1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

search.conduit.com problem

Discussion in 'Virus & Other Malware Removal' started by touk123, Jan 9, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. touk123

    touk123 Thread Starter

    Joined:
    Apr 23, 2009
    Messages:
    168
    A program on your computer has corrupted your default search provider setting for Internet Explorer.
    Internet Explorer has reset this setting to your original search provider Zynga Customized Web Search ( search.conduit.com )
    When I click ok another box pops up and tells me that Zynga Customized Web Search is disabled.
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:31:09 PM, on 1/9/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.16428)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
    C:\Windows\System32\MsSpellCheckingFacility.exe
    C:\Users\Pat\Downloads\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: FCTBPos00Pos - {028E5C1E-E93A-FBA4-F949-AFB8EC7A5B86} - C:\Program Files\Shop to Win 36\Shop to Win 36.dll (file missing)
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120912021256.dll (file missing)
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    --
    End of file - 7172 bytes

    I get these messages every time I log on to the internet. Can someone please help me get rid of this mess? Thanks in advance, touk


    HJT log
     
  2. touk123

    touk123 Thread Starter

    Joined:
    Apr 23, 2009
    Messages:
    168
    I've posted this twice and no one responds to me! Is this too difficult to remove? I'm unsure as to what to do!
     
  3. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    It is not difficult to fix, but as we are all volunteers here and there are never enough helpers to cope with the demand some people unfortunately get missed.

    Please run this program below and post the log:

    Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

    [​IMG]
     
  4. touk123

    touk123 Thread Starter

    Joined:
    Apr 23, 2009
    Messages:
    168
    Mark, I'm getting a message telling me "This program is not commonly downloaded and can cause harm to your computer." Should I ignore this or what? I'm confused even more now. BTW thanks for replying to me.
     
  5. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome. That warning is quite common, please ignore it and carry on, the software is perfectly safe.
     
  6. touk123

    touk123 Thread Starter

    Joined:
    Apr 23, 2009
    Messages:
    168
    Mark, here's the log.


    # AdwCleaner v3.017 - Report created 12/01/2014 at 17:36:51
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Pat - PAT-PC
    # Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\SpeedyPC Software
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\SpeedyPC Software
    Folder Deleted : C:\Program Files\Common Files\SpeedyPC Software
    Folder Deleted : C:\Users\Pat\AppData\Local\Conduit
    Folder Deleted : C:\Users\Pat\AppData\Local\Wajam
    Folder Deleted : C:\Users\Pat\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Pat\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Pat\AppData\Roaming\DriverCure
    Folder Deleted : C:\Users\Pat\AppData\Roaming\SpeedyPC Software
    Folder Deleted : C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Deleted : C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
    Folder Deleted : C:\Users\Pat\Documents\ShopToWin
    File Deleted : C:\END
    File Deleted : C:\Users\Pat\AppData\Local\Temp\Uninstall.exe
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
    File Deleted : C:\Program Files\Mozilla Firefox\user.js
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Deleted : HKCU\Software\8578fdcbd6dec12
    Key Deleted : HKLM\SOFTWARE\8578fdcbd6dec12
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.FCTB000100683Pos
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.FCTB000100683Pos.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Deleted : HKCU\Software\BrowserMngr
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\ParetoLogic
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\SpeedyPC Software
    Key Deleted : HKCU\Software\wscontb
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Driver-Soft
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\Software\ParetoLogic
    Key Deleted : HKLM\Software\SpeedyPC Software
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16428
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
    -\\ Mozilla Firefox v
    *************************
    AdwCleaner[R0].txt - [6165 octets] - [12/01/2014 17:28:42]
    AdwCleaner[R1].txt - [5937 octets] - [12/01/2014 17:34:45]
    AdwCleaner[S0].txt - [5948 octets] - [12/01/2014 17:36:51]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6008 octets] ##########
     
  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    That found a bit more than just Conduit. It also took out SpeedyPC and DriverCure, plus a few other items of Adware. SpeedyPC is an optimizer which is not recommended, these kind of programs are prone to cause more problems than they fix. And DriverCure should never be used, you should always go to the PC's manufacturer's site or the hardware manufacturer's site for driver updates, not rely on third party software which can make mistakes.

    We always ask for Adwcleaner to be run until it comes up with a clean log, as on occasion some items need further work to completely remove them. Please run the tool again and post the new log.
     
  8. touk123

    touk123 Thread Starter

    Joined:
    Apr 23, 2009
    Messages:
    168
    Mark, here's the second log.


    # AdwCleaner v3.017 - Report created 13/01/2014 at 13:40:42
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Pat - PAT-PC
    # Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\Users\Pat\AppData\LocalLow\iac
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HowToSimplified Search Scope Monitor]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [HowToSimplified_8e Browser Plugin Loader]
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16428

    -\\ Mozilla Firefox v
    *************************
    AdwCleaner[R0].txt - [6165 octets] - [12/01/2014 17:28:42]
    AdwCleaner[R1].txt - [5937 octets] - [12/01/2014 17:34:45]
    AdwCleaner[R2].txt - [1098 octets] - [13/01/2014 13:39:20]
    AdwCleaner[S0].txt - [6088 octets] - [12/01/2014 17:36:51]
    AdwCleaner[S1].txt - [1028 octets] - [13/01/2014 13:40:42]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1088 octets] ##########
     
  9. touk123

    touk123 Thread Starter

    Joined:
    Apr 23, 2009
    Messages:
    168
    This is the last log I ran.# AdwCleaner v3.017 - Report created 13/01/2014 at 13:48:14
    # Updated 12/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Username : Pat - PAT-PC
    # Running from : C:\Users\Pat\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16428

    -\\ Mozilla Firefox v
    *************************
    AdwCleaner[R0].txt - [6165 octets] - [12/01/2014 17:28:42]
    AdwCleaner[R1].txt - [5937 octets] - [12/01/2014 17:34:45]
    AdwCleaner[R2].txt - [1098 octets] - [13/01/2014 13:39:20]
    AdwCleaner[R3].txt - [955 octets] - [13/01/2014 13:47:10]
    AdwCleaner[S0].txt - [6088 octets] - [12/01/2014 17:36:51]
    AdwCleaner[S1].txt - [1168 octets] - [13/01/2014 13:40:42]
    AdwCleaner[S2].txt - [877 octets] - [13/01/2014 13:48:14]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [936 octets] ##########
     
  10. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Looking good, we now have a clean log, how well is the system running now?

    We can do another scan just to check your systems security is up to date.

    Download Security Check by screen317 from Here or Here.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.
     
  11. touk123

    touk123 Thread Starter

    Joined:
    Apr 23, 2009
    Messages:
    168
    SECURITY CHECK
    I'm still getting the pop up when I log in!




    Results of screen317's Security Check version 0.99.78
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    AVG PC Tuneup
    Adobe Flash Player 11.9.900.170
    Adobe Reader 10.1.8 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  12. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, as you are still seeing the problem it must be a fairly new item of Adware/Add-on which Adwcleaner is not detecting. We will do a search of the system to try and find anything related to Zynga.


    Please download SystemLook from the following link below and save it to your Desktop.



    • Double-click SystemLook.exe to run it.
    • Vista/Windows 7 users right-click and select Run As Administrator.
    • Copy and paste everything in the codebox below into the main textfield:
      Code:
      :filefind
      *zynga*
      :folderfind
      *zynga*
      :regfind
      zynga
      
    • Click the Look button to start the scan.
    • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
    • Please copy and paste the contents of that log in your next reply.
     
  13. touk123

    touk123 Thread Starter

    Joined:
    Apr 23, 2009
    Messages:
    168
    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:16 on 14/01/2014 by Pat
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "*zynga*"
    C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C8PTPC3T\zyngajs[1].js --a---- 6221 bytes [13:35 10/01/2014] [13:35 10/01/2014] 733FBAFA966F63D8FFA4AD74C77B5096
    C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\COMRUCN0\zynga_slots_logo_2_1364326753[1].jpg --a---- 14594 bytes [13:38 10/01/2014] [13:38 10/01/2014] B0C01A779EF9BADEAB26C7C87FF0C626
    C:\Users\Pat\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\0SCN54EG\zmc_header_zyngapoker_en[1].png --a---- 26711 bytes [05:47 06/12/2011] [05:47 06/12/2011] C79C586F0B72D81362FDBD27B4F21A4D
    C:\Users\Pat\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\V9MQV68K\zyngajs[1].js --a---- 6221 bytes [05:47 06/12/2011] [05:47 06/12/2011] 733FBAFA966F63D8FFA4AD74C77B5096
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\fb-fb-0.castle.zynga[1].xml --a---- 154 bytes [03:38 08/12/2011] [03:38 08/12/2011] F6A2F3D9B49F40AC94F9D161EBD6D57E
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\secure1.zynga[1].xml --a---- 125 bytes [03:03 01/12/2011] [03:03 01/12/2011] 6AB9F11EAD21851F243E4CE568B9ED49
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\zynga2-a.akamaihd[1].xml --a---- 13 bytes [05:27 21/08/2013] [05:27 21/08/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3DPOSDJ8\zynga[1].xml --a---- 18503 bytes [03:49 12/05/2012] [02:33 16/11/2012] F92E1131417CAF0EDBCD3212B6A08DF5
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\facebook2.poker.zynga[1].xml --a---- 62809 bytes [06:11 23/02/2012] [03:36 12/10/2013] 72227480440D4F8AFD7E7A732F1E5565
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\facebook2.poker.zynga[2].xml --a---- 46892 bytes [06:57 15/11/2011] [05:05 13/08/2012] 2762EA78C6409D1C4679E5BB4EEBC28C
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb-0.hidden.zynga[1].xml --a---- 529 bytes [04:14 15/06/2012] [04:14 15/06/2012] B2F12D48A6A81D264874A6968250850D
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb.bubble.zynga[1].xml --a---- 2664 bytes [04:52 10/06/2012] [05:02 10/06/2012] B55CAF86E8E1589930E2443DC05F91A8
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PRPBG2A\fb.family.zynga[1].xml --a---- 81023 bytes [05:45 21/07/2012] [04:17 27/07/2012] 0A10E3A2B5E18BDFD2020BE6B8D46043
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6M76S3PD\web.hititrich.zynga[1].xml --a---- 1334 bytes [23:10 06/11/2013] [07:13 27/11/2013] D29313B120676960865A04E37932BEDE
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\fb.bubble.zynga[1].xml --a---- 76190 bytes [06:40 12/06/2012] [06:40 12/06/2012] 71E63F0D4F7FA8F3353C6E0358877266
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\fb.slingo.zynga[1].xml --a---- 690804 bytes [14:35 28/03/2012] [03:17 01/06/2012] 11DDC3BE1E94726032D1FE0743C7B9D0
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\zlsn.poker.zynga[1].xml --a---- 68741 bytes [03:49 12/05/2012] [04:19 14/08/2012] A91554850DF86F09FC775892E08D4B8A
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAY109SF\zlsn3.poker.zynga[1].xml --a---- 119011 bytes [02:54 24/08/2012] [02:33 16/11/2012] 562F22B98B5B55C90E78DD2D24DF3C11
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ISYDKCYI\zynga2-a.akamaihd[1].xml --a---- 13 bytes [06:53 20/11/2013] [06:53 20/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OCHS6N9O\facebook2.poker.zynga[1].xml --a---- 22778 bytes [02:12 15/10/2013] [14:54 13/01/2014] 198C51DD8AA10CDE11D97BA7BC942BB0
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OCHS6N9O\fb.hot.zynga[1].xml --a---- 7607 bytes [07:19 15/10/2013] [22:42 09/12/2013] 152534B3B659239CA87389BAF203DDA5
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\T36QHEPD\fb.webslots.zynga[1].xml --a---- 27865 bytes [06:23 15/10/2013] [13:50 10/01/2014] 3DF393A10B21BFE7A43F8445EF3FF599
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\fb.slingo.zynga[1].xml --a---- 12921 bytes [23:54 19/03/2012] [04:30 08/05/2012] F064F362065C16DACCA2F9EFE610C4CD
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\fb.webslots.zynga[1].xml --a---- 47897 bytes [02:41 09/04/2013] [03:15 09/10/2013] B86BFE91595182466F13D9E117F7CE91
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\support.zynga[1].xml --a---- 13 bytes [02:57 08/09/2012] [02:57 08/09/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
    C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZXC3VFV2\zc-prod-pt-fb.frontier.zynga[1].xml --a---- 154 bytes [02:33 18/01/2012] [02:33 18/01/2012] E6C2D5DD0A339A84DC4852FB48821D16
    C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com\zynga_poker.sol --a---- 137 bytes [06:57 15/11/2011] [05:57 23/04/2012] 4963FA02C0111B13CA511CA2087E3FE6
    C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\zyngaEliteSlots.sol --a---- 79 bytes [02:41 09/04/2013] [02:41 09/04/2013] D89481042E1F1ACCD13FA27C2AF026A0
    C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net\zynga_poker.sol --a---- 194 bytes [06:11 23/02/2012] [14:54 13/01/2014] 14A00A2D19A7C8CD7446F761192366E0
    ========== folderfind ==========
    Searching for "*zynga*"
    C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net d------ [03:16 09/10/2013]
    C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\statics.poker.static.zynga.com d------ [06:57 15/11/2011]
    C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga1-a.akamaihd.net d------ [06:11 23/02/2012]
    C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\2R4F65V5\zynga2-a.akamaihd.net d------ [02:22 10/09/2013]
    C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#statics.poker.static.zynga.com d------ [06:57 15/11/2011]
    C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zynga1-a.akamaihd.net d------ [06:11 23/02/2012]
    C:\Users\Pat\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#zynga2-a.akamaihd.net d------ [02:22 10/09/2013]
    ========== regfind ==========
    Searching for "zynga"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\facebook2.poker.zynga.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.hot.zynga.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.webslots.zynga.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zynga.com]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569}]
    "DisplayName"="Zynga Customized Web Search"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaAutoUpdateHelper_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaAutoUpdateHelper_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaToolbarHelper_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZyngaToolbarHelper_RASMANCS]
    [HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\facebook2.poker.zynga.com]
    [HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.hot.zynga.com]
    [HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fb.webslots.zynga.com]
    [HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\zynga.com]
    [HKEY_USERS\S-1-5-21-3850905048-3930424578-1161102819-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0BBAC56A-AA0D-4479-A187-2C374BE32569}]
    "DisplayName"="Zynga Customized Web Search"
    -= EOF =-
     
  14. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Take a look in Programs and Features via the Control Panel and tell me if you have any Zynga related products installed and if you need them. Are you using the Zynga Poker site? I do fear that if we remove all the entries above, it should fix the problem, but if you continue to use Zynga it will soon return.
     
  15. touk123

    touk123 Thread Starter

    Joined:
    Apr 23, 2009
    Messages:
    168
    Mark, I checked the programs and feature as you suggested but I didn't see anything with Zynga on it. The only Zynga games I play are installed on Facebook which is where I play them. Any ideas for me?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1117174

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice