129 replies to this topic

[thinkativeone]

I wish. Guess it is off to the Windows forum for me? Just odd that this would only happen when we were working on other things. I have had something freeze up my browser for a few days also, saying "stop plugin", which plugin I am not sure. Wonder if that could be what's causing it.

[jeffce]

Yeah you can start a new topic in the Windows forum if you like. See what they have to say. The Conduit entries are more than likely going to be the problem they find as well. If you do some searches on Google about Search.Conduit you will find a lot of interesting information and Swag Bucks is a Conduit program. I can leave this topic open while you get a second opinion in the Windows forum and see what they have to say.

[thinkativeone]

Well, I guess you may have missed my post before? If you want to give me any sort of code to take it off the computer, I will. And then if the audio problem is gone, it is that program. If not, it isn't. Why don't we just try it and see before I go over there? I really do not think this is the problem because I have been using it (meaning Swagbucks, I have no interest in anything otherwise Conduit related and I'm not doubting you Conduit may be bad, just defending Swagbucks because they are legitimate) since late August-early September of last year and never had this problem till the add-ons and removal. But risking sounding repetitive, how about we just prove it? I'm happy to be proven wrong.

Edited by thinkativeone, 26 June 2013 - 06:27 PM.

[jeffce]

Hi,

I was looking over the topic and you mentioned earlier that you downloaded the add-ons that I suggested and "some other ones". Do you remember what they were? Some of them may have downloaded some additional software that was "behind the scenes".

Let's see if there is anything there in the following tools and if not I think we need to do a clean boot and see what might be causing this problem.

AdwCleaner

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

----------

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

[jeffce]

Still here?

[thinkativeone]

The some other ones were from pages recommended in your post. I already answered your question before a few pages back, I think it was on June 19th but don't quote me. ETA: After scanning and rebooting with the AdwCleaner I tested that youtube video, no difference, despite it taking Swagbucks off. So SB/Conduit is not the problem. # AdwCleaner v2.303 - Logfile created 06/29/2013 at 12:26:16 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Peter Boggs - PETERBOGGS-PC # Boot Mode : Normal # Running from : C:\Users\Peter Boggs\Desktop\AdwCleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\CT2260173 Folder Deleted : C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} Folder Deleted : C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\Smartbar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect ***** [Internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Peter Boggs\AppData\Roaming\Mozilla\Firefox\Profiles\99eglmpc.default-1363030535483\prefs.js Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT2260173.FF19Solved", "true"); Deleted : user_pref("CT2260173.FirstTime", "true"); Deleted : user_pref("CT2260173.FirstTimeFF3", "true"); Deleted : user_pref("CT2260173.SBmemberInfo.enc", "eyJzdGF0dXMiOjEsInNidHYiOnRydWUsImRhaWx5U2IiOjEsImFsbG93U2h[...] Deleted : user_pref("CT2260173.UserID", "UN18750174481412618"); Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT2260173.addressUrlXPETakeover", "true"); Deleted : user_pref("CT2260173.autoDisableScopes", -1); Deleted : user_pref("CT2260173.countryCode", "US"); Deleted : user_pref("CT2260173.defaultSearch", "false"); Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"cross[...] Deleted : user_pref("CT2260173.enableFix404ByUser", "FALSE"); Deleted : user_pref("CT2260173.enableSearchFromAddressBar", "true"); Deleted : user_pref("CT2260173.firstTimeDialogOpened", "true"); Deleted : user_pref("CT2260173.fixPageNotFoundErrorByUser", "TRUE"); Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT2260173.fixUrls", true); Deleted : user_pref("CT2260173.fullUserID", "UN18750174481412618.UP.20130626130012"); Deleted : user_pref("CT2260173.installDate", "13/5/2013 20:15:40"); Deleted : user_pref("CT2260173.installId", "dm"); Deleted : user_pref("CT2260173.installSessionId", "A2C94A5D-8EB5-44FE-8120-ADDB95166A3F"); Deleted : user_pref("CT2260173.installSp", "true"); Deleted : user_pref("CT2260173.installType", "xpe"); Deleted : user_pref("CT2260173.installerVersion", "1.4.2.3"); Deleted : user_pref("CT2260173.isCheckedStartAsHidden", true); Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2260173.isFirstTimeToolbarLoading", "false"); Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT2260173.keyword", "true"); Deleted : user_pref("CT2260173.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...] Deleted : user_pref("CT2260173.lastVersion", "10.16.4.519"); Deleted : user_pref("CT2260173.mam_gk_installer_preapproved.enc", "dHJ1ZQ=="); Deleted : user_pref("CT2260173.migrateAppsAndComponents", true); Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...] Deleted : user_pref("CT2260173.openThankYouPage", "true"); Deleted : user_pref("CT2260173.openUninstallPage", "true"); Deleted : user_pref("CT2260173.originalSearchAddressUrl", ""); Deleted : user_pref("CT2260173.revertSettingsEnabled", "false"); Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715"); Deleted : user_pref("CT2260173.search.searchCount", "2"); Deleted : user_pref("CT2260173.searchInNewTabEnabledByUser", "false"); Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT2260173.searchRevert", "false"); Deleted : user_pref("CT2260173.searchSuggestEnabledByUser", "true"); Deleted : user_pref("CT2260173.searchUserMode", "2"); Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] Deleted : user_pref("CT2260173.serviceLayer_services_Configuration_lastUpdate", "1372526498957"); Deleted : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1372018588131"); Deleted : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1372526378378"); Deleted : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372137417471"); Deleted : user_pref("CT2260173.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1368501367[...] Deleted : user_pref("CT2260173.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1368501368594")[...] Deleted : user_pref("CT2260173.serviceLayer_services_location_lastUpdate", "1372197676480"); Deleted : user_pref("CT2260173.serviceLayer_services_login_10.15.2.23_lastUpdate", "1368557918330"); Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372215330559"); Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.2.9_lastUpdate", "1370199088870"); Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.4.519_lastUpdate", "1372526498628"); Deleted : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372137417385"); Deleted : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1372526498929"); Deleted : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1372526498565"); Deleted : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372137417137"); Deleted : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1372533578975"); Deleted : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1372284079854"); Deleted : user_pref("CT2260173.settingsINI", true); Deleted : user_pref("CT2260173.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT2260173.showToolbarPermission", "false"); Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173"); Deleted : user_pref("CT2260173.smartbar.Uninstall", "0"); Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks "); Deleted : user_pref("CT2260173.startPage", "false"); Deleted : user_pref("CT2260173.toolbarBornServerTime", "14-5-2013"); Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "29-6-2013"); Deleted : user_pref("CT2260173.toolbarLoginClientTime", "Mon May 13 2013 20:16:08 GMT-0700 (Pacific Daylight T[...] Deleted : user_pref("CT2260173.versionFromInstaller", "10.16.2.9"); Deleted : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CU[...] Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2260173"); Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...] Deleted : user_pref("smartbar.machineId", "ZNKA5O1INWPOORSWZO+4SL0Y2EZFWOMD8SU/OLQUF7HN19NK3GNG2GJ7AV9J/L/FLED[...] -\\ Google Chrome v27.0.1453.116 File : C:\Users\Peter Boggs\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [16483 octets] - [12/05/2013 21:09:50] AdwCleaner[S1].txt - [16684 octets] - [13/05/2013 19:06:59] AdwCleaner[S2].txt - [9152 octets] - [29/06/2013 12:26:16] ########## EOF - C:\AdwCleaner[S2].txt - [9212 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Peter Boggs on Sat 06/29/2013 at 12:32:46.97 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\Program Files (x86)\comcasttb" ~~~ FireFox Emptied folder: C:\Users\Peter Boggs\AppData\Roaming\mozilla\firefox\profiles\99eglmpc.default-1363030535483\minidumps [97 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/29/2013 at 12:38:52.18 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by thinkativeone, 29 June 2013 - 02:11 PM.

[jeffce]

Ok I think that you would be better to start a new topic in the Windows forum so that they can take a look. With all that we have removed there should have been some improvement. It is more than likely a software problem that we are dealing with. If they can't find anything please come back and we can see what we can get done.

[thinkativeone]

On my way!

[jeffce]

Looks like by the stall in the new topic that was created in the Windows forum that you don't need help any longer?


Providing there are no other malware related problems...

As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Press the Windows key + R and this will open the Run text box. Copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)


----------

Clean up with OTL:

• Right-click and Run as Administrator OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. If you did not have Malwarebytes Antimalware before, I would keep it and run it weekly.
----------

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
----------

[jeffce]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.