Search & Destroy
 Eusing Free Registry Cleaner 
 Adobe Reader 10.1.8 Adobe Reader out of Date! 
 Google Chrome 31.0.1650.57 
 Google Chrome 31.0.1650.63 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by Terry (administrator) on 22-12-2013 at 21:54:59
Running from "C:\Users\Terry\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Qualcomm Atheros AR9485 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : pooh
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-71-D9-5E-FF-E4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-D0-2B-44-E2-47
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 Wireless Network Adapter
   Physical Address. . . . . . . . . : 6C-71-D9-5E-FF-E4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::680f:f6ed:306c:3b91%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, December 22, 2013 4:55:03 PM
   Lease Expires . . . . . . . . . . : Monday, December 23, 2013 9:33:35 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 258765273
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-DB-11-86-6C-71-D9-5E-FF-E4
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E29BAD95-E406-4B88-B660-0026DA9D6D4E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:34b3:2b26:b34b:d0ac(Preferred)
   Link-local IPv6 Address . . . . . : fe80::34b3:2b26:b34b:d0ac%17(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4009:807::1001
   173.194.46.101
   173.194.46.102
   173.194.46.103
   173.194.46.104
   173.194.46.105
   173.194.46.110
   173.194.46.96
   173.194.46.97
   173.194.46.98
   173.194.46.99
   173.194.46.100

Pinging google.com [173.194.46.102] with 32 bytes of data:
Reply from 173.194.46.102: bytes=32 time=28ms TTL=53
Reply from 173.194.46.102: bytes=32 time=30ms TTL=53

Ping statistics for 173.194.46.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 30ms, Average = 29ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.139.183.24
   206.190.36.45
   98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=86ms TTL=44
Reply from 206.190.36.45: bytes=32 time=105ms TTL=44

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 86ms, Maximum = 105ms, Average = 95ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...1e 71 d9 5e ff e4 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...74 d0 2b 44 e2 47 ......Realtek PCIe GBE Family Controller
 12...6c 71 d9 5e ff e4 ......Qualcomm Atheros AR9485 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 17    306 2001::/32                On-link
 17    306 2001:0:5ef5:79fb:34b3:2b26:b34b:d0ac/128
                                    On-link
 12    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::34b3:2b26:b34b:d0ac/128
                                    On-link
 12    281 fe80::680f:f6ed:306c:3b91/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/22/2013 04:47:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: POOH)
Description: Activation of app DefaultBrowser_NOPUBLISHERID!Microsoft.Windows.Desktop failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/22/2013 04:45:45 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/22/2013 04:44:13 PM) (Source: Application Hang) (User: )
Description: The program PsUP.exe version 1.150.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9ec

Start Time: 01ceff5e8776b5e1

Termination Time: 0

Application Path: C:\Program Files (x86)\PassShow\PsUP.exe

Report Id: 23eb1ac7-6b52-11e3-be8c-74d02b44e247

Faulting package full name:

Faulting package-relative application ID:

Error: (12/22/2013 04:41:07 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/22/2013 04:37:05 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/22/2013 03:27:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537, time stamp: 0x512347f7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xfe3b35ec
Faulting process id: 0x30f0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/22/2013 02:53:24 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (12/22/2013 02:53:09 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/21/2013 07:13:17 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 57dc

Start Time: 01cefeaa7b6fe019

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: d622086b-6a9d-11e3-be87-74d02b44e247

Faulting package full name:

Faulting package-relative application ID:

Error: (12/15/2013 06:28:53 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2d0c

Start Time: 01cef9ed0c12704d

Termination Time: 8

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: a3506ce3-65e0-11e3-be86-74d02b44e247

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (12/22/2013 04:31:02 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Updater service failed to start due to the following error:
%%2

Error: (12/22/2013 04:28:26 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Updater service failed to start due to the following error:
%%2

Error: (12/22/2013 04:13:58 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Updater service failed to start due to the following error:
%%2

Error: (12/22/2013 04:05:10 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Updater service failed to start due to the following error:
%%2

Error: (12/22/2013 04:01:47 PM) (Source: Service Control Manager) (User: )
Description: The Search Protect by Conduit Updater service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/22/2013 00:20:29 PM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address 48-5B-39-D4-0D-A0. Network operations on this system may
be disrupted as a result.

Error: (12/20/2013 05:00:48 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:30:53 PM on ?12/?20/?2013 was unexpected.

Error: (12/14/2013 01:36:41 PM) (Source: DCOM) (User: POOH)
Description: App.AppXfm7j0tazaq40z1s1kc61d8q5n49sg1v8.wwa

Error: (12/14/2013 01:36:40 PM) (Source: DCOM) (User: POOH)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (12/14/2013 01:36:40 PM) (Source: DCOM) (User: POOH)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Microsoft Office Sessions:
=========================
Error: (12/22/2013 04:47:40 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: POOH)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.Windows.Desktop-2144927148

Error: (12/22/2013 04:45:45 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/22/2013 04:44:13 PM) (Source: Application Hang)(User: )
Description: PsUP.exe1.150.0.09ec01ceff5e8776b5e10C:\Program Files (x86)\PassShow\PsUP.exe23eb1ac7-6b52-11e3-be8c-74d02b44e247

Error: (12/22/2013 04:41:07 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/22/2013 04:37:05 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/22/2013 03:27:45 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7unknown0.0.0.000000000c0000005fe3b35ec30f001ceff5444d56bccC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown83a3fbd9-6b47-11e3-be87-74d02b44e247

Error: (12/22/2013 02:53:24 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (12/22/2013 02:53:09 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (12/21/2013 07:13:17 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.1653757dc01cefeaa7b6fe01915C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd622086b-6a9d-11e3-be87-74d02b44e247

Error: (12/15/2013 06:28:53 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.165372d0c01cef9ed0c12704d8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa3506ce3-65e0-11e3-be86-74d02b44e247

CodeIntegrity Errors:
===================================
  Date: 2013-09-18 14:38:44.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-18 14:24:23.850
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-18 13:36:02.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-18 13:24:54.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-18 12:52:46.399
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-18 12:09:46.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-18 11:55:43.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 23:47:10.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 23:39:45.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-17 23:20:34.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

=========================== Installed Programs ============================

Adobe Reader X (10.1.8) MUI (Version: 10.1.8)
ASUS Instant Connect (Version: 1.2.8)
ASUS InstantOn (Version: 3.0.4)
ASUS LifeFrame3 (Version: 3.1.9)
ASUS Live Update (Version: 3.1.9)
ASUS Power4Gear Hybrid (Version: 2.0.4)
ASUS Smart Gesture (Version: 1.0.36)
ASUS Splendid Video Enhancement Technology (Version: 1.03.0004)
ASUS Tutor (Version: 1.0.8)
ASUS WebStorage Sync Agent (Version: 1.1.10.123)
ATK Package (Version: 1.0.0025)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
AVG SafeGuard toolbar (Version: 17.1.3.2)
CCleaner (Version: 4.09)
Classic Shell (Version: 3.6.8)
D3DX10 (Version: 15.4.2368.0902)
EPSON WP-4020 Series Printer Uninstall
Eudora OSE (1.0) (Version: 1.0 (en-US))
Eusing Free Registry Cleaner
Galería de fotos (Version: 16.4.3505.0912)
Galerie de photos (Version: 16.4.3505.0912)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 9.17.10.2884)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
LinkSwift 3.0.0 (Version: 3.0.0)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MyBitCast 2.0 (Version: 2.0)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Photo Common (Version: 16.4.3505.0912)
Photo Gallery (Version: 16.4.3505.0912)
Qualcomm Atheros Client Installation Program (Version: 10.0)
Realtek Ethernet Controller Driver (Version: 8.3.730.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6754)
Realtek PCIE Card Reader (Version: 6.2.9200.27030)
Shared C Run-time for x64 (Version: 10.0.0)
Spybot - Search & Destroy (Version: 2.2.25)
SpywareBlaster 5.0 (Version: 5.0.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WeatherBug (Version: 7.0.0.12)
Windows Driver Package - ASUS (ATP) Mouse  (11/09/2012 1.0.0.153) (Version: 11/09/2012 1.0.0.153)
Windows Live (Version: 16.4.3505.0912)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
WinFlash (Version: 2.41.1)

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3981.65 MB
Available physical RAM: 2172.37 MB
Total Pagefile: 4685.65 MB
Available Pagefile: 2603.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.27 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:444.45 GB) (Free:408.29 GB) NTFS

========================= Users: ========================================

User accounts for \\POOH

Administrator            Guest                    Terry                   

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.23.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Terry :: POOH [administrator]

12/22/2013 10:12:38 PM
mbam-log-2013-12-22 (22-12-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208732
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe (PUP.Optional.LinkSwift.A) -> 2332 -> No action taken.
C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe (PUP.Optional.LinkSwift.A) -> 2040 -> No action taken.

Memory Modules Detected: 2
C:\Users\Terry\AppData\Local\Temp\CT408137\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\LinkSwiftBHO.dll (PUP.Optional.LinkSwift.A) -> Delete on reboot.

Registry Keys Detected: 13
HKLM\SYSTEM\CurrentControlSet\Services\Update LinkSwift (PUP.Optional.LinkSwift.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Util LinkSwift (PUP.Optional.LinkSwift.A) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> No action taken.
HKCU\SOFTWARE\LINKSWIFT (PUP.Optional.LinkSwift.A) -> No action taken.
HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
HKCR\CLSID\{323420b6-65e5-4657-8106-a27392d4d4aa} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{49fb101a-0a00-4e85-a807-8785c2d32604} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCR\Interface\{339CA35C-F74A-44C3-BD78-9CE3E8C9C560} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{323420B6-65E5-4657-8106-A27392D4D4AA} (PUP.Optional.LinkSwift.A) -> Quarantined and deleted successfully.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Terry\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> No action taken.
HKCU\Software\LinkSwift|iid (PUP.Optional.LinkSwift.A) -> Data: def_LinkSwift -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Program Files (x86)\LinkSwift (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\bin (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\bin\plugins (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\update (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\ct3306061 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\ct3306061\plugins (PUP.Optional.Conduit.A) -> No action taken.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\CT408137 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\CT408137\plugins (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 45
C:\Users\Terry\Local Settings\Temporary Internet Files\Content.IE5\HVHNEJ07\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\updateLinkSwift.InstallState (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\LinkSwift.Common.dll (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\LinkSwift.ico (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\LinkSwiftUninstall.exe (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\bin\sqlite3.dll (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.InstallState (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\bin\plugins\LinkSwift.ExtChecker.dll (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\bin\plugins\LinkSwift.FFUpdate.dll (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\bin\plugins\LinkSwift.GCUpdate.dll (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\bin\plugins\LinkSwift.IEUpdate.dll (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\update\y4n31cld.cbe.exe (PUP.Optional.LinkSwift.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\ct3306061\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\ct3306061\CT3306061.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\ct3306061\initdata.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\ct3306061\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\ct3306061\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\ct3306061\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\CT408137\CT408137.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\CT408137\ddt.csf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\CT408137\initdata.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\CT408137\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Terry\AppData\Local\Temp\CT408137\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\LinkSwift\LinkSwiftBHO.dll (PUP.Optional.LinkSwift.A) -> Delete on reboot.
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\nsk3418.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\nss1DE9.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\nst160E.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\tbConn.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\ct3306061\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\ct3306061\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\ct3306061\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\ct3306061\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\ct3306061\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\ct3306061\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Local\Temp\CT408137\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Terry\Downloads\expertpdf7.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\Terry\Downloads\tb_Conduit_brch (1).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Terry\Downloads\tb_Conduit_brch.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Terry\Local Settings\Temporary Internet Files\Content.IE5\1N2ITOW4\Setup.exe (PUP.Optional.Domalq) -> Quarantined and deleted successfully.

(end)


Edited by Queen-Evie, 22 December 2013 - 10:52 PM.
moved from Windows 8 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:38 AM

Posted 22 December 2013 - 10:48 PM

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


#3 tmaik2000

tmaik2000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 23 December 2013 - 11:03 AM

My computer will not let me run adwcleaner.exe.  It says Windows is "protecting" me.


Edited by tmaik2000, 23 December 2013 - 11:04 AM.


#4 tmaik2000

tmaik2000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 23 December 2013 - 11:16 AM

Okay.  I found the "run anyway" button and did so.

 

Here's the log:

 

# AdwCleaner v3.016 - Report created 23/12/2013 at 11:07:44
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Terry - POOH
# Running from : C:\Users\Terry\Downloads\AdwCleaner (2).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater17.1.3
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Fast Free Converter
Folder Deleted : C:\Program Files (x86)\LinkSwift
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Terry\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Terry\AppData\Local\Conduit
Folder Deleted : C:\Users\Terry\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Terry\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Terry\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Terry\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Terry\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\RegClean Pro
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\94dd8bb23fef13
Key Deleted : HKLM\SOFTWARE\94dd8bb23fef13
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_adejipnaieabipfpgddkkbahfmlkmilg]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{323420B6-65E5-4657-8106-A27392D4D4AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323420B6-65E5-4657-8106-A27392D4D4AA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323420B6-65E5-4657-8106-A27392D4D4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323420B6-65E5-4657-8106-A27392D4D4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\LinkSwift
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\LinkSwift
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LinkSwift
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [10296 octets] - [23/12/2013 11:06:14]
AdwCleaner[S0].txt - [9939 octets] - [23/12/2013 11:07:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9999 octets] ##########


#5 tmaik2000

tmaik2000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 23 December 2013 - 11:39 AM

All seemed well after reboot.  Ran JRT and here's that log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Terry on Mon 12/23/2013 at 11:19:49.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] update linkswift 
Failed to delete: [Service] update linkswift 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3331935820-4000809137-3994613529-1001\Software\sweetim
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Terry\appdata\local\cre"
Failed to delete: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Users\Terry\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/23/2013 at 11:27:33.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
THANK YOU!


#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:06:38 AM

Posted 23 December 2013 - 01:54 PM

Still getting issues?



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:38 AM

Posted 23 December 2013 - 08:42 PM

Did you click the Remove Selected button after the Malwarebytes scan> Your log says No Action Taken,

If not sure .. open it again ,update and rescan

When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
Make sure that everything is checked and then click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab.
Copy and paste the contents of that report in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users