magna86
8
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
File: C:\Windows\eHome\McrMgr.exe
C:\Program Files (x86)\SearchProtect
C:\Users\Donny\AppData\Local\Conduit
CMD: ipconfig /flushdns
HKCU\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Donny\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPFE1ED9D6-7464-45F8-B766-C5062532F86A&SSPV=
URLSearchHook: HKLM-x32 - (No Name) - {94625830-343a-4df0-88c1-444d195064d0} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFE1ED9D6-7464-45F8-B766-C5062532F86A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFE1ED9D6-7464-45F8-B766-C5062532F86A&q={searchTerms}&SSPV=
SearchScopes: HKCU - {A8906973-0D4D-4628-8319-0D8EACBD9E9F} URL =
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File
CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPFE1ED9D6-7464-45F8-B766-C5062532F86A&SSPV=
CHR RestoreOnStartup: "http:\/\/search.conduit.com\/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPFE1ED9D6-7464-45F8-B766-C5062532F86A&SSPV="
CHR DefaultSearchURL: http:\/\/search.conduit.com\/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPFE1ED9D6-7464-45F8-B766-C5062532F86A&q={searchTerms}&SSPV=
CHR DefaultNewTabURL:
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2251552 2013-12-16] (Conduit)
Task: {00318F82-F9D6-48CB-950D-F2D42DE5A2F4} - \BackgroundContainer Startup Task No Task File
AlternateDataStreams: C:\ProgramData\Temp:07F6D9E4
AlternateDataStreams: C:\ProgramData\Temp:1D2CC1E0
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:40C599E0
AlternateDataStreams: C:\ProgramData\Temp:6ADEA413
AlternateDataStreams: C:\ProgramData\Temp:D346F792
CMD: netsh winsock reset
2013-12-26 13:18 - 2013-12-26 13:19 - 00000000 ____D C:\Users\Donny\AppData\Local\SearchProtect
2013-12-26 13:18 - 2013-12-26 13:19 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Windows\SysWOW64\modules
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Windows\SysWOW64\js
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Windows\SysWOW64\images
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Windows\SysWOW64\html
2013-12-25 10:27 - 2013-12-25 10:27 - 00000000 ____D C:\Windows\SysWOW64\css
Hosts:
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please copy-paste it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Next …
-
Re-run FRST, just hit Scan button and attach here fresh FRST.txt logreport.
-
Re-run Zoek, click on Options > check the box for Do a Deep Scan and click on RunScript button. Please attach here fresh created zoek log.