[RESOLVED] Help with MixDJ and search.conduit

[kanstar]

A "smart file advisor" window pops up on startup.

It says it's not currently associated to unknown files and asks if I want to run the installer to fix the problem. Should I run it?

[kanstar]

Results of screen317's Security Check version 0.99.63
Windows Vista Service Pack 2 x86
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.70.0.1100
AVG PC Tuneup 2011
CCleaner
Java(TM) 6 Update 45
Java 7 Update 21
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 11.7.700.169
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (20.0)
Google Chrome 25.0.1364.172
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

[Broni]

It looks like a safe program (http://www.filefacts.net/sfa.php) but if you don't remember installing it ot you're not using it you can say "No" and uninstall it.
I can see it in your list of installed programs.

[kanstar]

Farbar Service Scanner Version: 14-04-2013
Ran by Kennan (administrator) on 09-05-2013 at 17:23:21
Running from "C:\Users\Kennan\Downloads"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-12 16:19] - [2013-01-04 04:28] - 0905576 ____A (Microsoft Corporation) 74E2D020C47BB2B2FCCBA29A518A7EB4

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

[Broni]

Make sure you read my previous reply.

[kanstar]

I did, thank you. Probably just going to uninstall it

[Broni]

[kanstar]

C:\Users\Kennan\Downloads\Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined

[kanstar]

The mixDJ toolbar isn't popping up, but in google chrome when I go to settings, it's showing as an extension.

[Broni]

Yeah I missed that one....

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
CHR - Extension: MixiDJ V30 = C:\Users\Kennan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.16.1.21_0\

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

[kanstar]

All processes killed
========== OTL ==========
File C:\Users\Kennan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.16.1.21_0 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kennan
->Temp folder emptied: 3138353 bytes
->Temporary Internet Files folder emptied: 925973 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2233390 bytes
->Google Chrome cache emptied: 231666043 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Maggie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 227734 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 13517983 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser(179)
->Temp folder emptied: 0 bytes

User: UpdatusUser(294)
->Temp folder emptied: 0 bytes

User: UpdatusUser.Kennan-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7749 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 104 bytes

Total Files Cleaned = 240.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: IUSR_NMPR

User: Kennan
->Java cache emptied: 0 bytes

User: Maggie
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: UpdatusUser(179)

User: UpdatusUser(294)

User: UpdatusUser.Kennan-PC

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: Kennan
->Flash cache emptied: 0 bytes

User: Maggie
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: UpdatusUser(179)

User: UpdatusUser(294)

User: UpdatusUser.Kennan-PC

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05102013_125152

Files\Folders moved on Reboot...
C:\Users\Kennan\AppData\Local\Temp\VGXA35F.tmp moved successfully.
File\Folder C:\Users\Kennan\AppData\Local\Temp\~DF789.tmp not found!
File\Folder C:\Users\Kennan\AppData\Local\Temp\~DF81A.tmp not found!
File\Folder C:\Users\Kennan\AppData\Local\Temp\~DFEB5D.tmp not found!
File\Folder C:\Users\Kennan\AppData\Local\Temp\~DFEC6E.tmp not found!
File\Folder C:\Users\Kennan\AppData\Local\Temp\~DFEE74.tmp not found!
File\Folder C:\Users\Kennan\AppData\Local\Temp\~DFEF6C.tmp not found!
File\Folder C:\Users\Kennan\AppData\Local\Temp\~DFF02C.tmp not found!
File\Folder C:\Users\Kennan\AppData\Local\Temp\~DFF3CE.tmp not found!
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[kanstar]

Don't think this had any effect on the OTL fix, but under chrome settings, I selected "trash/remove from chrome" for mixDJ last night.

[Broni]

That's why OTL didn't find it.
I assume it's gone?

If so continue with other steps.

[kanstar]

Just to mention it, before starting this thread, I hit "trash/remove from chrome" for the mixDJ extension. It did not show under extensions, but still had affect. So was surprised to see it there again last night

[Broni]

Is it still there now?