Daemeon13 fix

Viruses and worms
1

Let me know of any problems on completion

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
SRV - [2013/02/20 07:38:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
IE - HKU\S-1-5-21-3287117543-3968447649-1982524635-1002\..\SearchScopes\{4E301A1D-7802-4C51-9A0E-2076998154FF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN14167594932895691
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3287117543-3968447649-1982524635-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-3287117543-3968447649-1982524635-1002\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-3287117543-3968447649-1982524635-1002\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKU\S-1-5-21-3287117543-3968447649-1982524635-1002..\Run: [SearchProtect] C:\Users\DT\AppData\Roaming\SearchProtect\bin\cltmng.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present

:Files
C:\Program Files (x86)\SearchProtect
C:\Users\DT\AppData\Local\Temp\_MEI54643

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2

So far so good.

Attached is the latest log file.

3

OK run OTL and press the cleanup button to remove it ;D

4

Worked like a charm.

Can’t thank you enough Essexboy. You rock!

5

My pleasure ;D

6

Essexboy,

Hello my parents seem to be having the same problem on their computer and I’m trying to help them out. I ran the OTL and got the log.

I appreciate what you’re doing helping people.
Thanks

7

you should start your own topic… the follow this guide http://forum.avast.com/index.php?topic=53253.0

attach logs from AdwCleaner / Malwarebytes / OTL / aswMBR

8

@Jenstm19

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
SRV - [2013/03/06 07:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
IE - HKLM\..\URLSearchHook: {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVis0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3020211960-2202725016-2166207477-1000\..\URLSearchHook: {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVis0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3020211960-2202725016-2166207477-1000\..\SearchScopes\{4FB52451-1BFF-448F-BB3D-741804054CB1}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287802&CUI=UN21827858211671888&UM=2
O2 - BHO: (VisualBee V.3 Toolbar) - {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVis0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (VisualBee V.3 Toolbar) - {bf9194c2-b86d-4ebc-9b53-1c08b6ff779e} - C:\Program Files (x86)\VisualBee_V.3\prxtbVis0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3020211960-2202725016-2166207477-1000\..\Toolbar\WebBrowser: (VisualBee V.3 Toolbar) - {BF9194C2-B86D-4EBC-9B53-1C08B6FF779E} - C:\Program Files (x86)\VisualBee_V.3\prxtbVis0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-3020211960-2202725016-2166207477-1000..\Run: [SearchProtect] C:\Users\Home\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-21-3020211960-2202725016-2166207477-500..\Run: [SearchProtect] C:\Users\Administrator\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
[2013/04/06 20:11:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SearchProtect
[2013/03/22 18:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/03/22 18:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VisualBee_V.3
[2013/03/22 18:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/03/22 18:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee

:Files
C:\Users\Home\AppData\Roaming\SearchProtect
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\VisualBee_V.3

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Then

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

https://dl.dropbox.com/u/73555776/AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that