Jump to content

PUP. Optional. Conduit.A removal assistance


Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Link to post
Share on other sites

# AdwCleaner v3.012 - Report created 13/11/2013 at 02:45:39
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ALI - ALIONE
# Running from : C:\Users\ALI\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Users\ALI\AppData\Local\Conduit
Folder Deleted : C:\Users\ALI\AppData\Local\PackageAware
Folder Deleted : C:\Users\ALI\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ALI\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\ALI\AppData\Roaming\Searchprotect
File Deleted : C:\Users\ALI\AppData\Roaming\Mozilla\Firefox\Profiles\0ll3yo2u.default\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\ALI\AppData\Roaming\Mozilla\Firefox\Profiles\0ll3yo2u.default\searchplugins\Conduit.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtect]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\ALI\AppData\Roaming\Mozilla\Firefox\Profiles\0ll3yo2u.default\prefs.js ]

Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN24417170612182312");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN24417170612182312.IN.20131110143708");
Line Deleted : user_pref("CT3306061.installDate", "10/11/2013 14:37:10");
Line Deleted : user_pref("CT3306061.installSessionId", "{0389EAC7-DF1D-4A38-BCAC-A486D65BED55}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3306061.keyword", "true");

Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "10-11-2013 14:37:08");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3306061.xpeMode", "0");

Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");


Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "0LDOC7WCGTOBSHP73JO9NMSSDDRQCNLDPC9QK37KDBSCJ2FEQN3KQ9TVKTGFN/SLIINAHGTVVAXXKALII/6C5Q");


*************************

AdwCleaner[R0].txt - [5628 octets] - [13/11/2013 02:10:03]
AdwCleaner[R1].txt - [5688 octets] - [13/11/2013 02:17:03]
AdwCleaner[R2].txt - [5748 octets] - [13/11/2013 02:30:12]
AdwCleaner[s0].txt - [5676 octets] - [13/11/2013 02:45:39]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5736 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by ALI on Wed 11/13/2013 at  2:50:42.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77309F16-52E6-4D10-B2DB-B4004187D128}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ALI\AppData\Roaming\mozilla\firefox\profiles\0ll3yo2u.default\minidumps [21 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/13/2013 at  2:57:49.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

I found this on the eset site:

Computer scan hangs at 99% and then crashes with a blue screen

KB Solution ID: SOLN2916|Last Revised: July 29, 2013

Issue

Computer scan reaches 99% completion then crashes with blue screen (BSoD)

HOTFIX

This article was written as a hotfix to a known issue. The steps below may not resolve this issue in some cases.

 

Solution

In some cases, ESET Computer scans hang at 99% and are followed by a blue screen crash (BSoD). Though this issue is rare, our team is aware of it and working hard to resolve it. If you are experiencing this issue, we recommend that you email ESET Customer Care and include a scan log. To do so, please follow the steps in the appropriate Knowledgebase article below:

Link to post
Share on other sites

Here's what I did: a sort of "work around" -- at 99% before it could hang and crash, I generated the log file. Here are the results.



C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\cltmng.exe.vir    a variant of Win32/Conduit.SearchProtect.B application
C:\AdwCleaner\Quarantine\C\Users\ALI\AppData\Roaming\Searchprotect\bin\cltmng.exe.vir    a variant of Win32/Conduit.SearchProtect.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\SPRunner.exe.vir    a variant of Win32/Conduit.SearchProtect.D application
C:\AdwCleaner\Quarantine\C\Users\ALI\AppData\Roaming\Searchprotect\bin\SPRunner.exe.vir    a variant of Win32/Conduit.SearchProtect.D application
C:\Users\ALI\AppData\Local\Temp\tbConn.dll    a variant of Win32/Toolbar.Conduit.B application
C:\Users\ALI\AppData\Local\Temp\ct3306061\ieLogic.exe    multiple threats
C:\$Recycle.Bin\S-1-5-21-3037077486-3211791067-4127863810-1000\$RQVN6JL.exe    probably a variant of Win32/CNETInstaller.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\ChromeModule.dll.vir    probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\FirefoxModule.dll.vir    probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\bin\InternetExplorerModule.dll.vir    probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Users\ALI\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir    probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Users\ALI\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir    probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Users\ALI\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir    probably a variant of Win32/Conduit.SearchProtect.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\application.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\ffprotect\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Users\ALI\AppData\Roaming\Searchprotect\ffprotect\application.js.vir    Win32/Conduit.SearchProtect.A application
C:\AdwCleaner\Quarantine\C\Users\ALI\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir    Win32/Conduit.SearchProtect.A application

Link to post
Share on other sites

Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:

  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now

More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

after running adwcleaner for an hour, nothing came up. the log looks clean.
I think maybe a glitch? what shall I do?
thanks.

# AdwCleaner v3.012 - Report created 14/11/2013 at 10:28:51
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ALI - ALIONE
# Running from : C:\Users\ALI\Desktop\adwcleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\ALI\AppData\Roaming\Mozilla\Firefox\Profiles\0ll3yo2u.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5628 octets] - [13/11/2013 02:10:03]
AdwCleaner[R1].txt - [5688 octets] - [13/11/2013 02:17:03]
AdwCleaner[R2].txt - [5748 octets] - [13/11/2013 02:30:12]
AdwCleaner[R3].txt - [1003 octets] - [14/11/2013 09:00:42]
AdwCleaner[R4].txt - [1063 octets] - [14/11/2013 09:41:32]
AdwCleaner[R5].txt - [928 octets] - [14/11/2013 10:28:51]
AdwCleaner[s0].txt - [5816 octets] - [13/11/2013 02:45:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1047 octets] ##########
 

Link to post
Share on other sites

I rean Adwcleaner. There were no results, it seemed it wouldn't run. Then I ran Security Check and here are the results.


the  Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your system is clean now! :)

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

Your C drive is heavily fragmented - if it is NOT an SSD drive, use a tool to defrag it. DiskDefrag, for example: http://www.auslogics.com/en/software/disk-defrag/after-download/

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.