Ok,
Start >Control Panel>Program and Feauter;
Uninstall/Remove the following:
Vuze Remote Toolbar (Version: 6.8.9.0 - Vuze Remote)
note: do not remove Vuze, just it’s toolbar
FreemakeTB Toolbar (Version: 6.9.0.16 - FreemakeTB)
note: do not remove Freemake Video Converter, just it’s toolbar
Next . . .
The following FRSTScript (FixList) shall remove these policies, bad toolbars (if they are lefted) who came within legitimate applications (Conduit conceal behind them), related services…and some malware extension. Zoek tool shall just attempt to fix some broken settings.
Thereafter, post me fresh FRST.txt logreport.
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Start
C:\Program Files\Vuze_Remote
C:\Program Files\FreemakeTB
C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\keigpnkjljkelclbjbekcfnaomfodamj
C:\Program Files\Common Files\Motive
C:\Users\Charlie\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx
C:\Users\Charlie\AppData\Local\Temp\*.exe
C:\Users\Charlie\AppData\Local\Temp\*.dll
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Chloe\...\Policies\system: [LogonHoursAction] 2
HKU\Chloe\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Chloe\...\Policies\system: [DisableRegistryTools] 2
HKU\Chloe\...\Policies\system: [DisableChangePassword] 1
HKU\Chloe\...\Policies\system: [DisableTaskMgr] 1
HKU\Chloe\...\Policies\system: [DisableLockWorkstation] 1
URLSearchHook: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
URLSearchHook: HKLM - FreemakeTB Toolbar - {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files\FreemakeTB\prxtbFree.dll (Conduit Ltd.)
URLSearchHook: HKCU - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
URLSearchHook: HKCU - FreemakeTB Toolbar - {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files\FreemakeTB\prxtbFree.dll (Conduit Ltd.)
SearchScopes: HKCU - {09345F7B-2336-49FB-85FB-A0E51CE9AA34} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3214568
BHO: FreemakeTB Toolbar - {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files\FreemakeTB\prxtbFree.dll (Conduit Ltd.)
BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
Toolbar: HKLM - Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
Toolbar: HKLM - FreemakeTB Toolbar - {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files\FreemakeTB\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKCU - Vuze Remote Toolbar - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
Toolbar: HKCU - FreemakeTB Toolbar - {ADCA5064-9E30-43FE-9856-58B07A3149FE} - C:\Program Files\FreemakeTB\prxtbFree.dll (Conduit Ltd.)
CHR Extension: (如意淘:同款比价,价格曲线,降价提醒) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\keigpnkjljkelclbjbekcfnaomfodamj [2012-09-19]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-09-03]
CHR HKLM\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Charlie\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx [2012-09-20]
CHR HKCU\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Charlie\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx [2012-09-20]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
AlternateDataStreams: C:\ProgramData\TEMP:A9F04799
End
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
Next . . .
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
ResetWMI;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
Re-run FRST, just hit Scan button and post me fresh created FRST.txt logreprot.