magna86
6
Hi,
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:COMMANDS
[CREATERESTOREPOINT]
:OTL
IE - HKU\S-1-5-21-2517109920-1749011122-199570253-1002\..\SearchScopes\{FF42E0EE-48A0-4CE1-BD96-850C107EBAEE}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN28453762692623423&UM=2&SSPV=TB_CIS
CHR - Extension: WhiteSmoke New = C:\Users\Aalok\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.21.1.507_0\
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2517109920-1749011122-199570253-1002\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
33 - MountPoints2\{21caf6ce-abd9-11e2-9353-fe5f863721d6}\Shell - "" = AutoRun
O33 - MountPoints2\{21caf6ce-abd9-11e2-9353-fe5f863721d6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorunner.exe "smhfinal2009.mov"
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\autorunner.exe "smhfinal2009.mov"
@Alternate Data Stream - 60 bytes -> C:\Users\Aalok\.DS_Store:AFP_AfpInfo
:FILES
ipconfig /flushdns /c
C:\Users\Aalok\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
C:\Program Files (x86)\BitTorrentBar
C:\Program Files (x86)\ConduitEngine
C:\Users\Aalok\AppData\Roaming\SearchProtect
:COMMANDS
[EMPTYTEMP]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
-------------- next ------------------
As I see you have been download ComboFix. Run CF by following these instructions.
Scan with Combofix:
[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.
[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.
[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )
-------------- next ------------------
Re-run OTL, just hit QuickScan and post me fresh created OTL.txt logreport.