Conduit Trouble

Hello - having some trouble with Conduit. (Windows 8.1 - 64 bit)

Downloaded a program from Cnet, opted out of all programs, Conduit, Wajam, and others were installed anyway. Manually uninstalling everything, wiping Chrome’s browsing history, clearing the Conduit extension, changing the homepage, and nothing else worked. Following the use of:

Adw Cleaner
MalwareBytes
HitmanPro

I managed to reduce the problem significantly. However, upon starting Chrome once, it’s fine. Second start results in conduit crap popping up. Reinstallation of chrome and rerunning of all the above did not fix the problem. Uninstalled Chrome once more for the moment.

How Conduit hasn’t been sued into oblivion for this garbage is kind of amazing.

Hi,

Re-run Adwcleaner, but now make sure to hit Clean button, after the scanning is complete.
Attach me that log.

Then…

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

createsrpoint; 
StandardSearch; 
installer-list; 
installedprogs; 
uninstall-list;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

Thanks for the speedy response - I’ll be back studying for finals at this rate.

Did as you said. I forgot to mention I’ve ran Adw Cleaner multiple times and it keeps having to uninstall the same file you’ll see in the log.

Re-run zoek with this script and attach here fresh zoek log results.

emptyalltemp;
autoclean;
emptyclsid;
C:\PROGRA~2\Pando Networks;fs
lipgolpfajiadodbcbljdpmbmbdmfcil;chr
C:\Users\Andrew\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx;f
resethosts;

How are the things now?

Done.

IE hasn’t had much trouble with it. I can reinstall Chrome whenever you think I should and test it.

Ok, reinstall and tell me what is going on…

Reinstalled chrome, opened it and shut it a couple times. Seemed okay, signed in gmail. Closed it and opened it and the browser hijacker is still there.

Edit: Noticed something fishy with a chrome setting. it was reset to open certain pages. Fixed that and it stopped, although I suspect there’s still software floating around.

Can you take a ScreenShot how does it look like (hijacker)?

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

==============================

Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool.

[*]Select Yes if prompted to download the Avast database.
[*]Click Scan
[*]Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
Note: do NOT attempt any Fix yet.

Browser would open to the shown page repeatedly. Odd that it would always do it the second time Chrome was opened after running Adw Cleaner. I changed the setting and repeatedly open/shut Chrome and it hasn’t reverted.

This Conduit stuff is awful business. And thank you for your help so far!

Try resetting your Homepage? That might be it. Sometimes Conduit is uninstalled but the homepage stays…

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
cmd: netsh winsock reset
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Andrew\SkyDrive:ms-properties
cmd: ipconfig /flushdns

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Re-run Adwclaner and attach report.

Did that very early on.

And here are my new logs.

  1. Please download ComboFix by sUBs from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    note: ComboFix must be downloaded to your Desktop.

  1. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.


  1. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.


  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.

Combofix isn’t working. Says “Combofix is not meant to run in ‘compatibility mode.’ Program will now exit.”

Sorry, my mistake, ComboFix doesn’t work on Windows 8.

I’ll be away for couple of hours. We will try something different later…

Let’s try again…

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

Then…

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.

[]Shut down your protection software now to avoid potential conflicts.
[
]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[
]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]Post the contents of JRT.txt into your next message.

Then…

Re-run FRST, tick Addition.txt, press Scan and attach both reports…

Round 2 on this. It’s actually kind of interesting how many diagnostic tools there are to find and/or remove malware and the like.

Somehow Conduit get back. How do you install Chrome, from official site or using some downloader? Please do not install anything until we clean this…

Re-run zoek with this script and attach here fresh zoek log results.

createsrpoint; 
StandardSearch; 
installer-list; 
installedprogs; 
uninstall-list;

I’m getting it from the official site.

Ok, let’s try this way

Re-run zoek with this script and attach here fresh zoek log results.

[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{980A182F-E0A2-4A40-94C1-AE0C1235902E}];r
autoclean;
emptyalltemp;
chrdefaults;
shortcutfix;

Tell me how are the things now?