Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Conduit Redirect
Message
<blockquote data-quote="Melbee" data-source="post: 132724" data-attributes="member: 11557"><p>Thanks for helping me with this! Here are the results:</p><p># AdwCleaner v2.306 - Logfile created 08/16/2013 at 17:18:57</p><p># Updated 19/07/2013 by Xplode</p><p># Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)</p><p># User : Melbee - MR_FANTASTIC</p><p># Boot Mode : Normal</p><p># Running from : C:\Users\Melbee\Downloads\AdwCleaner.exe</p><p># Option [Delete]</p><p></p><p></p><p>***** [Services] *****</p><p></p><p></p><p>***** [Files / Folders] *****</p><p></p><p>File Deleted : C:\END</p><p>File Deleted : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\searchplugins\Conduit.xml</p><p>File Deleted : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\searchplugins\delta.xml</p><p>Folder Deleted : C:\ProgramData\Tarma Installer</p><p>Folder Deleted : C:\Users\Melbee\AppData\LocalLow\Conduit</p><p>Folder Deleted : C:\Users\Melbee\AppData\LocalLow\PriceGong</p><p>Folder Deleted : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\jetpack</p><p>Folder Deleted : C:\Users\Melbee\AppData\Roaming\OpenCandy</p><p></p><p>***** [Registry] *****</p><p></p><p>Key Deleted : HKCU\Software\APN PIP</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\Conduit</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver</p><p>Key Deleted : HKCU\Software\Conduit</p><p>Key Deleted : HKCU\Software\InstallCore</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}</p><p>Key Deleted : HKCU\Software\YahooPartnerToolbar</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303001</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309758</p><p>Key Deleted : HKLM\Software\Conduit</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}</p><p>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc</p><p>Key Deleted : HKLM\SOFTWARE\Tarma Installer</p><p></p><p>***** [Internet Browsers] *****</p><p></p><p>-\\ Internet Explorer v10.0.9200.16660</p><p></p><p>[OK] Registry is clean.</p><p></p><p>-\\ Mozilla Firefox v22.0 (en-US)</p><p></p><p>File : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\prefs.js</p><p></p><p>C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\user.js ... Deleted !</p><p></p><p>Deleted : user_pref("CT3303001_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]</p><p>Deleted : user_pref("CT3309758_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]</p><p>Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309758&octid=CT330975[...]</p><p>Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");</p><p>Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");</p><p>Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]</p><p>Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3309758");</p><p>Deleted : user_pref("extensions.delta.admin", false);</p><p>Deleted : user_pref("extensions.delta.aflt", "babsst");</p><p>Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");</p><p>Deleted : user_pref("extensions.delta.autoRvrt", "false");</p><p>Deleted : user_pref("extensions.delta.dfltLng", "en");</p><p>Deleted : user_pref("extensions.delta.excTlbr", false);</p><p>Deleted : user_pref("extensions.delta.ffxUnstlRst", true);</p><p>Deleted : user_pref("extensions.delta.id", "4ced4cef00000000000090e6baca2627");</p><p>Deleted : user_pref("extensions.delta.instlDay", "15831");</p><p>Deleted : user_pref("extensions.delta.instlRef", "sst");</p><p>Deleted : user_pref("extensions.delta.newTab", false);</p><p>Deleted : user_pref("extensions.delta.prdct", "delta");</p><p>Deleted : user_pref("extensions.delta.prtnrId", "delta");</p><p>Deleted : user_pref("extensions.delta.rvrt", "false");</p><p>Deleted : user_pref("extensions.delta.smplGrp", "none");</p><p>Deleted : user_pref("extensions.delta.tlbrId", "base");</p><p>Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");</p><p>Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");</p><p>Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1613:39:29");</p><p>Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");</p><p>Deleted : user_pref("smartbar.machineId", "2MR2QY9FHDUQPBIJU9KCKYQCAZ4MX+BCPSGBIYVY0GLEDBIYQIHLHW5+J2QDVLHYGGT[...]</p><p></p><p>-\\ Google Chrome v28.0.1500.95</p><p></p><p>File : C:\Users\Melbee\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p></p><p>Deleted [l.72] : icon_url = "hxxp://search.conduit.com/fav.ico",</p><p>Deleted [l.75] : keyword = "search.conduit.com",</p><p>Deleted [l.79] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN35[...]</p><p>Deleted [l.80] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]</p><p>Deleted [l.2718] : homepage = "hxxp://search.conduit.com/?ctid=CT3309758&SearchSource=48&CUI=UN35977758353241520&UM[...]</p><p>Deleted [l.3535] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3309758&SearchSource=48&CUI[...]</p><p></p><p>*************************</p><p></p><p>AdwCleaner[R1].txt - [33221 octets] - [09/10/2012 13:15:36]</p><p>AdwCleaner[R2].txt - [36131 octets] - [27/01/2013 19:46:26]</p><p>AdwCleaner[R3].txt - [2276 octets] - [23/07/2013 14:52:38]</p><p>AdwCleaner[S1].txt - [36723 octets] - [27/01/2013 19:46:52]</p><p>AdwCleaner[S2].txt - [2312 octets] - [23/07/2013 14:53:08]</p><p>AdwCleaner[S3].txt - [6048 octets] - [16/08/2013 17:18:57]</p><p></p><p>########## EOF - C:\AdwCleaner[S3].txt - [6108 octets] ##########</p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Junkware Removal Tool (JRT) by Thisisu</p><p>Version: 5.4.6 (08.15.2013:1)</p><p>OS: Windows 7 Home Premium x64</p><p>Ran by Melbee on Fri 08/16/2013 at 18:32:03.24</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p></p><p></p><p></p><p>~~~ Services</p><p></p><p></p><p></p><p>~~~ Registry Values</p><p></p><p></p><p></p><p>~~~ Registry Keys</p><p></p><p>Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}</p><p>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}</p><p>Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS</p><p></p><p></p><p></p><p>~~~ Files</p><p></p><p></p><p></p><p>~~~ Folders</p><p></p><p>Successfully deleted: [Folder] "C:\ProgramData\pc1data"</p><p>Successfully deleted: [Folder] "C:\Users\Melbee\AppData\Roaming\pc cleaners"</p><p>Successfully deleted: [Folder] "C:\Users\Melbee\AppData\Roaming\pcpro"</p><p>Successfully deleted: [Folder] "C:\Users\Melbee\AppData\Roaming\startnow toolbar"</p><p>Successfully deleted: [Folder] "C:\Users\Melbee\appdata\local\cre"</p><p>Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{101758F4-6A4A-4BF7-9578-B96338C5E1B0}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{10A785D3-EE9E-4E74-AD22-55545D2AF7CA}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{249A60BB-7B16-4C66-BD8D-56DB1C2E4328}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{2B33B948-EFD7-4663-AAD6-8802F75A3CCD}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{4DB02853-589C-4D5C-A501-4E1C99EB24AE}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{5B1F3A71-56CD-4880-B5BF-356B1D726CEB}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{68938339-31DE-4B98-AF11-B3553C953A0D}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{964BA085-A1BC-443B-BBD6-44D077315C7D}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{A72FD78E-3DAF-400B-9466-48E592BEF236}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{AA79BF5D-9E17-40DE-AC10-AEDC61A7AB9F}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{B0C616F7-C4C9-49AB-85D2-D2C2192EF695}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{D0A32925-52A1-4F9A-A01E-D60EA17F6C3A}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{DCF06D7F-2B39-4C6D-A3A4-92DF6831C25F}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{EE075814-4890-4414-89FA-E798DBDD9F5A}</p><p>Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{FC158D91-7A8F-4D61-B373-DDB5B6B85BB6}</p><p></p><p></p><p></p><p>~~~ FireFox</p><p></p><p>Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"</p><p>Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"</p><p>Successfully deleted: [File] C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\extensions\kfxtbfbvkt@kfxtbfbvkt.org.xpi [Tracur]</p><p>Successfully deleted: [File] C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\invalidprefs.js</p><p>Successfully deleted the following from C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\prefs.js</p><p></p><p>user_pref("extensions.crossrider.bic", "13810fd64f8a2f5ee563b179c7eac559");</p><p>user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id}</p><p>Emptied folder: C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\minidumps [22 files]</p><p></p><p></p><p></p><p>~~~ Chrome</p><p></p><p>Dumping contents of C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default</p><p>C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default\aadededcdgdidbdedggfgbdadegbdade</p><p>C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default\aadededcdgdidbdedggfgbdadegbdade\manifest.json</p><p></p><p>Successfully deleted: [Folder] C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]</p><p>Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda</p><p>Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda</p><p></p><p></p><p></p><p>~~~ Event Viewer Logs were cleared</p><p></p><p></p><p></p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Scan was completed on Fri 08/16/2013 at 18:37:07.61</p><p>End of JRT log</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p>All processes killed</p><p>========== OTL ==========</p><p>HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!</p><p>Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96FC3743-190E-4316-9EBD-42573AD134BC}\ deleted successfully.</p><p>Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96FC3743-190E-4316-9EBD-42573AD134BC}\ not found.</p><p>Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&CUI=UN26994649939650276&UM=2&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl</p><p>Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN26994649939650276&UM=2&q=" removed from keyword.URL</p><p>Prefs.js: "TrustWorthy Customized Web Search" removed from browser.search.defaultenginename</p><p>Prefs.js: "TrustWorthy Customized Web Search" removed from browser.search.defaultthis.engineName</p><p>File C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\searchplugins\conduit.xml not found.</p><p>Use Chrome's Settings page to remove the default_search_provider items.</p><p>Use Chrome's Settings page to remove the default_search_provider items.</p><p>Use Chrome's Settings page to remove the default_search_provider items.</p><p>Use Chrome's Settings page to change the HomePage.</p><p>C:\Users\Melbee\AppData\Local\Conduit folder moved successfully.</p><p>C:\Program Files (x86)\Conduit\CT3309758\plugins folder moved successfully.</p><p>C:\Program Files (x86)\Conduit\CT3309758 folder moved successfully.</p><p>C:\Program Files (x86)\Conduit\CT3303001\plugins folder moved successfully.</p><p>C:\Program Files (x86)\Conduit\CT3303001 folder moved successfully.</p><p>C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.</p><p>C:\Program Files (x86)\Conduit folder moved successfully.</p><p>========== COMMANDS ==========</p><p> </p><p>[EMPTYTEMP]</p><p> </p><p>User: All Users</p><p> </p><p>User: Default</p><p>->Temp folder emptied: 0 bytes</p><p>->Temporary Internet Files folder emptied: 0 bytes</p><p>->Flash cache emptied: 0 bytes</p><p> </p><p>User: Default User</p><p>->Temp folder emptied: 0 bytes</p><p>->Temporary Internet Files folder emptied: 0 bytes</p><p>->Flash cache emptied: 0 bytes</p><p> </p><p>User: Melbee</p><p>->Temp folder emptied: 91704093 bytes</p><p>->Temporary Internet Files folder emptied: 5651045 bytes</p><p>->Java cache emptied: 2991697 bytes</p><p>->FireFox cache emptied: 87484720 bytes</p><p>->Google Chrome cache emptied: 334777466 bytes</p><p>->Flash cache emptied: 6671 bytes</p><p> </p><p>User: Public</p><p>->Temp folder emptied: 0 bytes</p><p> </p><p>%systemdrive% .tmp files removed: 0 bytes</p><p>%systemroot% .tmp files removed: 0 bytes</p><p>%systemroot%\System32 .tmp files removed: 0 bytes</p><p>%systemroot%\System32 (64bit) .tmp files removed: 0 bytes</p><p>%systemroot%\System32\drivers .tmp files removed: 0 bytes</p><p>Windows Temp folder emptied: 83410027 bytes</p><p>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42328155 bytes</p><p>RecycleBin emptied: 43281387088 bytes</p><p> </p><p>Total Files Cleaned = 41,895.00 mb</p><p> </p><p> </p><p>OTL by OldTimer - Version 3.2.69.0 log created on 08162013_170647</p><p></p><p>Files\Folders moved on Reboot...</p><p>C:\Users\Melbee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.</p><p>File\Folder C:\Windows\temp\TMP0000000112F2CFDDB58DDB31 not found!</p><p></p><p>PendingFileRenameOperations files...</p><p></p><p>Registry entries deleted on Reboot...</p></blockquote><p></p>
[QUOTE="Melbee, post: 132724, member: 11557"] Thanks for helping me with this! Here are the results: # AdwCleaner v2.306 - Logfile created 08/16/2013 at 17:18:57 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Melbee - MR_FANTASTIC # Boot Mode : Normal # Running from : C:\Users\Melbee\Downloads\AdwCleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\searchplugins\Conduit.xml File Deleted : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\searchplugins\delta.xml Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Melbee\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Melbee\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\jetpack Folder Deleted : C:\Users\Melbee\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Vid-Saver Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3303001 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3309758 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [Internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16660 [OK] Registry is clean. -\\ Mozilla Firefox v22.0 (en-US) File : C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\prefs.js C:\Users\Melbee\AppData\Roaming\Mozilla\Firefox\Profiles\be1qz4m5.default\user.js ... Deleted ! Deleted : user_pref("CT3303001_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("CT3309758_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3309758&octid=CT330975[...] Deleted : user_pref("Smartbar.ConduitSearchEngineList", ""); Deleted : user_pref("Smartbar.ConduitSearchUrlList", ""); Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3309758"); Deleted : user_pref("extensions.delta.admin", false); Deleted : user_pref("extensions.delta.aflt", "babsst"); Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); Deleted : user_pref("extensions.delta.autoRvrt", "false"); Deleted : user_pref("extensions.delta.dfltLng", "en"); Deleted : user_pref("extensions.delta.excTlbr", false); Deleted : user_pref("extensions.delta.ffxUnstlRst", true); Deleted : user_pref("extensions.delta.id", "4ced4cef00000000000090e6baca2627"); Deleted : user_pref("extensions.delta.instlDay", "15831"); Deleted : user_pref("extensions.delta.instlRef", "sst"); Deleted : user_pref("extensions.delta.newTab", false); Deleted : user_pref("extensions.delta.prdct", "delta"); Deleted : user_pref("extensions.delta.prtnrId", "delta"); Deleted : user_pref("extensions.delta.rvrt", "false"); Deleted : user_pref("extensions.delta.smplGrp", "none"); Deleted : user_pref("extensions.delta.tlbrId", "base"); Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16"); Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1613:39:29"); Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16"); Deleted : user_pref("smartbar.machineId", "2MR2QY9FHDUQPBIJU9KCKYQCAZ4MX+BCPSGBIYVY0GLEDBIYQIHLHW5+J2QDVLHYGGT[...] -\\ Google Chrome v28.0.1500.95 File : C:\Users\Melbee\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.72] : icon_url = "hxxp://search.conduit.com/fav.ico", Deleted [l.75] : keyword = "search.conduit.com", Deleted [l.79] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN35[...] Deleted [l.80] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...] Deleted [l.2718] : homepage = "hxxp://search.conduit.com/?ctid=CT3309758&SearchSource=48&CUI=UN35977758353241520&UM[...] Deleted [l.3535] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3309758&SearchSource=48&CUI[...] ************************* AdwCleaner[R1].txt - [33221 octets] - [09/10/2012 13:15:36] AdwCleaner[R2].txt - [36131 octets] - [27/01/2013 19:46:26] AdwCleaner[R3].txt - [2276 octets] - [23/07/2013 14:52:38] AdwCleaner[S1].txt - [36723 octets] - [27/01/2013 19:46:52] AdwCleaner[S2].txt - [2312 octets] - [23/07/2013 14:53:08] AdwCleaner[S3].txt - [6048 octets] - [16/08/2013 17:18:57] ########## EOF - C:\AdwCleaner[S3].txt - [6108 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.6 (08.15.2013:1) OS: Windows 7 Home Premium x64 Ran by Melbee on Fri 08/16/2013 at 18:32:03.24 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pc1data" Successfully deleted: [Folder] "C:\Users\Melbee\AppData\Roaming\pc cleaners" Successfully deleted: [Folder] "C:\Users\Melbee\AppData\Roaming\pcpro" Successfully deleted: [Folder] "C:\Users\Melbee\AppData\Roaming\startnow toolbar" Successfully deleted: [Folder] "C:\Users\Melbee\appdata\local\cre" Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup" Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{101758F4-6A4A-4BF7-9578-B96338C5E1B0} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{10A785D3-EE9E-4E74-AD22-55545D2AF7CA} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{249A60BB-7B16-4C66-BD8D-56DB1C2E4328} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{2B33B948-EFD7-4663-AAD6-8802F75A3CCD} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{4DB02853-589C-4D5C-A501-4E1C99EB24AE} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{5B1F3A71-56CD-4880-B5BF-356B1D726CEB} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{68938339-31DE-4B98-AF11-B3553C953A0D} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{964BA085-A1BC-443B-BBD6-44D077315C7D} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{A72FD78E-3DAF-400B-9466-48E592BEF236} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{AA79BF5D-9E17-40DE-AC10-AEDC61A7AB9F} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{B0C616F7-C4C9-49AB-85D2-D2C2192EF695} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{D0A32925-52A1-4F9A-A01E-D60EA17F6C3A} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{DCF06D7F-2B39-4C6D-A3A4-92DF6831C25F} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{EE075814-4890-4414-89FA-E798DBDD9F5A} Successfully deleted: [Empty Folder] C:\Users\Melbee\appdata\local\{FC158D91-7A8F-4D61-B373-DDB5B6B85BB6} ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old" Successfully deleted: [File] C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\extensions\kfxtbfbvkt@kfxtbfbvkt.org.xpi [Tracur] Successfully deleted: [File] C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\invalidprefs.js Successfully deleted the following from C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\prefs.js user_pref("extensions.crossrider.bic", "13810fd64f8a2f5ee563b179c7eac559"); user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id} Emptied folder: C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\minidumps [22 files] ~~~ Chrome Dumping contents of C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default\aadededcdgdidbdedggfgbdadegbdade C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default\aadededcdgdidbdedggfgbdadegbdade\manifest.json Successfully deleted: [Folder] C:\Users\Melbee\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0] Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 08/16/2013 at 18:37:07.61 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96FC3743-190E-4316-9EBD-42573AD134BC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96FC3743-190E-4316-9EBD-42573AD134BC}\ not found. Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&CUI=UN26994649939650276&UM=2&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&SearchSource=2&CUI=UN26994649939650276&UM=2&q=" removed from keyword.URL Prefs.js: "TrustWorthy Customized Web Search" removed from browser.search.defaultenginename Prefs.js: "TrustWorthy Customized Web Search" removed from browser.search.defaultthis.engineName File C:\Users\Melbee\AppData\Roaming\mozilla\firefox\profiles\be1qz4m5.default\searchplugins\conduit.xml not found. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to change the HomePage. C:\Users\Melbee\AppData\Local\Conduit folder moved successfully. C:\Program Files (x86)\Conduit\CT3309758\plugins folder moved successfully. C:\Program Files (x86)\Conduit\CT3309758 folder moved successfully. C:\Program Files (x86)\Conduit\CT3303001\plugins folder moved successfully. C:\Program Files (x86)\Conduit\CT3303001 folder moved successfully. C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully. C:\Program Files (x86)\Conduit folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Melbee ->Temp folder emptied: 91704093 bytes ->Temporary Internet Files folder emptied: 5651045 bytes ->Java cache emptied: 2991697 bytes ->FireFox cache emptied: 87484720 bytes ->Google Chrome cache emptied: 334777466 bytes ->Flash cache emptied: 6671 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 83410027 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42328155 bytes RecycleBin emptied: 43281387088 bytes Total Files Cleaned = 41,895.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 08162013_170647 Files\Folders moved on Reboot... C:\Users\Melbee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\TMP0000000112F2CFDDB58DDB31 not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... [/QUOTE]
Insert quotes…
Verification
Post reply
Top
