Trovi Attached

Status
Not open for further replies.
Bud, When you run Malwarebytes and it finds the conduit entry and you checking it and having it removed ?

You need the 32 bit version of SystemLook

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :folderfind
Conduit
:filefind
Conduit
:regfind
Conduit
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Yes and...

Ken

I found the PUP conduit in a scan this morning and again this afternoon
See log below then I will try your suggest and thyen post those results.

Yes, I quarantine the PUP everytime.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/8/2014
Scan Time: 4:09:09 PM
Logfile: pup5-.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.08.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220151
Time Elapsed: 5 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[a8586f91d030ef11c6b2cf9d857f6f91]

Physical Sectors: 0
(No malicious items detected)


(end)
 
SystemLook results

SystemLook 30.07.11 by jpshortstuff
Log created at 16:25 on 08/05/2014 by budzone
Administrator - Elevation successful

========== folderfind ==========

Searching for "Conduit"
No folders found.

========== filefind ==========

Searching for "Conduit"
No files found.

========== regfind ==========

Searching for "Conduit"
No data found.

-= EOF =-
 
#31 Run again

Ken

When I first ran the steps you advised in #31 I did get a conduit node (line) in Chrome. But on that first run I had trouble seeing the rteset browser settings in Chrome.
I ran the instructions in 31 just now after resetting as described. adwCleaner found a firefox line that was weird. I ran clean
Here is that log

# AdwCleaner v3.207 - Report created 09/05/2014 at 10:44:58
# Updated 05/05/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium (32 bits)
# Username : budzone - HOMEPC
# Running from : C:\Users\budzone\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16386


-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\budzone\AppData\Roaming\Mozilla\Firefox\Profiles\dn0p235l.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=
Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh

*************************

AdwCleaner[R0].txt - [4079 octets] - [29/04/2014 16:56:08]
AdwCleaner[R1].txt - [1434 octets] - [07/05/2014 09:36:37]
AdwCleaner[R2].txt - [1553 octets] - [09/05/2014 10:43:53]
AdwCleaner[S0].txt - [4004 octets] - [29/04/2014 16:57:29]
AdwCleaner[S1].txt - [1503 octets] - [07/05/2014 09:38:24]
AdwCleaner[S2].txt - [1482 octets] - [09/05/2014 10:44:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1542 octets] ##########
 
2nd 5-9 run

Ken

Also I will be away from this pc started Satuday through M<onday night. Can you leave tyhe ticket open untill I get back?

Thanks!

Here is the log
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/9/2014
Scan Time: 11:59:36 AM
Logfile: 5-9-14noon.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.09.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220518
Time Elapsed: 5 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
Yes. Lets keep an eye on it, when you return run Malwarebytes again and see if it returns
 
Friday night, its back!

Ken

FRirefox did update security tonight but I decxided to run a scan and got this PUP
Here is the log file.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/9/2014
Scan Time: 8:09:29 PM
Logfile: 5-9-14pm2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.09.12
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista
CPU: x86
File System: NTFS
User: budzone

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220770
Time Elapsed: 5 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Users\budzone\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://search.conduit.com/?gd=&ctid=CT3325805&octid=EB_ORIGINAL_CTID&ISID=MC7C07C40-D17D-4175-BB31-27F6BC352BBB&SearchSource=55&CUI=&UM=5&UP=SPD04EF258-F5DF-4F9B-9C33-0211D70826E1&SSPV=" ],), Replaced,[738d827ef60a52ae2c60511da2626b95]

Physical Sectors: 0
(No malicious items detected)


(end)
 
Thanks!

Ken

I did uninstall Chrome. I ran a malwarebytes scan after the uninstall. All is cle:euro:an right now.

Thanks for all your help!

Bud:euro:
 
Current License - Should I update Spybot to 2.3 version?

Ken

My system showed as clean again this morning.

I am wondering if I need to upgrade spybot to 2.3. I just bought a year license at the end of March 2014. Will I need to buy another license if I update to 2.3?

Thanks!
Bud
 
I have The Home Professional version with spybot 2.2

Hi Ken

What I am reading is that when upgrading to 2.3, if I do the free route, it looks like it will negate the antivirus I just added through Spybot, leaving me without.

I am comfortable with 2.2 and the antivirus I have at this moment that I got with the March purchase, in combination with the Spybot 2.2 Professional Home Edition. I paid 13.99 US in March 2014. If the upgrade to 2.3 doesn't really make a BIG difference, I'd just wait until next March (2015). But I do not know either. Malwarebytes wants over 24.99 for year for their pay version. It feels like Vista is causing me to hit a lot of snags.

The guy that had this PC tried Windows 7 on it and he had lots of problems. This PC was given to me around 2010 and it originally had a Vista OP. He still had the disk so he donated it to me as well.

I also would feel okay if I could just pay the difference which amounts to about 10 bucks more.

I am on a fixed income and 20 bucks is a lot of money.

Thus, that is why I am asking.
I have used spybot since 2004 in one for or the another. Your service to us marginally knowledgeable PC users is really a great value!
Bud
 
Hi Bud,

What I would do is post here
http://forums.spybot.info/forumdisplay.php?4-Spybot

The people that own and run Spybot Search and Destroy are more in tune to the inner workings of Spybot than I am and they will be able to guide you through the update process

Whoever installed Windows 7 must have done a poor job because Windows Vista was not a good operating system and Windows 7 was one of the better ones to come out


Hope you find the help that you need

Ken :)
 
Bud, hope your feeling better today

If your talking about Spybot, post in the spybot forum I linked you to and they can help you straighten it out
 
Status
Not open for further replies.
Back
Top