Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search Conduit


  • Please log in to reply

#1
morahbeth

morahbeth

    New Member

  • Member
  • Pip
  • 2 posts
When I open Google Chrome, a second tab opens with a search engine called Conduit. Looking at what other people have posted on different forums, it seems to be an old virus. I have Avast installed on my computer, so I'm not sure why this infected me now. I tried going to the Chrome settings and blocking the extension, and I tried removing it from the list of search engines in my settings. I also tried uninstalling files related to it as well as the djmixit toolbar that I keep seeing. Nothing works. When I close all tabs and try to reopen Chrome, and even when I restart my computer, that second tab keeps opening. I really appreciate any help you can give. Thanks.

OTL Extras logfile created on: 6/2/2013 9:09:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 44.04% Memory free
5.49 Gb Paging File | 3.47 Gb Available in Paging File | 63.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.09 Gb Total Space | 51.95 Gb Free Space | 23.71% Space Free | Partition Type: NTFS
Drive D: | 13.50 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.72 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

Computer Name: BETH-PC | User Name: Beth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, morahbeth and welcome to GeeksToGo!

You can call me Phel and today I will try to help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please note, that my answers could come with a slight delay, because they are checked by my teacher.

Okay, I see that you have run OTL scan before. Can you please search in the C:\Users\Beth\Downloads folder for the OTL.txt file. When you'll find it, please, post it contents in your next message.
  • 0

#3
morahbeth

morahbeth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks, Phel

OTL logfile created on: 6/2/2013 9:41:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beth\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 40.44% Memory free
5.49 Gb Paging File | 3.49 Gb Available in Paging File | 63.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.09 Gb Total Space | 51.94 Gb Free Space | 23.71% Space Free | Partition Type: NTFS
Drive D: | 13.50 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.72 Mb Free Space | 96.51% Space Free | Partition Type: FAT32

Computer Name: BETH-PC | User Name: Beth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/02 21:08:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beth\Downloads\OTL.exe
PRC - [2013/05/11 22:38:27 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Users\Beth\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/04/23 18:40:56 | 007,331,840 | ---- | M] (Google Inc.) -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/12/23 21:40:36 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/14 19:47:29 | 001,193,176 | ---- | M] () -- C:\Users\Beth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/02 20:38:23 | 000,128,512 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\_elementtree.pyd
MOD - [2013/06/02 20:38:23 | 000,044,032 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\_socket.pyd
MOD - [2013/06/02 20:38:22 | 000,805,888 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\wx._gdi_.pyd
MOD - [2013/06/02 20:38:22 | 000,557,056 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\pysqlite2._sqlite.pyd
MOD - [2013/06/02 20:38:22 | 000,320,512 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32com.shell.shell.pyd
MOD - [2013/06/02 20:38:22 | 000,098,816 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32api.pyd
MOD - [2013/06/02 20:38:22 | 000,070,656 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\wx._html2.pyd
MOD - [2013/06/02 20:38:22 | 000,026,624 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\_multiprocessing.pyd
MOD - [2013/06/02 20:38:22 | 000,022,528 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32ts.pyd
MOD - [2013/06/02 20:38:22 | 000,011,264 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32crypt.pyd
MOD - [2013/06/02 20:38:21 | 001,022,416 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\windows._cacheinvalidation.pyd
MOD - [2013/06/02 20:38:21 | 000,735,232 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\wx._misc_.pyd
MOD - [2013/06/02 20:38:21 | 000,364,544 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\pythoncom27.dll
MOD - [2013/06/02 20:38:21 | 000,087,040 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\_ctypes.pyd
MOD - [2013/06/02 20:38:21 | 000,017,408 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32profile.pyd
MOD - [2013/06/02 20:38:20 | 000,110,080 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\PyWinTypes27.dll
MOD - [2013/06/02 20:38:18 | 001,175,040 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\wx._core_.pyd
MOD - [2013/06/02 20:38:18 | 000,108,544 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32security.pyd
MOD - [2013/06/02 20:38:17 | 001,153,024 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\_ssl.pyd
MOD - [2013/06/02 20:38:15 | 000,711,680 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\_hashlib.pyd
MOD - [2013/06/02 20:38:15 | 000,035,840 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32process.pyd
MOD - [2013/06/02 20:38:15 | 000,025,600 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32pdh.pyd
MOD - [2013/06/02 20:38:14 | 000,811,008 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\wx._windows_.pyd
MOD - [2013/06/02 20:38:14 | 000,122,368 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\wx._wizard.pyd
MOD - [2013/06/02 20:38:14 | 000,119,808 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32file.pyd
MOD - [2013/06/02 20:38:12 | 000,038,912 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32inet.pyd
MOD - [2013/06/02 20:38:11 | 001,062,400 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\wx._controls_.pyd
MOD - [2013/06/02 20:38:11 | 000,686,080 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\unicodedata.pyd
MOD - [2013/06/02 20:38:11 | 000,127,488 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\pyexpat.pyd
MOD - [2013/06/02 20:38:11 | 000,018,432 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\win32event.pyd
MOD - [2013/06/02 20:38:11 | 000,010,240 | ---- | M] () -- C:\Users\Beth\AppData\Local\Temp\_MEI30802\select.pyd
MOD - [2013/05/23 00:44:07 | 000,393,168 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 00:44:06 | 013,136,336 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 00:43:59 | 004,051,408 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 00:43:06 | 000,599,504 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 00:43:05 | 000,124,368 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 00:43:03 | 001,597,392 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/04/23 18:29:56 | 000,231,936 | ---- | M] () -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/04/23 18:29:46 | 000,344,064 | ---- | M] () -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/04/23 18:29:28 | 000,253,440 | ---- | M] () -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/04/23 18:28:22 | 000,117,248 | ---- | M] () -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/02/27 14:33:20 | 000,026,624 | ---- | M] () -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/02/27 14:33:06 | 010,683,392 | ---- | M] () -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/02/27 14:33:02 | 001,681,408 | ---- | M] () -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/02/27 14:32:58 | 007,741,952 | ---- | M] () -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/02/27 14:32:56 | 002,248,192 | ---- | M] () -- C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/10/14 19:47:29 | 001,193,176 | ---- | M] () -- C:\Users\Beth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
  • 0

#4
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hey,

Are you sure that it is all the contents of OTL.txt file? :)

  • Open OTL.txt file, which you have found.
  • Press Ctrl+A key sequence.
  • After that press Ctrl+C key sequence.
  • Paste it directly in your next message.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP