Hi, I will be working on your Malware issues.
Re-run
OTL.exe.
- Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&CUI=UN39353847742539125&UM=2&ctid=CT3289847
IE - HKCU\..\SearchScopes,DefaultScope = {F213A413-B343-4FA1-B4F8-8157444D4DF3}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshareus.my-quick-search.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{F213A413-B343-4FA1-B4F8-8157444D4DF3}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN39353847742539125&UM=2
[2013/08/29 19:47:56 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\Knapp\AppData\Roaming\Mozilla\Firefox\Profiles\bfjdp9si.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/08/29 19:51:14 | 000,000,000 | ---D | M] (WebProtect) -- C:\Users\Knapp\AppData\Roaming\Mozilla\Firefox\Profiles\bfjdp9si.default\extensions\{AF58FD11-7BF2-4F0E-8315-05572D38DF07}
[2013/01/05 08:07:05 | 000,004,011 | ---- | M] () (No name found) -- C:\Users\Knapp\AppData\Roaming\Mozilla\Firefox\Profiles\bfjdp9si.default\extensions\{5391280d-2dd4-11e2-8271-b8ac6f996f26}.xpi
[2013/08/29 19:48:00 | 000,001,005 | ---- | M] () -- C:\Users\Knapp\AppData\Roaming\Mozilla\Firefox\Profiles\bfjdp9si.default\searchplugins\conduit.xml
[2013/08/29 20:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN32093413418161156&ctid=CT3289847&UM=2
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN32093413418161156&UM=2
CHR - homepage: http://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN32093413418161156&UM=2
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
CHR - Extension: Web Protect = C:\Users\Knapp\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamhmngeopfinppeiiamgjhlijnmelgo\5.0_0\
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Web Protect) - {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - C:\Program Files (x86)\Web Protect\WebProtect.dll (WebProtect)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKCU..\Run: [ConduitFloatingPlugin_klibnahbojhkanfgaglnlalfkgpcppfi] C:\Program Files (x86)\Conduit\CT3289847\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [dddafcaeebaec] "C:\ProgramData\dddafcaeebaec.exe" File not found
O4 - HKCU..\Run: [Dyhuoxby] C:\Users\Knapp\AppData\Roaming\Heyb\qobu.exe File not found
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: dddafcaeebaead = C:\Users\Knapp\AppData\Local\067d037d-d29a-4f51-898c-a8ee4368b7aead\dddafcaeebaead.exe
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
:files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Program Files (x86)\Conduit
C:\Users\Knapp\AppData\Local\Conduit
:commands
[CREATERESTOREPOINT]
[emptytemp]
- Then click the Run Fix button at the top.
- Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn't appear, it can be found here:
c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log
.
1. Please download
ComboFix from here and save it to your
Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.--------------------------------------------------------------------
2. Temporarily disable your
AntiVirus program.
If you are unsure how to do this please read this or this Instruction.Instructions how to disable avast:- Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
- In the window that opens on the top right corner, click Settings.
- In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
- => Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
- In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note:
Do not forget to turn on this option after the cleaning.--------------------------------------------------------------------
3. Run
ComboFix. Click on
I Agree!ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\
ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.