Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Keeps on being directed to Tuvaro search page on Firefox


08 Aug 2014   #1

Windows 7 Home Premium x64 Service Pack 1
 
 
Keeps on being directed to Tuvaro search page on Firefox

Hi, I accidentally downloaded the Tuvaro virus (if there is such a thing) so that whenever I open Firefox I'm directed to their stupid search page:

Tuvaro

I searched online for solutions to my problem and uninstalled a program from my hard drive (sorry, but I forgot its name; something to do with search), but I cannot find any add-on or extension on Firefox that is causing this redirect. I've also reset Firefox too, but nothing changed. It's still being redirected to Tuvaro! The instructions I've found so far on the internet have not solved my problem at all.

Can anyone please help me? I've attached a few attachments that show you my problem:

http://i.imgur.com/Yv5Coix.jpg

http://i.imgur.com/gySViTT.jpg

http://i.imgur.com/WTW32PO.jpg


My System SpecsSystem Spec
.

08 Aug 2014   #2

Win-7 Home Prem 64-bit 7601 Free SP1
 
 

Hi and welcome to SevenForums,
Review Jacee’s instructions to run Adwcleaner here post #7,
Ignore the title of the thread,
Instant Savings App
Screen shot of the download button to use for Adwcleaner
You can use these free tools to see if they find anything,
Manually Update them before running full scans,
Try not to use your computer while the scans are running, (one at a time of course).
Uncheck the box to Activate the Free trial from the final install options,
Also use the Custom scan option not the Threat scan,
Select the drive to scan usually C,
If your really infected check the box to scan for Rootkits = this scan option will take several hours to complete,
Never use your machine while scans are running for best results,
Please Do Not clean/ Delete or Remove Any detections before posting the scan results first before review especially Malwarebytes,
http://www.malwarebytes.org/products/malwarebytes_free
SAS is safe to remove anything it finds
http://www.superantispyware.com/?tag=SUPERANTISPYWARE
This one is the longest up to 4 hours, the others are only about 45 minutes,
http://www.microsoft.com/security/scanner/en-us/default.aspx
My System SpecsSystem Spec
09 Aug 2014   #3

Windows 7 Home Premium x64 Service Pack 1
 
 

Hi, I followed the steps, and the problem seems to have cleared. You guys are AMAZING! I think it was the first program ( Adwcleaner) that did it! ONce again, thanks a lot!

My System SpecsSystem Spec
.


09 Aug 2014   #4

Win-7 Home Prem 64-bit 7601 Free SP1
 
 

Hi and thanks for the update,
You should post the scan results for review,
Follow up scanners might be suggested,
Cheers.
My System SpecsSystem Spec
09 Aug 2014   #5

Windows 7 Home Premium x64 Service Pack 1
 
 

Okay, that sounds like a good idea. Here is the AdwCleaner scan results. Half in this message, half in the next (since the results are over the comment box's maximum # of characters).

# AdwCleaner v3.304 - Report created 08/08/2014 at 23:59:04
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ray - RAY-PC
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : SMUpd
[#] Service Deleted : SMUpdd

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Users\Ray\AppData\Local\AVG Security Toolbar
Folder Deleted : C:\Users\Ray\AppData\Local\Conduit
Folder Deleted : C:\Users\Ray\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Ray\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Ray\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ray\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Ray\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Ray\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\bm2w9ma9.default-1378353203225\CT3279418
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\zb36slqh.default\Conduit
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\zb36slqh.default\ConduitEngine
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1q1hnd7z.default-1362847257001\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\d5alotac.default-1359866637254\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\zb36slqh.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1q1hnd7z.default-1362847257001\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\bm2w9ma9.default-1378353203225\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\d5alotac.default-1359866637254\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\sgfouzyu.default-1407532082022\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\taw2c0k1.default-1369892643916\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\zb36slqh.default\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\zb36slqh.default\Extensions\engine@conduit.com
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\zb36slqh.default\Extensions\staged\ffxtlbr@fun moods.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1q1hnd7z.default-1362847257001\Extensions\staged\ffxtlbr@mysearchdial.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\d5alotac.default-1359866637254\Extensions\staged\ffxtlbr@mysearchdial.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\zb36slqh.default\Extensions\staged\ffxtlbr@mys earchdial.com
Folder Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\bm2w9ma9.default-1378353203225\Extensions\{b7c7d4b0-7a84-4b73-a7ef-48ef59a52c3b}
File Deleted : C:\END
File Deleted : C:\ProgramData\uninstaller.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1q1hnd7z.default-1362847257001\user.js
File Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\d5alotac.default-1359866637254\user.js
File Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\taw2c0k1.default-1369892643916\user.js
File Deleted : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\zb36slqh.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Shortcut Disinfected : C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Ray\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_videolan-movie-creator_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_videolan-movie-creator_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CC34E921-67D6-4787-AE7E-D28B46A3942D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D614CF1-3340-48FD-B1FC-E69FD84ACD36}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
My System SpecsSystem Spec
09 Aug 2014   #6

Windows 7 Home Premium x64 Service Pack 1
 
 

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\1q1hnd7z.default-1362847257001\prefs.js ]


[ File : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\d5alotac.default-1359866637254\prefs.js ]

Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\sgfouzyu.default-1407532082022\prefs.js ]


[ File : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\taw2c0k1.default-1369892643916\prefs.js ]

Line Deleted : user_pref("extensions.irmysearch.aflt", "dnld2msd");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuyEyEzzyB0F0C0CyEyByByC0F0FzztC0FtN0D0Tzu0CyCtCtBtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1 Q1G1I1Q1H1B1Q");
Line Deleted : user_pref("extensions.irmysearch.cr", "708347004");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "www.google.com");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={96A0CCD2-DEE0-11E2-A8BB-4487FCC4776F}");

[ File : C:\Users\Ray\AppData\Roaming\Mozilla\Firefox\Profiles\zb36slqh.default\prefs.js ]

Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "31-5-2011");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Mon May 30 2011 16:42:23 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 159);
Line Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Mon May 30 2011 16:11:16 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Mon May 30 2011 16:11:16 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Mon May 30 2011 16:11:16 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Mon May 30 2011 16:11:16 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Mon May 30 2011 16:11:16 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Mon May 30 2011 16:11:16 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Mon May 30 2011 16:11:16 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "31-5-2011");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.3.3.2");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Mon May 30 2011 16:11:14 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Mon May 30 2011 16:11:14 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1306530423");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Mon May 30 2011 16:11:14 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246786978");
Line Deleted : user_pref("CT2786678.ToolbarDisabled", true);
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Deleted : user_pref("CT2786678.UserID", "UN00731335910377783");
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 0);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Mon May 30 2011 16:42:24 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "F");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.components.129295698017012804", false);
Line Deleted : user_pref("CT2786678.components.129315411424256896", false);
Line Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectio nUrlPattern\":\"hxxp://appdownload.conduit.com/\"}");
Line Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Tue May 31 2011 01:04:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804,1000034,129298376496232218,1293094 89763975460,5690698542593514850,129309485163350924,12931541142425[...]
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1285978514\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "L+tncv4eqt6Qm5T3dzChdA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "poKjTfHs0NrVUIalKI8jyg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"634416823708270000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1306530423\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634410529136300000\"");
Line Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 23:39:28 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 21:52:27 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "0aeeaa70-0185-41b1-9183-1e1a69e0acb6");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "1e357054-5213-47b8-aa47-48cb315ef51c");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jun 12 2011 22:00:57 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon May 30 2011 16:11:14 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "05/31/2011 02");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Mon May 30 2011 16:11:14 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon May 30 2011 16:11:14 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon May 30 2011 16:11:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon May 30 2011 16:11:14 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN83936921138046195");
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon May 30 2011 16:11:14 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue May 31 2011 01:04:32 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
Line Deleted : user_pref("extentions.y2layers.installId", "1f8c4b9f-b536-4030-9bce-539a78f56921");
Line Deleted : user_pref("extentions.y2layers.lastDnsTest", 371930);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "google.com");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={96A0CCD2-DEE0-11E2-A8BB-4487FCC4776F}");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN27242543854438309&UM=2&UP=SP34FE65A7-3F5C-4690-8B04-C7EC20796482");
Line Deleted : user_pref("smartbar.originalHomepage", "about:home");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Ray\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={96A0CCD2-DEE0-11E2-A8BB-4487FCC4776F}

*************************

AdwCleaner[R0].txt - [31123 octets] - [08/08/2014 20:40:17]
AdwCleaner[R1].txt - [31184 octets] - [08/08/2014 21:47:26]
AdwCleaner[R2].txt - [31110 octets] - [08/08/2014 23:58:19]
AdwCleaner[S0].txt - [30558 octets] - [08/08/2014 23:59:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30619 octets] ##########
My System SpecsSystem Spec
09 Aug 2014   #7

Win-7 Home Prem 64-bit 7601 Free SP1
 
 

Hi thanks for the update,
See this to run JRT and post those scan results,
I suppose you can review the entire reply by Andrew,
post-malware one problem remains: google.com redirect
My System SpecsSystem Spec
10 Aug 2014   #8

Windows 7 Home Premium x64 Service Pack 1
 
 

Hi, I followed the instructions. I turned off my anti-virus and anti-Malware programs, ran JRT and it starts scanning then nothing happens (for about 10 seconds), then nothing happens. No text file. Nothing. What happened?
My System SpecsSystem Spec
Reply

 Keeps on being directed to Tuvaro search page on Firefox




Thread Tools



Similar help and support threads for2: Keeps on being directed to Tuvaro search page on Firefox
Thread Forum
Downloaded Tuvaro, malware, cannot delete, redirects. System Security
Solved GOOGLE Search page always displayed on Firefox new page (+) openings Browsers & Mail
VZ Acess Manager Showing Search Page Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:39 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33