Bastoche

I've tried all I can find about the problem. -Clean then immediate reinstall -Clean then reboot, then reinstall -uninstall w/ Revo and then clean registry -try to activate key with Windows Defender and Real-Time Virus Protection turned off -opening a support ticket Still nothing. mbst-grab-results.zip

Results of screen317's Security Check version 0.99.71 Windows Vista Service Pack 2 x64 (UAC is disabled!) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 18.0.1 Firefox out of Date! Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````

Seems fine. Thanks for your time and assistance. Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.03.05 Windows Vista Service Pack 2 x64 NTFSInternet Explorer 9.0.8112.16421Shoegazer :: SHOEGAZER-PC [administrator] 8/3/2013 5:21:37 PMmbam-log-2013-08-03 (17-21-37).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 245517Time elapsed: 5 minute(s), 37 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)

I don't see anything I want to keep. # AdwCleaner v2.306 - Logfile created 08/03/2013 at 15:36:30 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : Shoegazer - SHOEGAZER-PC # Boot Mode : Normal # Running from : C:\Users\Shoegazer\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\END File Found : C:\Users\Shoegazer\AppData\Roaming\Mozilla\Firefox\Profiles\krm7eab7.default\searchplugins\Conduit.xml Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Users\SHOEGA~1\AppData\Local\Temp\CT3299568 Folder Found : C:\Users\Shoegazer\AppData\Local\Conduit Folder Found : C:\Users\Shoegazer\AppData\LocalLow\Conduit Folder Found : C:\Users\Shoegazer\AppData\Roaming\Mozilla\Firefox\Profiles\krm7eab7.default\CT3299568 Folder Found : C:\Users\Shoegazer\AppData\Roaming\Mozilla\Firefox\Profiles\krm7eab7.default\extensions\{77beece6-3997-403a-92fa-0055bfcf88e5} Folder Found : C:\Users\Shoegazer\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Softonic Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Users\Shoegazer\AppData\Roaming\Mozilla\Firefox\Profiles\krm7eab7.default\prefs.js Found : user_pref("CT3299568.FF19Solved", "true"); Found : user_pref("CT3299568.UserID", "UN33640493412220023"); Found : user_pref("CT3299568.addressUrlXPETakeover", "true"); Found : user_pref("CT3299568.autoDisableScopes", -1); Found : user_pref("CT3299568.browser.search.defaultthis.engineName", "true"); Found : user_pref("CT3299568.defaultSearchXPETakeover", "true"); Found : user_pref("CT3299568.fullUserID", "UN33640493412220023.IN.20130706133902"); Found : user_pref("CT3299568.installDate", "06/07/2013 13:39:02"); Found : user_pref("CT3299568.installSessionId", "{0C0ADF2E-4777-44C8-8C1F-8C3EEFE60BFE}"); Found : user_pref("CT3299568.installSp", "TRUE"); Found : user_pref("CT3299568.installerVersion", "1.5.4.1"); Found : user_pref("CT3299568.keyword", "true"); Found : user_pref("CT3299568.originalHomepage", "about:home"); Found : user_pref("CT3299568.originalSearchAddressUrl", ""); Found : user_pref("CT3299568.originalSearchEngine", ""); Found : user_pref("CT3299568.searchRevert", "false"); Found : user_pref("CT3299568.searchUserMode", "2"); Found : user_pref("CT3299568.smartbar.homepage", "true"); Found : user_pref("CT3299568.startPageXPETakeover", "true"); Found : user_pref("CT3299568.versionFromInstaller", "10.16.4.19"); Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Found : user_pref("browser.search.defaultthis.engineName", "entrusted11 Customized Web Search"); Found : user_pref("browser.search.selectedEngine", "entrusted11 Customized Web Search"); Found : user_pref("smartbar.addressBarOwnerCTID", "CT3299568"); Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3299568"); Found : user_pref("smartbar.homePageOwnerCTID", "CT3299568"); Found : user_pref("smartbar.machineId", "RGN+EG+9+Q7APAG2GDUUU80SRQLIUZBJ+3JW9GPVJCPFBUV7LSOJGBLQIU7USFGD3P4[...] -\\ Google Chrome v28.0.1500.95 File : C:\Users\Shoegazer\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [4558 octets] - [03/08/2013 15:36:30] ########## EOF - C:\AdwCleaner[R1].txt - [4618 octets] ##########

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Shoegazer [Admin rights] Mode : Scan -- Date : 08/03/2013 14:38:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++ --- User --- [MBR] 427e00a2a3cb63d9cd10f86a25f31d1b [bSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 701204 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1436066415 | Size: 14198 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: ST375052 8AS SCSI Disk Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_08032013_143805.txt >>

I kept receiving a program error for 'hkcmd.exe' so I ran a full scan with MBAM and got those results. I googled 'Heuristics.Shuriken' and 'PUP.Optional.Conduit.A' and received a bunch of sites and forum posts with complicated instructions involving RogueKiller, etc. The logs for those problems seemed dissimilar to my own, so I didn't know what to do.

Okay. I did that and restarted. Is that all, haha? Now I feel like an idiot. My searching and trying to resolve it on my own showed me a much more involved process.

Here's my scan log. What are my next steps? Thanks in advance. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.03.05 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Shoegazer :: SHOEGAZER-PC [administrator] 8/3/2013 11:09:49 AM MBAM-log-2013-08-03 (12-36-31).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 468946 Time elapsed: 1 hour(s), 26 minute(s), 28 second(s) Memory Processes Detected: 2 C:\Users\Shoegazer\AppData\Roaming\WinRAR\hkcmd.exe (Heuristics.Shuriken) -> 3244 -> No action taken. C:\Users\Shoegazer\AppData\Local\Temp\hscvikffis\cxxqnqqrkqk.exe (Heuristics.Shuriken) -> 5236 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Keyboard Inf. (Heuristics.Shuriken) -> Data: C:\Users\Shoegazer\AppData\Roaming\WinRAR\hkcmd.exe -> No action taken. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN25421739872257645&UM=2&ctid=CT3299568) Good: (http://www.google.com) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 10 C:\Users\Shoegazer\AppData\Roaming\WinRAR\hkcmd.exe (Heuristics.Shuriken) -> No action taken. C:\Users\Shoegazer\AppData\Local\Temp\hscvikffis\cxxqnqqrkqk.exe (Heuristics.Shuriken) -> No action taken. C:\Users\Shoegazer\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Shoegazer\AppData\Local\Temp\ct3299568\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Shoegazer\AppData\Local\Temp\ct3299568\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Shoegazer\AppData\Local\Temp\ct3299568\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken. C:\Users\Shoegazer\AppData\Local\Temp\pghqsaunbskwbpkj\ljpbwoewwxug.exe (Heuristics.Shuriken) -> No action taken. C:\Users\Shoegazer\AppData\Roaming\AccurateRip\hkcmd.exe (Heuristics.Shuriken) -> No action taken. C:\Users\Shoegazer\AppData\Roaming\Adobe\hkcmd.exe (Heuristics.Shuriken) -> No action taken. C:\Users\Shoegazer\AppData\Roaming\OpenCandy\F883B10D1FD84A83BB6CB62B84A97EBF\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> No action taken. (end)